I am thinking of adding this to nostr-login, it will need server-side support by the app ofc. 

Questions:
- do you think there is any particularly good approach we could take that would help us make otp server api a nip?
- what if instead of server issuing a session token client would generate a session key and sign otp with it, the server could use this npub as session id, client could use standardized stuff like nip98 to sign requests, etc. Is this a  good idea?