Create a session token like JWT, easy to work with and only requires a single request. although I'm not sure if that would break NIP-98