diff --git a/neurofusion/server/controllers/user.js b/neurofusion/server/controllers/user.js
index ca49e7c0..4c6a7e0e 100644
--- a/neurofusion/server/controllers/user.js
+++ b/neurofusion/server/controllers/user.js
@@ -30,11 +30,21 @@ exports.tokenValidator = async (req, res, next) => {
     const token = req.headers["authorization"].split(" ")[1];
     const decoded = jwt.verify(token, process.env.JWT_SECRET);
 
-    const user = await db.UserMetadata.findOne({
-      where: {
-        userGuid: decoded.userGuid,
-      },
-    });
+    let user;
+
+    if (decoded.userPubkey) {
+      user = await db.UserMetadata.findOne({
+        where: {
+          userPubkey: decoded.userPubkey,
+        },
+      });
+    } else if (decoded.userGuid) {
+      user = await db.UserMetadata.findOne({
+        where: {
+          userGuid: decoded.userGuid,
+        },
+      });
+    }
 
     if (!user) {
       return res.status(401).json({
@@ -101,9 +111,6 @@ exports.validateLogin = async (req, res) => {
       res.status(200).json({
         body: {
           userGuid: userMetadata.userGuid,
-          magicLinkAuthToken: userMetadata.magicLinkAuthToken,
-          magicflowToken: userMetadata.magicflowToken,
-          neurosityToken: userMetadata.neurosityToken,
           authToken,
         },
       });
@@ -139,12 +146,23 @@ exports.validateNostrLogin = async (req, res) => {
   }
 
   try {
-    // TODO: log the pubKey in db
-    // now try to save the account / generate one
+    // fetch/create user
+    const [userMetadata, _] = await db.UserMetadata.findOrCreate({
+      where: {
+        userPubkey: req.body.pubkey,
+      },
+    });
+
+    // update last seen
+    await userMetadata.update({
+      userLastLogin: new Date(),
+    });
+
     // connect to the relayPool and then drop message
     const userInfo = {
-      pubkey: req.body.pubkey,
+      userPubkey: req.body.pubkey,
     };
+
     const authToken = jwt.sign(userInfo, process.env.JWT_SECRET, {
       expiresIn: process.env.JWT_EXPIRY,
     });
@@ -176,23 +194,6 @@ exports.validateNostrLogin = async (req, res) => {
 
     await relay.connect();
 
-    let sub = relay.sub([
-      {
-        // ids: ["be5230ede4d50912ea7d8f989209b9e70c168c8dc930b29bcf66cd8f889bd3ca"],
-        authors: [serverPublicKey],
-        // kinds: [4],
-        // "#p": [publicKey],
-        // since: loginTimestamp,
-      },
-    ]);
-    sub.on("event", (event) => {
-      console.log("we got the event we wanted:", event);
-      // console.log("decoding...");
-      // const decoded = await nip04.decrypt(credentials!.privateKey, serverPublicKey!, event.content);
-      console.log("access token", decoded);
-      // authToken = decoded;
-    });
-
     // we sign the message with fusion server private key
     event.id = getEventHash(event);
     event.sig = getSignature(event, serverPrivateKey);
diff --git a/neurofusion/server/migrations/20230831135502-switch-usermetadata-to-npub.js b/neurofusion/server/migrations/20230831135502-switch-usermetadata-to-npub.js
new file mode 100644
index 00000000..549f6d93
--- /dev/null
+++ b/neurofusion/server/migrations/20230831135502-switch-usermetadata-to-npub.js
@@ -0,0 +1,36 @@
+"use strict";
+
+/** @type {import('sequelize-cli').Migration} */
+
+module.exports = {
+  async up(queryInterface, Sequelize) {
+    /**
+     * Add altering commands here.
+     *
+     * Example:
+     * await queryInterface.createTable('users', { id: Sequelize.INTEGER });
+     */
+    await queryInterface.changeColumn("UserMetadata", "userEmail", {
+      allowNull: true,
+    });
+    await queryInterface.addColumn("UserMetadata", "userPubkey", {
+      type: Sequelize.STRING,
+      allowNull: true,
+      unique: true,
+    });
+    await queryInterface.removeColumn("UserMetadata", "magicLinkAuthToken");
+    await queryInterface.removeColumn("UserMetadata", "neurosityToken");
+    await queryInterface.removeColumn("UserMetadata", "magicflowToken");
+    await queryInterface.removeColumn("UserMetadata", "magicflowLastFetched");
+  },
+
+  async down(queryInterface, Sequelize) {
+    /**
+     * Add reverting commands here.
+     *
+     * Example:
+     * await queryInterface.dropTable('users');
+     */
+    await queryInterface.removeColumn("UserMetadata", "userNpub");
+  },
+};
diff --git a/neurofusion/server/models/usermetadata.js b/neurofusion/server/models/usermetadata.js
index 9fdc898d..86c5bf26 100644
--- a/neurofusion/server/models/usermetadata.js
+++ b/neurofusion/server/models/usermetadata.js
@@ -15,7 +15,7 @@ module.exports = (sequelize, DataTypes) => {
     {
       userEmail: {
         type: DataTypes.STRING,
-        allowNull: false,
+        allowNull: true,
         unique: true,
       },
       userGuid: {
@@ -24,10 +24,11 @@ module.exports = (sequelize, DataTypes) => {
         allowNull: false,
         unique: true,
       },
-      magicLinkAuthToken: DataTypes.TEXT,
-      neurosityToken: DataTypes.TEXT,
-      magicflowToken: DataTypes.TEXT,
-      magicflowLastFetched: DataTypes.DATE,
+      userPubkey: {
+        type: DataTypes.STRING,
+        allowNull: true,
+        unique: true,
+      },
       userLastLogin: DataTypes.DATE,
       userConsentUsage: {
         type: DataTypes.BOOLEAN,