My plan for Soapbox + Nostr onboarding UX is to have it generate a 12-word seed on the client. You see it once and are told to write it down, then it disappears forever. It gets stored securely in the browser and can then be used to sign events. To recover your session, you need the 12-word seed.
This is the basic normie flow for mass adoption. There are other options, including NIP-07 signing with a browser extension like Alby, and NIP-46 support where you can sign events remotely using a dedicated signer app. You can also import by seed or nsec.
Technical info: I'm making the ServiceWorker a signer. You can send it messages like generateSeed, signEvent, decrypt, etc. When you generate the seed, the ServiceWorker generates it within the worker context and stores it in the Web Cache API. Which is an absolutely insane thing to do, but it will work. It sends the seed back to the client exactly _once_ when you generate it, and you can never retrieve it again because the worker will block fetches to it. But the worker itself can access it and sign your events. This is Vegan Mad Science.
This is the basic normie flow for mass adoption. There are other options, including NIP-07 signing with a browser extension like Alby, and NIP-46 support where you can sign events remotely using a dedicated signer app. You can also import by seed or nsec.
Technical info: I'm making the ServiceWorker a signer. You can send it messages like generateSeed, signEvent, decrypt, etc. When you generate the seed, the ServiceWorker generates it within the worker context and stores it in the Web Cache API. Which is an absolutely insane thing to do, but it will work. It sends the seed back to the client exactly _once_ when you generate it, and you can never retrieve it again because the worker will block fetches to it. But the worker itself can access it and sign your events. This is Vegan Mad Science.