Awesome work. I'd highly recommend NIP-98, if you at all get a chance to look at it. It's just an auth header to a server, and it scales really well. The extensions can already sign events, so it's easy. NIP07 is used in a bunch of places, and I use it in nosdav for personal storage too. I see this pattern scaling to billions of users.
This little shim contains all the code
There is also a proposal for NIP-97 by nostr:npub12262qa4uhw7u8gdwlgmntqtv7aye8vdcmvszkqwgs0zchel6mz7s6cgrkj which uses NIP-98 https://github.com/nostr-protocol/nips/pull/1042
I added support for this in Nostur but there are no websites or services that support his yet.
nostr:note1wau0nztza2alhuqlkku240k549nu6e4vdwv8yjhkmtcyzcuduglshqleq2
Not sure I understood this. It looks less secure than NIP-98. If it relies on NIP-98, why not just log in with NIP-98? NIPs generally are against 2 ways of doing the same thing.
It is logging in with NIP-98. NIP-97 just defines the flow between the website or service and another app that has your key.
