ian-h-chamberlain.com
To actually work properly as an appview, there needs to be some way of authenticating and segmenting users. Probably the way to do this would be to set a cookie on login, which includes the auth token, refresh token, and maybe also private key from the profile record?
I could imagine this as some kind of auth middleware that builds a client for the user's PDS if they have the appropriate cookie set, otherwise serves a login page. We might also need a DID or something to know if their token is actually valid, or maybe the JWT somehow encodes that info already?
See some details here for how the token storage might be implemented... idk if I'll do all that but it seems like a good reference.