the idea of my main nostr private key being handed to random nostr apps for signing random application events seems crazy. the number of popups to sign seemingly random events is too great and blindly signing events is a horrible idea.

why can’t I login to some nostr app by signing a single event with my main key, where that single event is me authorizing an auto generated, application-specific identity that the app can go wild with?

in retrospect, ive reinvented oauth2.

why don’t we use oauth2 in nostr?