diff --git a/cmd/vault-auth-plugin-example/main.go b/cmd/vault-auth-plugin-example/main.go
index d1a37d2..6b0f181 100644
--- a/cmd/vault-auth-plugin-example/main.go
+++ b/cmd/vault-auth-plugin-example/main.go
@@ -81,12 +81,17 @@ func Backend(c *logical.BackendConfig) *backend {
 }
 
 func (b *backend) pathAuthLogin(_ context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
+	b.Logger().Debug("login requested")
+
 	password := d.Get("password").(string)
 
 	if subtle.ConstantTimeCompare([]byte(password), []byte("super-secret-password")) != 1 {
+		b.Logger().Error("login failed", "err", logical.ErrPermissionDenied.Error())
 		return nil, logical.ErrPermissionDenied
 	}
 
+	b.Logger().Trace("login succeeded")
+
 	// Compose the response
 	return &logical.Response{
 		Auth: &logical.Auth{
@@ -107,10 +112,14 @@ func (b *backend) pathAuthLogin(_ context.Context, req *logical.Request, d *fram
 }
 
 func (b *backend) pathAuthRenew(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
+	b.Logger().Debug("auth renew requested")
 	if req.Auth == nil {
+		b.Logger().Error("login failed")
 		return nil, errors.New("request auth was nil")
 	}
 
+	b.Logger().Trace("auth renew succeeded")
+
 	secretValue := req.Auth.InternalData["secret_value"].(string)
 	if secretValue != "abcd1234" {
 		return nil, errors.New("internal data does not match")