Oddbean

Yes, there is even no need to confirm logging to a new app themselves. They will only use one app: snort/coracle. I want to approve them once on the main device that stores the main key. I think it could be implemented simply by changing the code of snort/coracle to use window.nostr.nip04.encrypt/decrypt and window.nostr.signEvent/getPublicKey - so the same nsec-npub keypair in the extension will be used to communicate with the bunker, instead of generating a temporary nsec-npub keypair on every session.

Oh that's an interesting idea of using extension key as app key... need to think it through. Meanwhile, if they're gonna use just one app, they could try to log in as your main key on their device, you would confirm on main device, add needed permissions (manually or on request) and then they'd just keep using it? If they'd need to re-login you'd have to confirm again, but once the session is created they should be able to use it just fine?

I wouldn’t want them to keep a session open on their laptop but it’s an interesting idea to keep a session open on their smartphone. I’m writing this note from coracle that I added to my home screen as an app (the session even survived a reboot of my iPhone). Do you know of Android apps that support nsecbunker login? Primal/Amethyst?

It's just a way for you to mark this session as "I shared it with this npub". If you gave someone access by confirming a login on their device and then mark a session using this option, then you'd be able to filter the activity and connections on the key's screen - you'll be able to select "yourself" or "that npub you shared with". This is some beginnings of shared access, just for reporting.