diff --git a/internal/apps/oauth/audit.go b/internal/apps/oauth/audit.go
new file mode 100644
index 0000000..3b05b8e
--- /dev/null
+++ b/internal/apps/oauth/audit.go
@@ -0,0 +1,46 @@
+/*
+Copyright 2025 linux.do
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package oauth
+
+import (
+	"context"
+	"encoding/json"
+
+	"github.com/gin-gonic/gin"
+	"github.com/linux-do/credit/internal/logger"
+	"github.com/linux-do/credit/internal/model"
+)
+
+func LogForAudit(ctx context.Context, user *model.User, c *gin.Context) {
+	auditLog := loginRequiredAuditLog{
+		UserID:     user.ID,
+		Username:   user.Username,
+		ClientIP:   c.ClientIP(),
+		Method:     c.Request.Method,
+		Path:       c.Request.URL.Path,
+		RequestURI: c.Request.RequestURI,
+		UserAgent:  c.Request.UserAgent(),
+		Referer:    c.Request.Referer(),
+	}
+	auditJSON, err := json.Marshal(auditLog)
+	if err != nil {
+		logger.ErrorF(ctx, "[LoginRequiredAudit] marshal failed: %v", err)
+		logger.InfoF(ctx, "[LoginRequiredAudit] %s %d %s", c.ClientIP(), user.ID, user.Username)
+	} else {
+		logger.InfoF(ctx, "[LoginRequiredAudit] %s", auditJSON)
+	}
+}
diff --git a/internal/apps/oauth/middlewares.go b/internal/apps/oauth/middlewares.go
index c0fc013..3447153 100644
--- a/internal/apps/oauth/middlewares.go
+++ b/internal/apps/oauth/middlewares.go
@@ -17,13 +17,11 @@ limitations under the License.
 package oauth
 
 import (
-	"encoding/json"
 	"net/http"
 
 	"github.com/gin-gonic/gin"
 	"github.com/linux-do/credit/internal/common"
 	"github.com/linux-do/credit/internal/db"
-	"github.com/linux-do/credit/internal/logger"
 	"github.com/linux-do/credit/internal/model"
 	"github.com/linux-do/credit/internal/otel_trace"
 	"github.com/linux-do/credit/internal/util"
@@ -61,23 +59,8 @@ func LoginRequired() gin.HandlerFunc {
 			return
 		}
 
-		auditLog := loginRequiredAuditLog{
-			UserID:     user.ID,
-			Username:   user.Username,
-			ClientIP:   c.ClientIP(),
-			Method:     c.Request.Method,
-			Path:       c.Request.URL.Path,
-			RequestURI: c.Request.RequestURI,
-			UserAgent:  c.Request.UserAgent(),
-			Referer:    c.Request.Referer(),
-		}
-		auditJSON, err := json.Marshal(auditLog)
-		if err != nil {
-			logger.ErrorF(ctx, "[LoginRequiredAudit] marshal failed: %v", err)
-			logger.InfoF(ctx, "[LoginRequiredAudit] %s %d %s", c.ClientIP(), user.ID, user.Username)
-		} else {
-			logger.InfoF(ctx, "[LoginRequiredAudit] %s", auditJSON)
-		}
+		// log
+		LogForAudit(ctx, &user, c)
 
 		// set user info
 		util.SetToContext(c, UserObjKey, &user)
diff --git a/internal/apps/oauth/routers.go b/internal/apps/oauth/routers.go
index 0daac35..44e71e4 100644
--- a/internal/apps/oauth/routers.go
+++ b/internal/apps/oauth/routers.go
@@ -103,6 +103,8 @@ func Callback(c *gin.Context) {
 		return
 	}
 
+	LogForAudit(ctx, user, c)
+
 	c.JSON(http.StatusOK, util.OKNil())
 }