HTTP auth (NIP 98) … is an interesting approach. So a user (somehow) authenticates their nsec with a web client (still haven’t fixed this part) and this client then lays an auth cookie in the user’s browser which can be validated by other clients? And what about when these other clients request “additional” permissions not covered by the cookie? Seems tricky to handle Nostr auth without actual live access (somehow) to the nsec for signing…?