h3. Issue Summary When users authenticate on Confluence, this information should be update last login date as well as add as new events on the audit log when full coverage is enabled for the Security category. Requests made with personal access tokens (PAT) for REST API won't create a new entry on the audit log. h3. Steps to Reproduce # Install a vanilla instance of Jira Software Data Center. ** This was validated on Confluence 8.5.11 but dates back from initial PAT implementation. # Run a sample REST API call using basic authentication. {code:java} curl -v -u user001:user001 'confluence-Base-URL/rest/api/content' {code} # Search for new events on the Audit Log and notice the User login successful event. # Check last login date from Confluence user administration screen # Run the same REST API call using a personal access token (PAT). {code:java} curl -v -H 'Authorization: Bearer user001-token' 'confluence-Base-URL/rest/api/content' {code} # Search for new events on the Audit Log as well last login date from Confluence user administration screen h3. Expected Results * A new User login successful event is logged as part of the REST API request. * The last login details are updated h3.  Actual Results No new event is added. Last login details aren't updated This makes auditing inconsistent when personal access tokens (PAT) are used. Additionally a lot of our customer disable users based on their last login date. This behaviour breaks the said flow. h3….Read More