Hi which browser/OS? Can you try again please, I just logged in two times myself, seems fine 

 You can import your nsec into nsec.app, it's stored in your browser. 

 Not soon, focusing on nsec.app atm 

 You can also sign up to nsec.app, import your keys and use it's nip05 to sign in. Although iOS needs some settings for that to work, but it won't require an extension and should work with PWAs 

 With nsec.app are you using your <name>@nsec.app ? If it's 'loading indefinitely' - can you please try opening nsec.app in another tab - does it go through then? 

 Sovereign isn't very precise. Non-custodial has much more exact meaning of 'not giving your keys to us'. But I agree that this terminology only matters for small number of people, so it will probably evolve. 

 nsec.app and nip46 login? on iOS you need to go to settings advanced experimental and enable push api, and then install nsec.app as pwa, then it should work and do signing in the background 

 Try opening nsec.app in a separate tab to see if starts working better. For nsec.app to work without a tab, it needs push notifications enabled in the browser, that seems to require google play services install and giving them some perms https://grapheneos.org/usage#sandboxed-google-play-installation
Please let me know if you try this and have some feedback. Thanks! 

 nsec.app requires web push notifications enabled, that would require installation of google play services and giving them some perms https://grapheneos.org/usage#sandboxed-google-play-installation
I haven't tried it, please let me know if you make it work. 

 Create account does feel strange vs what's really happening (create keys). Any alternative naming?
Sign in seems fine to me especially with nip46, the details of what's happening don't seem to matter much.  

 > If there was an easy-to-use package like Bitcoin Connect that with one line allows the app to show a connection UI, and then exposes a NIP-07 interface to the client

There are nostr-login and window.nostr.js and nostr-ignition 

 Try this nostr:note1059p6ulldm7frlcyyf4lq4fvfpc2e9tkrsvpvwzxadfsrk9xnutqjdvt6z 

 NIP49 encrypted nsec export coming asap 

 You can edit or transfer usernames now, please reload/update the app and click the ... menu near your name. 

 Tell us more please  

 Hey, thanks for the feedback! No there isn't a UX guy who checks everything so thanks for trying. I'm looking at your DMs, happy to discuss everything there or publicly.  

 Not sure why it's even there, will check  

 Excited! 

 It works - was able to sign in with nip46! Do you plan to support showing auth_url?  

 I have a couple people that want to use it, we'll see how it goes for them. Maybe you'll unfollow or block them right away, or maybe they'll see some engagement here and start paying a bit more attention.  

 I am pretty sure now you guys won't use it, but this tools wouldn't exist without some people requesting it. They might be wrong and their use of this tool will turn against them. We won't know until they try it. 

 I actually agree with your hypothesis, but now we'll run the experiments and see for real. 

 Thanks! 

 Try https://connect.nos.social/ 

 Exactly. 

 It should include the links, although I need to check that  

 Replies too 

 Thanks for the report, do you have any context of where that happened? At what stage of the set up process? 

 Ok thanks will check  

 Just enter tim@nsec.app at xtonostr login form  

 Did you sign up through the nsec app itself, or through the oauth signup flow from another app?
Asking for new kind is probably due to app requesting to sign something right after you sign in. The other million permissions should be just one - connect to the app (this could probably be avoided, I could bundle it into create account button itself). Browser permission is a must, unfortunately.
If you have any ideas on how to improve it I'd be very happy. 

 Which other app? I will check what kinds it's signing after sign up, maybe add them to basic perms. 

 @Kieran how about we make apps declare the perms they'd like to have from bunkers? So that connect requests could show the exact list of perms the app needs (not some default list), and also create_account would grant all those perms and thus wouldn't result in extra perm requests right after signup? 
Those could go to nostr.json in some separate section. Could also go to app's nip89 announcement, but the domain would have to point to that first, so it's less direct.
cc @fiatjaf @PABLOF7z  

 Would be great. Same needed for create_account. It could be a comma-separated list of requested perms "perm1,perm2", each perm being nip46-method + optional param (kind, peer pubkey etc), like "sign_event:1" or "nip04_decrypt" or "nip04_encrypt:peer_pubkey_hex". Wdyt? 

 Btw you can self-host nsec.app if you don't want to store users' nsecs on your server. 

 Nsec export is on the roadmap. 

 I use pubkey=url.hostname || url.pathname.split('//')[1] or some such to make it cross-browser. 

 You can also try nsec.app 

 Any plans for nip46 @wavlake? 

 Nice! 

 Looking good! 

 Thanks! There are actually lots of issues with using it on multiple devices, but I am gradually solving them  

 Why can't I zap you? 

 Self host nsec.app service, if you're so inclined!
nostr:nevent1qqsypkkdlppj0ue35llvqkxyzjrf9aguj7qhsd4pvjgpyhup464z5qgpz3mhxue69uhhyetvv9ujumn0wd68ytnzvupzpvftvvkgslcvsuw3grfhhjmw0s0p4qpxf59hm6p9t2se28v7rlmeqvzqqqqqqydg7pjg 

 Sorry, no proof. It's not working well :(
First there were nsec.app's popup showing up and disappearing. I've fixed that, apologies.
Now window.nostr.js doesn't notice the actual reply after auth_url popup is shown and I confirm, reply to 'connect' is delivered but nothing happens (still on login screen). I have to retry connecting (enter nip05, click connect), and since the same local key is reused the perms are already assigned, no auth_url is sent and then it gets through.
Also the modal doesn't fit the screen on mobile.
Also Logout should probably clear the local key, otherwise it's not really logout. 

 That key has permissions granted. If it stays anyone can relogin in the app without me confirming, or can copy the key from localstore and reuse in other apps and devices. I click logout on a public pc to make sure noone from this pc can access my account.  

 I think it's a common action for logout button to clear local session info - cookies, token etc. Client might ask the server to destroy the token too if that's supported, but client should act in the interest of user and do it's best to destroy the session info locally. Well at least that's how I always thought about it. 

 Me too, great, thanks! 

 Thanks for the heads up! Indeed I forgot is has to be published by bunker key and have proper nip05. Published, now visible in window.nostr.js and other places.
Also nostrapp.link didn't have nip05 editable field for apps, added - nip46 providers can now use this app to publish their nip89 announcements.  

 I don't think we should have 'login with nsec.app' buttons or any other provider-specific naming/branding deployed by apps. People are kind of used to remembering and entering their email to sign in to apps, so entering nip05 should not be a huge friction, it's very familiar. The @domain part can be auto-completed based on a published list of providers to simplify things. 

Popups can be avoided - you can redirect users to auth_url instead of showing a popup. The question of callback_url remains, there is no standard for it out there, if you're ready to advocate for it you can join the new-nip46 discussion on github.

Btw I will also try showing auth_url in an iframe, not popup - should provide more control over how it looks and behaves. 

You feedback was noted and I have issues for it on our github. 

 You don't have to rely on an extension any more - there is remote key access protocol nip46, try nsec.app as one implementation.
There is Amber offline signer for Android, not sure if it plans/supports QR codes though. 

 No upfront costs with nsec.app 

 Ok thanks, I've submitted an issue. 

 Another app with remote key access support!
nostr:nevent1qvzqqqqqqypzpm7r06tl5nadv70yvjm6vxzqpxmucas94n4sch6kk3jd9wvx5c8sqyghwumn8ghj7mn0wd68ytnhd9hx2tcppemhxue69uhkummn9ekx7mp0qqsyjvlesl7umqzddp85glh278hdz935we3kjp6uhfrcv0chvpdwj6c9nzm8l 

 We will have 'advanced' section in nostr-login form to allow users to input bunker url, right now any bunker that supports new oauth-flow can be used (by entering name@bunkerdomain.com instead of @nsec.app in login).  

 I logged in, closed the satcom tab, then re-opened - by profile name and avatar were gone. I tried to publish a reply - it seems it published under the local nip46 keys that you're using to talk to the real keys. 

 @Derek Ross I need your feedback on the nsec.app, don't keep it secret 😉  

 Cool! Let me know if you try nostr-login and have any issues or feedback  

 It works! Signed in using artur@nsec.app on mobile

nostr:nevent1qqs89mm4apvplslmratwptmw96pcdzqgfygaa82vpwhpf2dd4xk0mtspz3mhxue69uhhyetvv9ujumn0wd68ytnzvupzqwlsccluhy6xxsr6l9a9uhhxf75g85g8a709tprjcn4e42h053vaqvzqqqqqqysf3hsw 

 Sounds great, thanks! 

 You have to register on nostr.directory afaik 

 Well kind 3 seems to be "I am reading from here only" whereas 10002 is "I am reading mentions from here, and everything else I read from write relays of people".