Then the user shouldn’t specify an auth-required relay in their list ? 🤷

Perhaps the auth request allow-listing should be per relay not just site.

I also don’t think a client should connect to arbitrary relays not already approved. The minimum intersection of my explicit relays and those I follow should be all I’d normally expect client connections to. If clients just keep expanding the relay list dynamically as part of the social graph I don’t see how everybody doesn’t end up hitting malicious relays with no control over it.