event.accessToken |
Object representing the options defined on the AccessToken. If you change token content using the event object within an Action, your changes will be available in tokens after all Actions have finished running. If your application also requires multi-factor authentication (MFA) or user consent, the user will be prompted before changes in the token are available. Includes the following properties: customClaims : Dictionary of string key/value pairs containing custom claims.scope : Array of strings containing permissions.
You can use this object to add custom namespaced claims to the Access Token. |
event.actor |
Object containing useful information related to the actor. Includes the following properties: ip : String containing the originating IP address of the user trying to log in. We expose IPv6 addresses in our public endpoints (e.g., travel0.us.auth0.com). If a request arrives from a machine that supports IPv6, then this will contain an IPv6 address. If you perform manual IP address manipulation, we suggest you define as a dependency the ipaddr.js@1.9.0 library.hostname : String containing the hostname that is being used for the authentication flow.query : Dictionary of string key/value pairs containing the querystring properties of the login transaction sent by the application.body : Dictionary of string key/value pairs containing the body of the POST request on login transactions. Used when context.protocol is oauth2-resource-owner , oauth2-resource-owner-jwt-bearer , or wstrust-usernamemixed .geoIp : Object containing geographic information about the IP address. It includes the following properties:countryCode : String containing the two-character code for the country associated with the IP address.countryCode3 : String containing the three-character code for the country associated with the IP address.countryName : String containing the country name associated with the IP address.cityName : String containing the city or town name associated with the IP address.latitude : Number containing the latitude associated with the IP address.longitude : Number containing the longitude associated with the IP address.timeZone : String containing the time zone associated with the IP address.continentCode : String containing the two-character code for the continent associated with the IP address.
userAgent : String that represents the user-agent of the application that is trying to log in.
|
event.authentication |
Object containing information related to the authentication transaction. Includes the following properties: methods : Array of objects containing the authentication methods a user has completed during their session. The methods objects include the following properties:name : String representing the name of the authentication method that was completed. Possible values include:federated : Social or enterprise connectionpwd : Database connectionsms : Passwordless SMS connectionemail : Passwordless Email connectionmfa : Multi-factor authentication (MFA) process
timestamp : Number indicating the time in seconds at which the authentication method took place in Unix Epoch time.
|
event.authorization |
Object containing information related to the authorization transaction. Includes the following properties: roles : Array of strings containing the names of a user's assigned roles.
|
event.client |
Object containing information related to the client. Includes the following properties: id : String containing the Client ID of the application the user is logging in to.name : String containing the name of the application (as defined in the Auth0 Dashboard).metadata : Dictionary of string key/value pairs containing other application properties.
|
event.command |
Object representing the settings used in implementing a redirection or contextual multi-factor authentication. Includes the following properties: type : String representing the type of command. Possible values include:redirect : Redirection. Includes the following properties:url : String representing the URL to which to redirect.
multifactor : Multi-factor authentication (MFA). Includes the following properties:provider : String containing the name of the multi-factor authentication (MFA) provider with which the user is enrolled. This is updated when the user logs in with MFA successfully for the first time.allowRememberBrowser : Boolean indicating whether to remember the browser.
|
event.connection |
Object representing the connection settings. Includes the following properties: id : String containing the connection's unique identifier.name : String containing the name of the connection used to authenticate the user (for example, twitter ).strategy : String representing the type of connection. For social connections, the strategy matches the name of the connection. For database connections, the strategy is auth0 . For enterprise connections, the strategy is waad (Windows Azure AD), ad (Active Directory/LDAP), samlp (SAML), and so on. For passwordless connections, the strategy is sms or email . For a list of valid strategies, see Create a Connection endpoint.
|
event.idToken |
Object representing the options defined on the IDToken. If you change token content using the event object within an Action, your changes will be available in tokens after all Actions have finished running. If your application also requires multi-factor authentication (MFA) or user consent, the user will be prompted before changes in the token are available. Includes the following properties: customClaims : Dictionary of string key/value pairs containing custom claims.scope : Array of strings containing the permissions.
You can use this object to add custom namespaced claims to the ID Token. |
event.protocol |
String representing the authentication protocol. Possible values include: oidc-basic-profile : Most used, web-based login.oidc-implicit-profile : Login using the Implicit Flow.oauth2-device-code : Login using the Device Authorization Flow.oauth2-resource-owner : User/password login typically used on database connections.oauth2-resource-owner-jwt-bearer : Login using a bearer JWT signed with user's private key.oauth2-password : Login using the password exchange.oauth2-refresh-token : Used when refreshing a token through the Refresh Token exchange.samlp : SAML protocol used on SaaS apps.wsfed : WS-Federation used on Microsoft products like Office365.wstrust-usernamemixed : WS-trust user/password login used on CRM and Office365.delegation : Used when calling the Delegation endpoint.redirect-callback : Used when a redirect rule is resumed
|
event.stats |
Object containing user statistics. Includes the following properties: loginsCount : Number representing the total number of logins.
Note that counter variables do not increase during silent authentication</a (prompt=none ). |
event.tenant |
Object containing information related to the tenant. Includes the following properties: id : String containing the tenant’s unique identifier.
|
event.user |
Object containing information related to the user. Because of the order of events, changes made to a user's profile from within an Action must be saved to the event object from within the same Action if you want the changes to be available in the current event object. Includes the following properties: id : String containing the user's unique identifier.username : String containing the user's unique username.name : String containing the user's full name.givenName : String containing the user's given name.familyName : String containing the user's family name.nickname : String containing the user's nickname.email : String containing the user's unique email address.emailVerified : Boolean indicating whether the user has verified their email address.phoneNumber : String containing the user's phone number. Only valid for users with SMS connections.phoneNumberVerified : Boolean indicating whether the user has verified their phone number. Only valid for users with SMS connections.picture : String containing the URL that points to the user's profile picture.permissions : String representing the permissions assigned to the user's ID token.userMetadata : Dictionary of string key/JSON value pairs containing custom information about a user. User metadata should not include data that impacts what users can or cannot access. For more info, see Metadata.appMetadata : Dictionary of string key/JSON value pairs containing custom information about a user. App metadata can include data that influences the user’s access, such as support plans, security roles, or access control groups. For more info, see Metadata.createdAt : String representing the timestamp that indicates when the user profile was first created.updatedAt : String representing the timestamp that indicates when the user's profile was last updated/modified.lastPasswordResetAt : String representing the timestamp that indicates when the user's password was last reset/changed. At user creation, this field does not exist. This property is only available for Database connections.identities : Array of objects containing information retrieved from the identity provider with which the user originally authenticated. Users may also link their profile to multiple identity providers; those identities will then also appear in this array. The contents of an individual identity provider object varies by provider, but it will typically include the following:connection : String containing the name of the Auth0 connection used to authenticate the user.provider : String containing the name of the entity that is authenticating the user, such as Facebook, Google, SAML, or your own provider.userId : String containing the user's unique identifier for this connection/provider.profileData : Dictionary of string key/value pairs containing user information associated with the connection. When profiles are linked, it is populated with the associated user information for secondary accounts.isSocial : Boolean indicating whether the connection is a social one.accessToken : Dictionary of string key/JSON value pairs containing the API Access Token to be used with the provider.
|