It's buggy, and uses an alternative flow that was shoehorned into the nips and almost impossible for clients like Ditto to support.
Discussion
You don’t have to use the OAuth flow. I login with the bunker connection string with some apps. Haven’t noticed any issues yet, but I don’t use it every day.
The problem is the part where you have to open a link to nsec.app as part of the login flow. This really should not be in the nips. It's a hacky workaround for the fact it's a PWA, and very difficult to surface to the user in some situations (like Ditto where this is happening in a backend as part of an http request).
Do you mean to approve the connection? I usually just keep my nsec.app dashboard open on the initial connection. I use the bunker connection string with my app notacomment which is a node.js app and has no frontend.
Here’s my bunker connection flow: