Return to Bitkit after Pubky Ring auth

[piotr-iohk]

Problem or use case

Bitkit starts Pubky Ring authentication by opening a pubkyauth:// URL and then waits for relay approval via completePubkyAuth(). After approval in Pubky Ring, the user is not reliably returned to Bitkit because Bitkit does not pass or handle Ring callback parameters.

Pubky Ring supports auth callbacks via x-success, x-error, x-cancel, and x-source (with legacy callback fallback), so Bitkit should use them to restore the user to the correct Bitkit state after Ring auth.

See: pubky/pubky-ring#259

Proposed solution

Append x-callback parameters to the generated Pubky auth URL before opening Ring:

• x-success=bitkit://pubky-auth/success
• x-cancel=bitkit://pubky-auth/cancel
• x-error=bitkit://pubky-auth/error
• x-source=Bitkit

Handle those callback routes in Bitkit:

• Success: return to Bitkit and continue the existing relay-based completion/import flow.
• Cancel: cancel pending auth and reset the Pubky auth UI state.
• Error: cancel pending auth, reset state, and show a useful error message.

Keep completePubkyAuth() as the source of truth for the session secret unless product decides to move to Pubky Ring's separate session callback flow.

Alternatives considered

No response

Additional context

This should be implemented for both Android and iOS for parity.