Actions Triggers: post-login - Event Object

event.authentication

(Optional)

Details about authentication signals obtained during the login flow.

Includes the following properties:

• methods Array of objects.

  Contains the authentication methods a user has completed during their session.

  Array elements:

  • One of the following object schemas:

    • An object with the following properties:

      • name String.

        The name of the first factor that was completed. Values include the following:

        • "federated" A social or enterprise connection was used to authenticate the user as the first factor.
        • "pwd" A password was used to authenticate a database connection user as the first factor.
        • "passkey" A passkey was used to authenticate a database connnection user as the first factor.
        • "sms" A Passwordless SMS connection was used to authenticate the user as the first factor.
        • "email" A Passwordless Email connection was used to authenticate the user as the first factor or verify email for password reset.
        • "phone_number" A phone number was used for password reset.
        • "mock" Used for internal testing.
        • string A custom authentication method denoted by a URL (as second or later factor).
      • timestamp String.

    • An object with the following properties:

      • name The value "mfa". The user completed multi-factor authentication (second or later factors).
      • timestamp String.
• riskAssessment Optional object.

  Details about risk assessments obtained during the login or password reset flow.

  Includes the following properties:

  • assessments Object.

    Includes the following properties:

    • ImpossibleTravel Optional object.

      Determines if the user is logging in from a location signaling impossible travel.

      Includes the following properties:

      • code String.

        Possible values include:

        • minimal_travel_from_last_login
        • travel_from_last_login
        • substantial_travel_from_last_login
        • impossible_travel_from_last_login
        • invalid_travel
        • missing_geoip
        • anonymous_proxy
        • unknown_location
        • initial_login
        • location_history_not_found
        • assessment_not_available
      • confidence String.

        Possible values include:

        • low
        • medium
        • high
        • neutral
    • NewDevice Optional object.

      Determines if the user is logging in from a known device.

      Includes the following properties:

      • code String.

        Possible values include:

        • match
        • partial_match
        • no_match
        • initial_login
        • unknown_device
        • no_device_history
        • assessment_not_available
      • confidence String.

        Possible values include:

        • low
        • medium
        • high
        • neutral
      • details Optional object.

        Includes the following properties:

        • device Optional string.

          Possible values include:

          • known
          • unknown
        • useragent Optional string.

          Possible values include:

          • known
          • unknown
    • UntrustedIP Optional object.

      Shows if the IP was found in Auth0's repository of low reputation IPs.

      Includes the following properties:

      • code String.

        Possible values include:

        • not_found_on_deny_list
        • found_on_deny_list
        • invalid_ip_address
        • assessment_not_available
      • confidence String.

        Possible values include:

        • low
        • medium
        • high
        • neutral
      • details Optional object.

        Includes the following properties:

        • category Optional string.
        • ip Optional string. The originating IP address of the request.
        • matches Optional string.
        • source Optional string.
  • confidence String.

    Overall risk score

    Possible values include:

    • low
    • medium
    • high
    • neutral
  • external Optional object.

    Includes the following properties:

    • akamai Optional object.

      [Limited Early Access] External risk assessment.

      Includes the following properties:

      • akamaiBot Optional object.

        The bot detection results as forwarded by Akamai Bot Manager.

        Includes the following properties:

        • action Optional string. The action of the Akamai bot manager results.
        • botCategory Optional array of strings. The bot category of the Akamai bot manager results.
        • botScore Optional number. The bot score of the Akamai bot manager results.
        • botScoreResponseSegment Optional string. The bot score response segment of the Akamai bot manager results.
        • botnetId Optional string. The botnet ID of the Akamai bot manager results.
        • type Optional string. The type of the Akamai bot manager results.
      • akamaiUserRisk Optional object.

        The user risk detection results as forwarded by Akamai Account Protector.

        Includes the following properties:

        • action Optional string. The action of the Akamai user risk assessment.
        • allow Optional number. The allowed status of the Akamai user risk assessment.
        • emailDomain Optional string. The email domain of the user.
        • general Optional string. The general risk of the Akamai user risk assessment.
        • ouid Optional string. The OUID of the user.
        • requestid Optional string. The request ID of the user.
        • risk Optional string. The risk of the Akamai user risk assessment.
        • score Optional number. The score of the Akamai user risk assessment.
        • status Optional number. The status of the Akamai user risk assessment.
        • trust Optional string. The trust of the Akamai user risk assessment.
        • username Optional string. The username of the user.
        • uuid Optional string. The UUID of the Akamai user risk assessment.
  • version String.

event.authorization

(Optional)

An object containing information describing the authorization granted to the user who is logging in.

Includes the following properties:

• roles Array of strings. An array containing the names of a user's assigned roles.

event.client

Information about the Client with which this login transaction was initiated.

Includes the following properties:

• client_id String. The client id of the application to which the user is logging in.
• metadata Dictionary. An object for holding other application properties.
• name String. The name of the application (as defined in the Dashboard).
• refresh_token Optional object.

  [Private Early Access] An object for holding refresh token configuration properties.

  Includes the following properties:

  • policies Optional array of objects.

    [Private Early Access] A collection of policies governing multi-resource refresh token exchange (MRRT), defining how refresh tokens can be used across different resource servers

    Elements include the following properties:

    • audience Optional string. [Private Early Access] The specific resource server (audience) to which this MRRT policy applies.
    • scope Optional array of strings. The scopes of access that are authorized for the resource server (audience).

event.connection

Details about the Connection that was used to authenticate the user.

Includes the following properties:

• id String. The connection's unique identifier.
• metadata Optional dictionary. Metadata associated with the connection.
• name String. The name of the connection used to authenticate the user (such as twitter or some-g-suite-domain).
• strategy String. The type of connection. For social connections, event.connection.strategy === event.connection.name. For enterprise connections, the strategy is waad (Windows Azure AD), ad (Active Directory/LDAP), auth0 (database connections), and so on.

event.organization

(Optional)

Details about the Organization associated with the current transaction.

Includes the following properties:

• display_name String. The friendly name of the Organization.
• id String. The Organization identifier.
• metadata Dictionary. Metadata associated with the Organization.
• name String. The name of the Organization.

event.prompt

(Optional)

Collected data from rendered custom prompts.

Includes the following properties:

• fields Optional string. Fields and hidden fields data.
• id String. The prompt ID.
• vars Optional string. Shared variables data.

event.refresh_token

(Optional)

[Enterprise Customers] The current refresh token.

Includes the following properties:

• client_id Optional string. [Enterprise Customers] The ID of the client associated with the refresh token.
• created_at String. [Enterprise Customers] Timestamp of when the refresh token was created.
• device Optional object.

  Includes the following properties:

  • initial_asn Optional string. [Enterprise Customers] First autonomous system number associated with this refresh token.
  • initial_ip Optional string. [Enterprise Customers] First IP address associated with this refresh token.
  • initial_user_agent Optional string. [Enterprise Customers] First user agent of the device associated with this refresh token.
  • last_asn Optional string. [Enterprise Customers] Last autonomous system number from which this refresh token was last exchanged.
  • last_ip Optional string. [Enterprise Customers] Last IP address from which this refresh token was last exchanged.
  • last_user_agent Optional string. [Enterprise Customers] Last user agent of the device from which this refresh token was last exchanged.
• expires_at Optional string. [Enterprise Customers] Timestamp of when the refresh token will absolutely expire.
• id String. [Enterprise Customers] The ID of the refresh token.
• idle_expires_at Optional string. [Enterprise Customers] Timestamp of when the refresh token will idle expire.
• last_exchanged_at Optional string. [Enterprise Customers] Timestamp of when the refresh token was last successfully exchanged.
• resource_servers Optional array of objects.

  Elements include the following properties:

  • audience String. [Enterprise Customers] The audience of the refresh token.
  • scopes String. [Enterprise Customers] Scopes of the refresh token.
• rotating Optional boolean. [Enterprise Customers] If the refresh token is a rotating refresh token.
• session_id Optional string. [Enterprise Customers] The ID of the session bound to the refresh token.
• user_id Optional string. [Enterprise Customers] The ID of the user bound to the refresh token.

event.request

Details about the request that initiated the transaction.

Includes the following properties:

• asn Optional string. The ASN (autonomous system number) of the user-agent making the request.
• body String. The body of the POST request. This data will only be available during refresh token and Client Credential Exchange flows and Post Login Action.
• geoip Object.

  Includes the following properties:

  • cityName Optional string.
  • continentCode Optional string.
  • countryCode Optional string.
  • countryCode3 Optional string.
  • countryName Optional string.
  • latitude Optional number.
  • longitude Optional number.
  • subdivisionCode Optional string.
  • subdivisionName Optional string.
  • timeZone Optional string.
• hostname Optional string. The hostname that is being used for the authentication flow.
• ip String. The originating IP address of the request.
• language Optional string. The language requested by the browser.
• method String. The HTTP method used for the request
• query String. The query string parameters sent to the authorization request.
• user_agent Optional string. The value of the User-Agent header received when initiating the transaction.

event.resource_server

(Optional)

Details about the resource server to which the access is being requested.

Includes the following properties:

• identifier String. The identifier of the resource server. For example: https://your-api.example.com.

event.security_context

(Optional)

An object containing fingerprint signatures. This will be available only if the client is using cloudflare. The JA3/JA4 fingerprint can be null or empty in some cases. The most common case is for HTTP requests because JA3 and JA4 are calculated in TLS. It can also be empty due to the Worker sending requests within the same zone or to a zone that is not proxied (or a third party).

Includes the following properties:

• ja3 Optional string. JA3 fingerprint signature. This will be available only if the client is using a TLS connection.
• ja4 Optional string. JA4 fingerprint signature. This will be available only if the client is using a TLS connection.

event.session

(Optional)

The current login session.

Includes the following properties:

• authenticated_at Optional string. [Enterprise Customers] The date and time when the session was last authenticated.
• clients Optional array of objects.

  [Enterprise Customers] List of client details for the session.

  Elements include the following properties:

  • client_id String. [Enterprise Customers] ID of client for the session.
• created_at Optional string. [Enterprise Customers] The date and time when the session was created.
• device Optional object.

  [Enterprise Customers] Metadata related to the device used in the session.

  Includes the following properties:

  • initial_asn Optional string. [Enterprise Customers] First autonomous system number associated with this session.
  • initial_ip Optional string. [Enterprise Customers] First IP address associated with this session.
  • initial_user_agent Optional string. [Enterprise Customers] First user agent of the device associated with this session.
  • last_asn Optional string. [Enterprise Customers] Last autonomous system number from which this user logged in.
  • last_ip Optional string. [Enterprise Customers] Last IP address from which this user logged in.
  • last_user_agent Optional string. [Enterprise Customers] Last user agent of the device from which this user logged in.
• expires_at Optional string. [Enterprise Customers] The date and time when the session will expire.
• id String. The ID of the current session.
• idle_expires_at Optional string. [Enterprise Customers] The date and time when the session will expire if idle.
• last_interacted_at Optional string. [Enterprise Customers] The date and time when the session was last successfully interacted with.
• updated_at Optional string. [Enterprise Customers] The date and time when the session was last updated.
• user_id Optional string. [Enterprise Customers] ID of the user which can be used when interacting with other APIs.

event.session_transfer_token

(Optional)

[Private Early Access] Details of the current session transfer token being used to establish Single Sign-On (SSO) from a native application to a web application.

Includes the following properties:

• client_id String. [Private Early Access] The client identifier of the application that issued the token.
• request Object.

  [Private Early Access] Details about the request that issued the token.

  Includes the following properties:

  • asn Optional string. [Private Early Access] The Autonomous System Number (ASN) associated with the request that issued the token.
  • geoip Optional object.

    Includes the following properties:

    • cityName Optional string.
    • continentCode Optional string.
    • countryCode Optional string.
    • countryCode3 Optional string.
    • countryName Optional string.
    • latitude Optional number.
    • longitude Optional number.
    • subdivisionCode Optional string.
    • subdivisionName Optional string.
    • timeZone Optional string.
  • ip String. [Private Early Access] The IP address associated with the request that issued the token.
  • user_agent Optional string. [Private Early Access] The User-Agent string of the device that issued the token.
• scope Array of strings. [Private Early Access] The scopes requested when the token was issued.

event.stats

Login statistics for the current user.

Includes the following properties:

• logins_count Number. The number of times this user has logged in.

event.tenant

Details about the Tenant associated with the current transaction.

Includes the following properties:

• id String. The name of the tenant.

event.transaction

(Optional)

Details about the current transaction.

Includes the following properties:

• acr_values Array of strings. Any acr_values provided in the original authentication request.
• id Optional string. Unique identifier for the transaction. Populated for all browser-based login flows.
• linking_id Optional string. Dynamic Linking ID that allows developers to reference this transaction.
• locale String. The locale to be used for this transaction as determined by comparing the browser's requested languages to the tenant's language settings.
• login_hint Optional string. Hint to the Authorization Server about the login identifier the End-User might use to log in (if necessary).
• prompt Optional array of strings. List of instructions indicating whether the user may be prompted for re-authentication and consent.
• protocol Optional string.

  Possible values include:

  • oidc-basic-profile Most used, web-based login.
  • oidc-ciba Client-Initiated Backchannel Authentication (CIBA).
  • oidc-hybrid-profile Allows your application to have immediate access to an ID token while still providing for secure and safe retrieval of access and refresh tokens.
  • samlp SAML protocol used on SaaS apps.
  • wsfed WS-Federation used on Microsoft products like Office365.
  • wstrust-usernamemixed WS-trust User/password login used on CRM and Office365.
  • oidc-implicit-profile Used on mobile devices and single-page apps.
  • oauth2-device-code Transaction using the Device Authorization Flow.
  • oauth2-resource-owner User/password login typically used on database connections.
  • oauth2-resource-owner-jwt-bearer Login using a bearer JWT signed with user's private key.
  • oauth2-password Login using the password exchange.
  • oauth2-webauthn Login using the webauthn exchange.
  • oauth2-refresh-token Refreshing a token using the refresh token exchange.
  • oauth2-token-exchange Exchanging an assertion for an Auth0-issued token.
• redirect_uri Optional string. The URL to which Auth0 will redirect the browser after the transaction is completed.
• requested_authorization_details Optional array of objects.

  The details of a rich authorization request per Section 2 of the Rich Authorization Requests spec at https://datatracker.ietf.org/doc/html/draft-ietf-oauth-rar#section-2.

  Elements include the following properties:

  • type String. The type of authorization details as a string. The value of the type field determines the allowable contents of the object which contains it.
• requested_scopes Array of strings. The scopes requested (if any) when starting this authentication flow.
• response_mode Optional string.

  Informs the Authorization Server of the mechanism to be used for returning parameters from the Authorization Endpoint.

  Possible values include:

  • query
  • fragment
  • form_post
  • web_message
• response_type Optional array of strings.

  Possible values include:

  • code
  • token
  • id_token
• state Optional string. An opaque arbitrary alphanumeric string your app adds to the initial request that Auth0 includes when redirecting back to your application.
• ui_locales Array of strings. The ui_locales provided in the original authentication request.

event.user

An object describing the user on whose behalf the current transaction was initiated.

Includes the following properties:

• app_metadata String. Custom fields that store info about a user that influences the user's access, such as support plan, security roles, or access control groups.
• created_at String. Timestamp indicating when the user profile was first created.
• email Optional string. (unique) User's email address.
• email_verified Boolean. Indicates whether the user has verified their email address.
• enrolledFactors Optional array of objects.

  An an array of authentication factors that the user has enrolled.

  Array elements:

  • An object describing an enrolled authentication factor type and any factor-specific options.

    Includes the following properties:

    • options Optional string. Additional options describing this instance of the enrolled factor.
    • type String. The type of authentication factor such as push-notification, phone, email, otp, webauthn-roaming and webauthn-platform.
• family_name Optional string. User's family name.
• given_name Optional string. User's given name.
• identities Array of objects.

  Contains info retrieved from the identity provider with which the user originally authenticates. Users may also link their profile to multiple identity providers; those identities will then also appear in this array. The contents of an individual identity provider object varies by provider.

  Elements include the following properties:

  • connection Optional string. Name of the Auth0 connection used to authenticate the user.
  • isSocial Optional boolean. Indicates whether the connection is a social one.
  • profileData Optional dictionary. User information associated with the connection. When profiles are linked, it is populated with the associated user info for secondary accounts.
  • provider Optional string. Name of the entity that is authenticating the user, such as Facebook, Google, SAML, or your own provider.
  • user_id Optional string. User's unique identifier for this connection/provider.
• last_password_reset Optional string. Timestamp indicating the last time the user's password was reset/changed. At user creation, this field does not exist. This property is only available for Database connections.
• multifactor Optional array of strings. List of multi-factor authentication (MFA) providers with which the user is enrolled. This array is updated when the user enrolls in MFA and when an administrator resets a user's MFA enrollments.
• name Optional string. User's full name.
• nickname Optional string. User's nickname.
• phone_number Optional string. User's phone number.
• phone_verified Optional boolean. Indicates whether the user has verified their phone number.
• picture Optional string. URL pointing to the user's profile picture.
• updated_at String. Timestamp indicating when the user's profile was last updated/modified.
• user_id String. (unique) User's unique identifier.
• user_metadata String. Custom fields that store info about a user that does not impact what they can or cannot access, such as work address, home address, or user preferences.
• username Optional string. (unique) User's username.

event.session_transfer_token

(Optional)

[Private Early Access] Details of the current session transfer token being used to establish Single Sign-On (SSO) from a native application to a web application.

Includes the following properties:

• client_id String. [Private Early Access] The client identifier of the application that issued the token.
• request Object.

  [Private Early Access] Details about the request that issued the token.

  Includes the following properties:

  • asn Optional string. [Private Early Access] The Autonomous System Number (ASN) associated with the request that issued the token.
  • geoip Optional object.

    Includes the following properties:

    • cityName Optional string.
    • continentCode Optional string.
    • countryCode Optional string.
    • countryCode3 Optional string.
    • countryName Optional string.
    • latitude Optional number.
    • longitude Optional number.
    • subdivisionCode Optional string.
    • subdivisionName Optional string.
    • timeZone Optional string.
  • ip String. [Private Early Access] The IP address associated with the request that issued the token.
  • user_agent Optional string. [Private Early Access] The User-Agent string of the device that issued the token.
• scope Array of strings. [Private Early Access] The scopes requested when the token was issued.

event.stats

Login statistics for the current user.

Includes the following properties:

• logins_count Number. The number of times this user has logged in.

event.tenant

Details about the Tenant associated with the current transaction.

Includes the following properties:

• id String. The name of the tenant.

event.user

An object describing the user on whose behalf the current transaction was initiated.

Includes the following properties:

• app_metadata Dictionary. Custom fields that store info about a user that influences the user's access, such as support plan, security roles, or access control groups.
• created_at String. Timestamp indicating when the user profile was first created.
• email Optional string. (unique) User's email address.
• email_verified Boolean. Indicates whether the user has verified their email address.
• enrolledFactors Optional array of objects.

  An an array of authentication factors that the user has enrolled.

  Array elements:

  • An object describing an enrolled authentication factor type and any factor-specific options.

    Includes the following properties:

    • options Optional dictionary. Additional options describing this instance of the enrolled factor.
    • type String. The type of authentication factor such as push-notification, phone, email, otp, webauthn-roaming and webauthn-platform.
• family_name Optional string. User's family name.
• given_name Optional string. User's given name.
• identities Array of objects.

  Contains info retrieved from the identity provider with which the user originally authenticates. Users may also link their profile to multiple identity providers; those identities will then also appear in this array. The contents of an individual identity provider object varies by provider.

  Elements include the following properties:

  • connection Optional string. Name of the Auth0 connection used to authenticate the user.
  • isSocial Optional boolean. Indicates whether the connection is a social one.
  • profileData Optional dictionary. User information associated with the connection. When profiles are linked, it is populated with the associated user info for secondary accounts.
  • provider Optional string. Name of the entity that is authenticating the user, such as Facebook, Google, SAML, or your own provider.
  • user_id Optional string. User's unique identifier for this connection/provider.
• last_password_reset Optional string. Timestamp indicating the last time the user's password was reset/changed. At user creation, this field does not exist. This property is only available for Database connections.
• multifactor Optional array of strings. List of multi-factor authentication (MFA) providers with which the user is enrolled. This array is updated when the user enrolls in MFA and when an administrator resets a user's MFA enrollments.
• name Optional string. User's full name.
• nickname Optional string. User's nickname.
• phone_number Optional string. User's phone number.
• phone_verified Optional boolean. Indicates whether the user has verified their phone number.
• picture Optional string. URL pointing to the user's profile picture.
• updated_at String. Timestamp indicating when the user's profile was last updated/modified.
• user_id String. (unique) User's unique identifier.
• user_metadata Dictionary. Custom fields that store info about a user that does not impact what they can or cannot access, such as work address, home address, or user preferences.
• username Optional string. (unique) User's username.