Auth Audit Logs
Monitor and track authentication events with audit logging.
Auth audit logs provide comprehensive tracking of authentication events in your Supabase project. Audit logs are automatically captured for all authentication events and help you monitor user authentication activities, detect suspicious behavior, and maintain compliance with security requirements.
What gets logged
Supabase auth audit logs automatically capture all authentication events including:
- User signups and logins
- Password changes and resets
- Email verification events
- Token refresh and logout events
Storage options
By default, audit logs are stored in two places:
- Your project's Postgres database - Stored in the
auth.audit_log_entriestable, searchable via SQL but uses database storage - External log storage - Cost-efficient storage accessible through the dashboard
You can disable Postgres storage to reduce database storage costs while keeping the external log storage.
Configuring audit log storage
- Navigate to your project dashboard
- Go to Authentication
- Find the Audit Logs under Configuration section
- Toggle on "Disable writing auth audit logs to project database" to disable database storage
Disabling Postgres storage reduces your database storage costs. Audit logs will still be available through the dashboard.
Log format
Audit logs contain detailed information about each authentication event:
12345678910{ "timestamp": "2025-08-01T10:30:00Z", "user_id": "uuid", "action": "user_signedup", "ip_address": "192.168.1.1", "user_agent": "Mozilla/5.0...", "metadata": { "provider": "email" }}Log actions reference
| Action | Description |
|---|---|
login | User login attempt |
logout | User logout |
invite_accepted | Team invitation accepted |
user_signedup | New user registration |
user_invited | User invitation sent |
user_deleted | User account deleted |
user_modified | User profile updated |
user_recovery_requested | Password reset request |
user_reauthenticate_requested | User reauthentication required |
user_confirmation_requested | Email/phone confirmation requested |
user_repeated_signup | Duplicate signup attempt |
user_updated_password | Password change completed |
token_revoked | Refresh token revoked |
token_refreshed | Refresh token used to obtain new tokens |
generate_recovery_codes | MFA recovery codes generated |
factor_in_progress | MFA factor enrollment started |
factor_unenrolled | MFA factor removed |
challenge_created | MFA challenge initiated |
verification_attempted | MFA verification attempt |
factor_deleted | MFA factor deleted |
recovery_codes_deleted | MFA recovery codes deleted |
factor_updated | MFA factor settings updated |
mfa_code_login | Login with MFA code |
identity_unlinked | An identity unlinked from account |
Limitations
- There may be a short delay before logs appear
- Query capabilities are limited to the dashboard interface