While it's not very clear in the nip, I've used auth on my relays for over a year and it only works to authenticate *whitelisted users*. Ephemeral npubs or any alternative npubs that is not allowed to read or write to the relay and will be rejected. I find this thread confusing to say the least.
Discussion
It depends on the relay.
That's what it sounds like in the NIP but I don't know of any other examples out there besides whitelisting users. What would even be the purpose of an ephemeral authorization event otherwise?