They authorize Snort just like they use most OAuth flows (“do you allow this app to connect to your nostr account?”)