event.authentication
(Optional)
|
Details about authentication signals obtained during the login flow.
Includes the following properties:
-
methods Array of objects.
Contains the authentication methods a user has completed during
their session.
Array elements:
-
riskAssessment Optional object.
Details about risk assessments obtained during the login or
password reset flow.
Includes the following properties:
|
event.authorization
(Optional)
|
An object containing information describing the authorization granted
to the user who is logging in.
Includes the following properties:
-
roles Array of strings.
An array containing the names of a user's assigned roles.
|
event.client
|
Information about the Client with which this login transaction was
initiated.
Includes the following properties:
-
client_id String.
The client id of the application the user is logging in to.
-
metadata Dictionary.
An object for holding other application properties.
-
name String.
The name of the application (as defined in the Dashboard).
|
event.connection
|
Details about the Connection that was used to authenticate the user.
Includes the following properties:
-
id String.
The connection's unique identifier.
-
metadata Optional dictionary.
Metadata associated with the connection.
-
name String.
The name of the connection used to authenticate the user (such as
twitter or some-g-suite-domain ).
-
strategy String.
The type of connection. For social connections,
event.connection.strategy === event.connection.name .
For enterprise connections, the strategy is
waad (Windows Azure AD), ad (Active
Directory/LDAP), auth0 (database connections), and so
on.
|
event.organization
(Optional)
|
Details about the Organization associated with the current
transaction.
Includes the following properties:
-
display_name String.
The friendly name of the Organization.
-
id String.
The Organization identifier.
-
metadata Dictionary.
Metadata associated with the Organization.
-
name String.
The name of the Organization.
|
event.prompt
(Optional)
|
Collected data from rendered custom prompts.
Includes the following properties:
-
fields Optional dictionary.
Fields and hidden fields data.
id String. The prompt ID.
-
vars Optional dictionary.
Shared variables data.
|
event.refresh_token
(Optional)
|
[Enterprise Customers] The current refresh token.
Includes the following properties:
|
event.request
|
Details about the request that initiated the transaction.
Includes the following properties:
|
event.resource_server
(Optional)
|
Details about the resource server to which the access is being
requested.
Includes the following properties:
-
identifier String.
The identifier of the resource server. For example:
https://your-api.example.com .
|
event.session
(Optional)
|
The current login session.
Includes the following properties:
-
authenticated_at Optional string.
[Enterprise Customers] The date and time when the session was
last authenticated.
-
clients Optional array of objects.
[Enterprise Customers] List of client details for the session.
Elements include the following properties:
-
client_id String.
[Enterprise Customers] ID of client for the session.
-
created_at Optional string.
[Enterprise Customers] The date and time when the session was
created.
-
device Optional object.
[Enterprise Customers] Metadata related to the device used in the
session.
Includes the following properties:
-
initial_asn Optional string.
[Enterprise Customers] First autonomous system number
associated with this session.
-
initial_ip Optional string.
[Enterprise Customers] First IP address associated with this
session.
-
initial_user_agent Optional string.
[Enterprise Customers] First user agent of the device
associated with this session.
-
last_asn Optional string.
[Enterprise Customers] Last autonomous system number from
which this user logged in.
-
last_ip Optional string.
[Enterprise Customers] Last IP address from which this user
logged in.
-
last_user_agent Optional string.
[Enterprise Customers] Last user agent of the device from
which this user logged in.
-
expires_at Optional string.
[Enterprise Customers] The date and time when the session will
expire.
-
id String.
The ID of the current session.
-
idle_expires_at Optional string.
[Enterprise Customers] The date and time when the session will
expire if idle.
-
last_interacted_at Optional string.
[Enterprise Customers] The date and time when the session was
last successfully interacted with.
-
updated_at Optional string.
[Enterprise Customers] The date and time when the session was
last updated.
-
user_id Optional string.
[Enterprise Customers] ID of the user which can be used when
interacting with other APIs.
|
event.stats
|
Login statistics for the current user.
Includes the following properties:
-
logins_count Number.
The number of times this user has logged in.
|
event.tenant
|
Details about the Tenant associated with the current transaction.
Includes the following properties:
-
id String.
The name of the tenant.
|
event.transaction
(Optional)
|
Details about the current transaction.
Includes the following properties:
-
acr_values Array of strings.
Any acr_values provided in the original authentication
request.
-
linking_id Optional string.
Dynamic Linking ID that allows developers to reference this
transaction.
-
locale String.
The locale to be used for this transaction as determined by
comparing the browser's requested languages to the tenant's
language settings.
-
login_hint Optional string.
Hint to the Authorization Server about the login identifier the
End-User might use to log in (if necessary).
-
prompt Optional array of strings.
List of instructions indicating whether the user may be prompted
for re-authentication and consent.
-
protocol Optional string.
Possible values include:
-
oidc-basic-profile
Most used, web-based login.
-
oidc-implicit-profile
Used on mobile devices and single-page apps.
-
oidc-hybrid-profile
Allows your application to have immediate access to an ID
token while still providing for secure and safe retrieval of
access and refresh tokens.
-
samlp SAML protocol used on SaaS apps.
-
wsfed
WS-Federation used on Microsoft products like
Office365.
-
wstrust-usernamemixed
WS-trust User/password login used on CRM and Office365.
-
oauth2-device-code
Transaction using the Device Authorization Flow.
-
oauth2-resource-owner
User/password login typically used on database
connections.
-
oauth2-resource-owner-jwt-bearer
Login using a bearer JWT signed with user's private
key.
-
oauth2-password
Login using the password exchange.
-
oauth2-webauthn
Login using the webauthn exchange.
-
oauth2-access-token
Refreshing a token using the refresh token exchange.
-
oauth2-refresh-token
Refreshing a token using the refresh token exchange.
oauth2-token-exchange
-
redirect_uri Optional string.
The URL to which Auth0 will redirect the browser after the
transaction is completed.
-
requested_authorization_details
Optional array of objects.
The details of a rich authorization request per Section 2 of the
Rich Authorization Requests spec at
https://datatracker.ietf.org/doc/html/draft-ietf-oauth-rar#section-2.
Elements include the following properties:
-
type String.
The type of authorization details as a string. The value of
the type field determines the allowable contents of the object
which contains it.
-
requested_scopes Array of strings.
The scopes requested (if any) when starting this authentication
flow.
-
response_mode Optional string.
Informs the Authorization Server of the mechanism to be used for
returning parameters from the Authorization Endpoint.
Possible values include:
query
fragment
form_post
web_message
-
response_type Optional array of strings.
Possible values include:
-
state Optional string.
An opaque arbitrary alphanumeric string your app adds to the
initial request that Auth0 includes when redirecting back to your
application.
-
ui_locales Array of strings.
The ui_locales provided in the original authentication
request.
|
event.user
|
An object describing the user on whose behalf the current transaction
was initiated.
Includes the following properties:
-
app_metadata Dictionary.
Custom fields that store info about a user that influences the
user's access, such as support plan, security roles, or access
control groups.
-
created_at String.
Timestamp indicating when the user profile was first
created.
-
email Optional string.
(unique) User's email address.
-
email_verified Boolean.
Indicates whether the user has verified their email
address.
-
enrolledFactors Optional array of objects.
An an array of authentication factors that the user has enrolled.
Array elements:
-
family_name Optional string.
User's family name.
-
given_name Optional string.
User's given name.
-
identities Array of objects.
Contains info retrieved from the identity provider with which the
user originally authenticates. Users may also link their profile
to multiple identity providers; those identities will then also
appear in this array. The contents of an individual identity
provider object varies by provider.
Elements include the following properties:
-
connection Optional string.
Name of the Auth0 connection used to authenticate the
user.
-
isSocial Optional boolean.
Indicates whether the connection is a social one.
-
profileData Optional dictionary.
User information associated with the connection. When
profiles are linked, it is populated with the associated user
info for secondary accounts.
-
provider Optional string.
Name of the entity that is authenticating the user, such as
Facebook, Google, SAML, or your own provider.
-
user_id Optional string.
User's unique identifier for this connection/provider.
-
last_password_reset Optional string.
Timestamp indicating the last time the user's password was
reset/changed. At user creation, this field does not exist. This
property is only available for Database connections.
-
multifactor Optional array of strings.
List of multi-factor authentication (MFA) providers with which
the user is enrolled. This array is updated when the user enrolls
in MFA and when an administrator resets a user's MFA
enrollments.
-
name Optional string.
User's full name.
-
nickname Optional string.
User's nickname.
-
phone_number Optional string.
User's phone number.
-
phone_verified Optional boolean.
Indicates whether the user has verified their phone number.
-
picture Optional string.
URL pointing to the
user's profile picture.
-
updated_at String.
Timestamp indicating when the user's profile was last
updated/modified.
-
user_id String.
(unique) User's unique identifier.
-
user_metadata Dictionary.
Custom fields that store info about a user that does not impact
what they can or cannot access, such as work address, home
address, or user preferences.
-
username Optional string.
(unique) User's username.
|