As I'm reviewing lnurl-pay implementations in advance of developing my own, I find that the "invoices" macaroon is not so useful without info permissions. Fundamentally, a LNURL-pay server ought to know

• that the node is synced to chain / available
• the node pubkey
• ???

Anyway, while searching I found that this topic was brought up many years ago here: #2236 and closed with the suggestion that the gRPC client should be given two separate macaroons.

This is difficult in practice, not least of which because most (all?) libraries do not discriminate based on endpoint, and it is then up to the client to track which macaroons have which permissions and go with which gRPC calls.

Yes, I understand that a custom macaroon could be baked, but given the (hopefully increasing) popularity of LNURL-pay, lightning address, etc., it would be nice to add this permission to the invoice macaroon by default.

Otherwise, you get situations like this: https://github.com/benthecarman/lnurl-server/blob/master/README.md where extremely experienced people like @benthecarman are recommend the use of admin.macaroon, which seems like a bad practice.

Thanks for considering.