I don't think we should have 'login with nsec.app' buttons or any other provider-specific naming/branding deployed by apps. People are kind of used to remembering and entering their email to sign in to apps, so entering nip05 should not be a huge friction, it's very familiar. The @domain part can be auto-completed based on a published list of providers to simplify things. 

Popups can be avoided - you can redirect users to auth_url instead of showing a popup. The question of callback_url remains, there is no standard for it out there, if you're ready to advocate for it you can join the new-nip46 discussion on github.

Btw I will also try showing auth_url in an iframe, not popup - should provide more control over how it looks and behaves. 

You feedback was noted and I have issues for it on our github.