but how does that let you sign events????
Just finished implementing nostr:npub1l2vyh47mk2p0qlsku7hg0vn29faehy9hy34ygaclpn66ukqp3afqutajft's OAuth flow on Flare🔥!
The experience of creating an account, on Flare, then logging into that account on nostr:npub13myx4j0pp9uenpjjq68wdvqzywuwxfj64welu28mdvaku222mjtqzqv3qk without ever touching keys or an extension is magical 🪄
It is so clear that this is the future of the web
Test it out here:
Discussion
The nsec lives in the nsecbunker (on a server somewhere). So whenever an event needs to be signed, the raw event is sent as a payload to the bunker where it is signed and returned.
so, if i sign in with flare, then oauth to coracle, how much information does flare get about where and what i'm requesting to be done indirectly via the bunker?
it is convenient, sure, but it seems like a honeypot of data for the sites you use as intermediaries
i think using legacy second party authentication for this is a bad security decision