Bug report
- [ x] I confirm this is a bug with Supabase, not with my own application.
- [ x] I confirm I have searched the Docs, GitHub Discussions, and Discord.
Describe the bug
The official Identities docs (https://supabase.com/docs/guides/auth/identities) document:
last_sign_in_at: "The timestamp that the identity was last used to sign in."
updated_at:: "The timestamp that the identity was last updated."
In practice, last_sign_in_at is set ONCE at identity creation and never touched again on subsequent sign-ins through that identity. updated_at is the column actually touched on each sign-in.
This was noted in passing in #1577 ("even the last_sign_in_at didn't change after a successful email-OTP login") but that issue was closed as "more of a question" without addressing the last_sign_in_at part.
To Reproduce
Steps to reproduce the behavior, please provide code snippets or a repository:
- Sign up via Google OAuth on day 1.
- Sign out and sign in again via Google on day N>1.
- Query: SELECT created_at, last_sign_in_at, updated_at FROM auth.identities WHERE user_id = '...' AND provider = 'google';
- Observe: last_sign_in_at == created_at (frozen at day 1), updated_at == day N (correct).
Expected behavior
last_sign_in_at is updated on each sign-in via the identity, as the documentation states.
OR if the current behavior is intentional and updated_at is the authoritative "last sign-in" column — the docs should be corrected to reflect that, and the field arguably renamed in a future schema migration (e.g. first_sign_in_at).
Screenshots
Security-page surfaces ("last signed in with Google: ") that read from last_sign_in_at show stale data forever. Devs reading the docs build incorrect UX. The fix is either a one-line update in the sign-in code path or a docs correction.
System information
- OS: [e.g. macOS, Windows]
- Browser (if applies) [e.g. chrome, safari]
- Version of supabase-js: [e.g. 6.0.2]
- Version of Node.js: [e.g. 10.10.0]
Additional context
Add any other context about the problem here.
Bug report
Describe the bug
The official Identities docs (https://supabase.com/docs/guides/auth/identities) document:
last_sign_in_at: "The timestamp that the identity was last used to sign in."
updated_at:: "The timestamp that the identity was last updated."
In practice,
last_sign_in_atis set ONCE at identity creation and never touched again on subsequent sign-ins through that identity.updated_atis the column actually touched on each sign-in.This was noted in passing in #1577 ("even the last_sign_in_at didn't change after a successful email-OTP login") but that issue was closed as "more of a question" without addressing the last_sign_in_at part.
To Reproduce
Steps to reproduce the behavior, please provide code snippets or a repository:
Expected behavior
last_sign_in_atis updated on each sign-in via the identity, as the documentation states.OR if the current behavior is intentional and
updated_atis the authoritative "last sign-in" column — the docs should be corrected to reflect that, and the field arguably renamed in a future schema migration (e.g.first_sign_in_at).Screenshots
Security-page surfaces ("last signed in with Google: ") that read from
last_sign_in_atshow stale data forever. Devs reading the docs build incorrect UX. The fix is either a one-line update in the sign-in code path or a docs correction.System information
Additional context
Add any other context about the problem here.