diff --git a/app.js b/app.js
index 48e5110..e939f13 100644
--- a/app.js
+++ b/app.js
@@ -19,6 +19,7 @@ const CLIENT_SECRET = 'gitea-secret';
 
 // Nostr relays for fetching user metadata
 const NOSTR_RELAYS = [
+  'wss://relay.laantungir.net',
   'wss://relay.damus.io',
   'wss://nos.lol',
   'wss://relay.nostr.band',
diff --git a/views/login.ejs b/views/login.ejs
index caa8d80..88c6b3d 100644
--- a/views/login.ejs
+++ b/views/login.ejs
@@ -3,7 +3,7 @@
 <head>
     <meta charset="UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <title>Nostr Login - OIDC Bridge v2.1</title>
+    <title>Nostr Login - OIDC Bridge v2.2</title>
 </head>
 <body>
     <div id="login-container">
@@ -21,7 +21,7 @@
         
         <!-- Version header -->
         <div style="text-align: center; margin: 10px 0; padding: 8px; background: #e3f2fd; border: 1px solid #2196f3; border-radius: 4px; font-weight: bold; color: #1976d2;">
-            🚀 Nostr OIDC Bridge v2.1 - Form Auth + event_json fix
+            🚀 Nostr OIDC Bridge v2.2 - Fixed npub scope + relay update
         </div>
         
         <!-- Target div for nostr-login widget -->
@@ -29,7 +29,7 @@
         
         <!-- Version info -->
         <div style="position: fixed; bottom: 10px; right: 10px; font-size: 14px; color: #333; background: rgba(255,255,255,0.95); padding: 6px 12px; border-radius: 6px; border: 1px solid #ddd; font-weight: bold;">
-            v2.1 - Form Auth + event_json fix
+            v2.2 - Fixed npub scope + relay update
         </div>
     </div>
 
@@ -144,7 +144,7 @@
                 }
                 
                 // Submit to backend
-                await submitAuthToBackend(sessionId, pubkey, signedEvent);
+                await submitAuthToBackend(sessionId, pubkey, signedEvent, npub);
                 
             } catch (error) {
                 console.error('Authentication error:', error);
@@ -155,9 +155,24 @@
             }
         }
 
-        async function submitAuthToBackend(sessionId, pubkey, signedEvent) {
+        async function submitAuthToBackend(sessionId, pubkey, signedEvent, npub) {
             try {
-                console.log('Submitting auth to backend...');
+                console.log('✅ Submitting auth to backend...');
+                console.log('📋 Form data:', {
+                    sessionId,
+                    npub: npub ? `${npub.substring(0, 20)}... (length: ${npub.length})` : 'undefined',
+                    pubkey: pubkey ? `${pubkey.substring(0, 20)}... (length: ${pubkey.length})` : 'undefined',
+                    eventContent: signedEvent.content.substring(0, 20) + '...'
+                });
+                
+                // Validate inputs before submission
+                if (!npub) {
+                    throw new Error('npub is required but not provided');
+                }
+                
+                if (!signedEvent || !signedEvent.sig) {
+                    throw new Error('Valid signed event is required');
+                }
                 
                 // Create a form and submit it traditionally to allow proper redirects
                 // This avoids CORS issues when redirecting to external domains like Gitea
@@ -169,7 +184,7 @@
                 const npubField = document.createElement('input');
                 npubField.type = 'hidden';
                 npubField.name = 'npub';
-                npubField.value = npub; // Use the properly encoded npub
+                npubField.value = npub;
                 form.appendChild(npubField);
                 
                 const eventField = document.createElement('input');
@@ -180,11 +195,22 @@
                 
                 // Add form to document and submit
                 document.body.appendChild(form);
-                console.log('Submitting form for authentication...');
+                console.log('🚀 Submitting form for authentication...');
+                
+                // Add timeout to prevent infinite waiting
+                setTimeout(() => {
+                    if (isProcessing) {
+                        console.warn('⚠️ Form submission timeout - authentication may have failed');
+                        showError('Authentication timed out. Please try again.');
+                        isProcessing = false;
+                        document.body.removeChild(form);
+                    }
+                }, 30000); // 30 second timeout
+                
                 form.submit();
                 
             } catch (error) {
-                console.error('Backend submission error:', error);
+                console.error('❌ Backend submission error:', error);
                 throw error;
             }
         }