Oddbean new post about login | logout I would not copy the way we do private zaps right now. It just sucks because it requires special decrypting methods from signing apps to resolve them.
Defined the existing scheme here, hopefully can spark some debate on how to do derive the keys properly, however idk if there's a way to do with it without access to the private key. https://github.com/nostr-protocol/nips/pull/1064