I am also reviewing this RFC, the successor to OAuth2, to see if it could be implemented with Nostr

https://www.rfc-editor.org/rfc/rfc9767.html