Actions Triggers: post-login - Event Object

The event object for the post-login Actions trigger provides contextual information about a single user logging in via Auth0. It contains the following information:

PropertyDescription

event.authentication

(Optional)

Details about authentication signals obtained during the login flow.

Includes the following properties:

  • methods Array of objects.

    Contains the authentication methods a user has completed during their session.

    Elements include the following properties:

    • name String.

      Possible values include:

      • federated A social or enterprise connection was used to authenticate the user.
      • pwd A database connection was used to authenticate the user,
      • sms A Passwordless SMS connection was used to authenticate the user,
      • email A Passwordless Email connection was used to authenticate the user.
      • mfa The user completed a multi-factor authentication
      • mock Used for internal testing
    • timestamp String.

event.authorization

(Optional)

An object containing information describing the authorization granted to the user that is logging in.

Includes the following properties:

  • roles Array of strings. An array containing the names of a user's assigned roles.

event.client

Information about the Client with which this login transaction was initiated.

Includes the following properties:

  • client_id String. The client id of the application the user is logging in to.
  • metadata Dictionary. An object for holding other application properties.
  • name String. The name of the application (as defined on the dashboard).

event.connection

Details about the Connection that was used to authenticate the user.

Includes the following properties:

  • id String. The connection's unique identifier.
  • metadata Optional dictionary. Metadata associated with the connection.
  • name String. The name of the connection used to authenticate the user (such as: twitter or some-g-suite-domain).
  • strategy String. The type of connection.undefinedFor social connection connectionStrategy === connection. For enterprise connections, the strategy will be waad (Windows Azure AD), ad (Active Directory/LDAP), auth0 (database connections), and so on.

event.organization

(Optional)

Details about the Organization associated with the current transaction.

Includes the following properties:

  • display_name String. The friendly name of the organization.
  • id String. The organization identifier.
  • metadata Dictionary. Metadata associated with the organization.
  • name String. The name of the organization.

event.request

Details about the request that initiated the transaction.

Includes the following properties:

  • body Dictionary. The body of the POST request. This data will only be available during Refresh Token and Client Credential Exchange flows.
  • geoip Object.

    Includes the following properties:

    • cityName Optional string.
    • continentCode Optional string.
    • countryCode Optional string.
    • countryCode3 Optional string.
    • countryName Optional string.
    • latitude Optional number.
    • longitude Optional number.
    • timeZone Optional string.
  • hostname Optional string. The hostname that is being used for the authentication flow.
  • ip String. The originating IP address of the request.
  • language Optional string. The language requested by the browser.
  • method String. The HTTP method used for the request
  • query Dictionary. The query string parameters sent to the authorization request.
  • user_agent Optional string. The value of the User-Agent header received when initiating the transaction.

event.resource_server

(Optional)

Details about the resource server to which the access is being requested.

Includes the following properties:

  • identifier String. The identifier of the resource server. For example: https://your-api.example.com

event.stats

Login statistics for the current user.

Includes the following properties:

  • logins_count Number. The number of times this user has logged in.

event.tenant

Details about the Tenant associated with the current transaction.

Includes the following properties:

  • id String. The name of the tenant.

event.transaction

(Optional)

Details about the current transaction.

Includes the following properties:

  • acr_values Array of strings. Any acr_values provided in the original authentication request.
  • locale String. The locale to be used for this transaction as determined by comparing the browser's requested languages to the tenant's language settings.
  • protocol Optional string.

    Possible values include:

    • oidc-basic-profile most used, web-based login
    • oidc-implicit-profile used on mobile devices and single-page apps
    • oauth2-device-code transaction using the Device Authorization Flow
    • oauth2-resource-owner user/password login typically used on database connections
    • oauth2-resource-owner-jwt-bearer login using a bearer JWT signed with user's private key
    • oauth2-password login using the password exchange
    • oauth2-access-token refreshing a token using the Refresh Token exchange
    • oauth2-refresh-token refreshing a token using the Refresh Token exchange
    • oauth2-token-exchange
    • oidc-hybrid-profile allows your application to have immediate access to an ID token while still providing for secure and safe retrieval of access and refresh tokens
    • samlp SAML protocol used on SaaS apps
    • wsfed WS-Federation used on Microsoft products like Office365
    • wstrust-usernamemixed WS-trust user/password login used on CRM and Office365
  • requested_scopes Array of strings. The scopes requested (if any) when starting this authentication flow.
  • ui_locales Array of strings. The ui_locales provided in the original authentication request.

event.user

An object describing the user on whose behalf the current transaction was initiated.

Includes the following properties:

  • app_metadata Dictionary. Custom fields that store info about a user that influences the user's access, such as support plan, security roles, or access control groups.
  • created_at String. Timestamp indicating when the user profile was first created.
  • email Optional string. (unique) User's email address.
  • email_verified Boolean. Indicates whether the user has verified their email address.
  • family_name Optional string. User's family name.
  • given_name Optional string. User's given name.
  • identities Array of objects.

    Contains info retrieved from the identity provider with which the user originally authenticates. Users may also link their profile to multiple identity providers; those identities will then also appear in this array. The contents of an individual identity provider object varies by provider.

    Elements include the following properties:

    • connection Optional string. Name of the Auth0 connection used to authenticate the user.
    • isSocial Optional boolean. Indicates whether the connection is a social one.
    • profile_data Optional dictionary. User information associated with the connection. When profiles are linked, it is populated with the associated user info for secondary accounts.
    • provider Optional string. Name of the entity that is authenticating the user, such as Facebook, Google, SAML, or your own provider.
    • user_id Optional string. User's unique identifier for this connection/provider.
  • last_password_reset Optional string. Timestamp indicating the last time the user's password was reset/changed. At user creation, this field does not exist. This property is only available for Database connections.
  • multifactor Optional array of strings.
  • name Optional string. User's full name.
  • nickname Optional string. User's nickname.
  • phone_number Optional string. User's phone number. Only valid for users with SMS connections.
  • phone_verified Optional boolean. Indicates whether the user has verified their phone number. Only valid for users with SMS connections.
  • picture Optional string. URL pointing to the user's profile picture.
  • updated_at String. Timestamp indicating when the user's profile was last updated/modified.
  • user_id String. (unique) User's unique identifier.
  • user_metadata Dictionary. Custom fields that store info about a user that does not impact what they can or cannot access, such as work address, home address, or user preferences.
  • username Optional string. (unique) User's username.