auth-worker doesn't systematically log the IP