I appreciate your feedback and I intend to revisit this with better scrutiny when I a little more time read & think, as I still believe a direct-to-signer model like this would be ideal. 

>  not sure which parts of nip46 leak anything, can you provide details?
If the encryption keypair ever leaks, event sniffers that stored your previous messages will be able to decrypt them in the future. This simply isn't a concern if they can't be sniffed in the first-place. I think I'm mostly arguing surface area here, since dms are using the same encryption anyway, its more about the possibly leaky keypair. 

I think I saw you mention nip42.
Were still trusting relay servers to follow the rules, and with signers I want an option that can avoid that if possible. I think relay servers should pretty much be trusted as dumb databases.

Also, I am rolling my own OAuth2 but it's part of my web framework to your point actually.  

 As discussed, nip46 can't work in practice with untrusted relay, just treat it as part of the signer service.