What if we use OIDC. You're building your app and you want to allow nostr login. Your app uses OIDC via a nostr ID provider. This nostr ID provider connects with an app you have on your phone which is where your nsec is. Whenever you click "login with nostr" the nostr app uses OIDC and pings the nostr ID provider. Nostr ID provider then provides a NIP-97 auth URI back to the nostr app. Nostr app displays this URI as a QR code. Using the app on your phone, you scan this QR code. This will then prompt you to confirm you want to log into this site, and even what info you'd like to share with this site. All your personal info is stored only locally on device in the app and you could even create different profiles for different sites. Once you confirm, your app sends that in the form of NIP-97 auth message to nostr ID provider. Nostr ID provider then creates session token, refresh token and ID token and gives it back to nostr app. Voila you're logged in and you never had to enter your nsec anywhere.