Auth event webhooks or an SDK callback for login/logout events.

Here's a draft you can post or adapt.

Authentication event logging: the workarounds and the gap

I've been working on a rental assistance portal for a nonprofit client that handles sensitive household data, and I ran into a question I think other Base44 builders will eventually hit: how do you log authentication events for compliance and audit purposes?

I asked support and got two workarounds worth sharing.

The first is base44.appLogs.logUserInApp(), which records when a user lands on a page after authentication. It's not a true auth event, but it gives you a session-entry trail in the Analytics dashboard.

The second is more useful in my opinion. On any page that requires authentication, you can call base44.auth.me() on load and write a record to your own AuditLog entity. Something like:

const user = await base44.auth.me(); if (user) {  await base44.entities.AuditLog.create({  event_type: 'session_start',  user_email: user.email,  user_id: user.id,  timestamp: new Date().toISOString(),  }); }

That gives you a verified, identity-linked session record you control and can query later.

Here's the gap, and support confirmed this. True authentication events like login attempts, failed logins, logouts, and MFA challenges all happen at the platform layer. There is currently no hook or webhook that surfaces these to app-level code. If someone tries to brute-force an account, you don't see it. If a session ends, you can't tell whether the user logged out cleanly or just closed the tab.

For most apps this probably doesn't matter. For anything subject to compliance requirements, funder reporting, or audit standards (think HUD-funded programs, healthcare-adjacent data, financial information), it matters quite a bit.

A few questions for the community and the Base44 team:

1. Is anyone else solving this in a different way? I'd love to see other patterns.

2. Are native auth event hooks on the roadmap? Even read-only access to login attempts and logout events would close most of the gap.

3. For those building in regulated spaces, how are you documenting the limitation when you hand off to clients or auditors?