Oddbean new post about login | logout So nostr tools has the nip46 now? Nice! Have you taken a look at nsec.app ? Sorry for inadvertently competing with you, I started nostr-login a while ago before learning about nostr-ignition
I have briefly had a look but I'm not sure I totally get it. Is it remote signing (bunker style) or is it an extension. Storing your keys in the browser makes it sounds like an extension....
There is an announcement, it runs nip46 server in browser service worker, and uses a custom server to wake the sw up when needed. No extensions, works on mobile. nostr:nevent1qqsyfmy0hqpzgghm2yf4vqwgzj6lu8pkm4zuk2pshqfd2rg7hy27zggpr4mhxue69uhkummnw3ez6ur4vgh8wetvd3hhyer9wghxuet5qgsrx4k7vxeev3unrn5ty9qt9w4cxlsgzrqw752mh6fduqjgqs9chhgrqsqqqqqp4l4w45
Ok – I've watched the demo and I played with nsec.app. So nsec.app isn't talking to any backend unless you explicitly tell it to do the cloud sync? I created an account there and then was able (after a few false starts) to get signed into nostrudel using that key. When I tried to use the same nip-05 on my phone, it seemed like it was connecting but never finished the connection and I couldn't log in. So I'm not sure, do I need to logged into nsec.app on my phone too? And in the same browser on my phone? I also didn't set a password when I created the nsec (wasn't asked) but then when I go to sign into nsec.app on my phone, i am asked for a password so I'm not sure what to do there. I think the idea sounds like a cool one. E.g. not having a custodial nsecbunker could be a good thing, but the UX here is extremely confusing at the moment.
Thanks for trying it! Nsec.app does talk to a backend - to subscribe and get woken-up when there are pending nip46 calls on a relay. But nsec doesn't leave the device unless "Cloud sync" is enabled. I think I will make the "enter password - get your keys synched" the default flow, advanced users could disable it. The OAuth flow isn't working well from a new device/browser, that hasn't been handled yet. For now you'd have to log in (through cloud sync) or import key into that other browser manually before connecting to new apps there. It is confusing, because the app looks like a normal web app that's supposed to work across devices and show the same data, but underneath it's not (yet) like that, because it's non-custodial. But that's all fixable and on the roadmap.
Definitely all fixable, but I'd take some time to really think through the user journey here. It's a completely new paradigm so it's going to be hard to grok.
The 'oauth on another device' issue is partially fixed now - if there is another active device/browser that can send authUrl then you'll see login screen first, and if you login it will proceed to asking for confirmation etc. The unresolved case of 'there are no active devices that can send authUrl' stays, will be fixing it differently.
https://nsec.app/ is amazing and nostr-login even more, but I want to compete with you both now because I think I have a slightly different take on the matter.