This is how it works now, but since NIP-42 lets the relay send the auth challenge anytime it wants. some relays send it as soon as the client connects