A special linkingKey can be used to login user to a service or authorise sensitive actions. This preferrably should be done without compromising user identity so plain LN node key can not be used here. Instead of asking for user credentials a service could display a "login" QR code which contains a specialized LNURL.
See here for extensive outline of the protocol and auth flow.
Authentication happens LnUrlAuthenticator.class
Configure the QR-code image generation
LN-Url requires https, therefor for testing purposes use ngrok or similar tools to proxy to your local environment. Set the frontend-url in the Real Settings | General tab to something like : https://[subdomain].ngrok.io/auth/ and set the Web Origins in the client settings to https://[subdomain].ngrok.io
What users see:
