We are building an alternative to this in Plurality Network. We have an embedded wallet as well with MPC TSS in the background (Lit protocol - which is open source) but none of the part of the key is stored on our servers.
For each new application, we create a “Profile” against the wallet address for that particular application. Once logged in, the server gives a session against that profile, and popup-less signing can take place.
Moreover, the application can store application-specific data in the user’s profile as well, which gets encrypted and stored using the profile keys created through TSS in the network. Only the user with the correct authentication can decrypt it - no one else. In your case, the application state could be something like access to channels, social graph, like, comments, upvotes or anything like that.
The application state and session can be accessed on any other device that the user logs in to - if the user allows.
The wallet part uses MPC-TSS, and the Profile Part uses Verifiable Credentials.
Happy to run you over the solution and see if it fits your needs.