event.authentication
(Optional)
|
Details about authentication signals obtained during the login flow.
Includes profile properties:
-
methods Array of objects.
Contains the authentication methods a user has completed during
their session.
Elements include the following properties:
-
name String.
Possible values include:
-
federated
A social or enterprise connection was used to
authenticate the user.
-
passkey
A passkey was used to authenticate the
user.
- Note: Passkeys are currently in Early Access. To learn more, review Passkeys for Auth0 Database Connections.
-
pwd
A password was used to authenticate the
user.
-
sms
A Passwordless SMS connection was used to authenticate
the user.
-
email
A Passwordless Email connection was used to authenticate
the user.
-
mfa
The user completed multi-factor authentication.
-
mock Used for internal testing.
-
String
A custom authentication method denoted by a URL.
timestamp String.
type String. A specific MFA factor. Only present when name is set to mfa .
-
riskAssessment Optional object.
Details about risk assessments obtained during the login flow.
Includes the following properties:
|
event.authorization
(Optional)
|
An object containing information describing the authorization granted
to the user who is logging in.
Includes the following properties:
-
roles Array of strings.
An array containing the names of a user's assigned roles.
|
event.client
|
Information about the Client with which this login transaction was
initiated.
Includes the following properties:
-
client_id String.
The client id of the application the user is logging in to.
-
metadata Dictionary.
An object for holding other application properties.
-
name String.
The name of the application (as defined in the Dashboard).
|
event.connection
|
Details about the Connection that was used to authenticate the user.
Includes the following properties:
-
id String.
The connection's unique identifier.
-
metadata Optional dictionary.
Metadata associated with the connection.
-
name String.
The name of the connection used to authenticate the user (such as
twitter or some-g-suite-domain ).
-
strategy String.
The type of connection. For social connections,
event.connection.strategy === event.connection.name .
For enterprise connections, the strategy is
waad (Windows Azure AD), ad (Active
Directory/LDAP), auth0 (database connections), and so
on.
|
event.organization
(Optional)
|
Details about the Organization associated with the current
transaction.
Includes the following properties:
-
display_name String.
The friendly name of the Organization.
-
id String.
The Organization identifier.
-
metadata Dictionary.
Metadata associated with the Organization.
-
name String.
The name of the Organization.
|
event.request
|
Details about the request that initiated the transaction.
Includes the following properties:
|
event.resource_server
(Optional)
|
Details about the resource server to which the access is being
requested.
Includes the following properties:
-
identifier String.
The identifier of the resource server. For example:
https://your-api.example.com .
|
event.stats
|
Login statistics for the current user.
Includes the following properties:
-
logins_count Number.
The number of times this user has logged in.
|
event.tenant
|
Details about the Tenant associated with the current transaction.
Includes the following properties:
-
id String.
The name of the tenant.
|
event.transaction
(Optional)
|
Details about the current transaction.
Includes the following properties:
-
acr_values Array of strings.
Any acr_values provided in the original authentication
request.
-
linking_id Optional string.
Dynamic Linking ID that allows developers to reference this
transaction.
-
locale String.
The locale to be used for this transaction as determined by
comparing the browser's requested languages to the tenant's
language settings.
-
login_hint Optional string.
Hint to the Authorization Server about the login identifier the
End-User might use to log in (if necessary).
-
prompt Optional array of strings.
List of instructions indicating whether the user may be prompted
for re-authentication and consent.
-
protocol Optional string.
Possible values include:
-
oidc-basic-profile
Most used, web-based login.
-
oidc-implicit-profile
Used on mobile devices and single-page apps.
-
samlp SAML protocol used on SaaS apps.
-
wsfed
WS-Federation used on Microsoft products like
Office365.
-
wstrust-usernamemixed
WS-trust User/password login used on CRM and Office365.
-
oauth2-device-code
Transaction using the Device Authorization Flow.
-
oauth2-resource-owner
User/password login typically used on database
connections.
-
oauth2-resource-owner-jwt-bearer
Login using a bearer JWT signed with user's private
key.
-
oauth2-password
Login using the password exchange.
-
oauth2-access-token
Refreshing a token using the refresh token exchange.
-
oauth2-refresh-token
Refreshing a token using the refresh token exchange.
oauth2-token-exchange
-
oidc-hybrid-profile
Allows your application to have immediate access to an ID
token while still providing for secure and safe retrieval of
access and refresh tokens.
-
redirect_uri Optional string.
The URL to which Auth0 will redirect the browser after the
transaction is completed.
-
requested_authorization_details
Optional array of objects.
The details of a rich authorization request per Section 2 of the
Rich Authorization Requests spec at
https://datatracker.ietf.org/doc/html/draft-ietf-oauth-rar#section-2.
Elements include the following properties:
-
type String.
The type of authorization details as a string. The value of
the type field determines the allowable contents of the object
which contains it.
-
requested_scopes Array of strings.
The scopes requested (if any) when starting this authentication
flow.
-
response_mode Optional string.
Informs the Authorization Server of the mechanism to be used for
returning parameters from the Authorization Endpoint.
-
response_type Optional array of strings.
Denotes the kind of credential that Auth0 will return.
-
state Optional string.
An opaque arbitrary alphanumeric string your app adds to the
initial request that Auth0 includes when redirecting back to your
application.
-
ui_locales Array of strings.
The ui_locales provided in the original authentication
request.
|
event.user
|
An object describing the user on whose behalf the current transaction
was initiated.
Includes the following properties that originate from identity providers or custom database scripts, as well as the following standard properties:
-
app_metadata Dictionary.
Custom fields that store info about a user that influences the
user's access, such as support plan, security roles, or access
control groups.
-
created_at String.
Timestamp indicating when the user profile was first
created.
-
email Optional string.
(unique) User's email address.
-
email_verified Boolean.
Indicates whether the user has verified their email
address.
-
enrolledFactors Optional array of objects.
An an array of authentication factors that the user has enrolled.
Elements include the following properties:
-
options Optional dictionary.
Additional options describing this instance of the enrolled
factor.
-
type String.
The type of authentication factor such as
push-notification , phone ,
email , otp ,
webauthn-roaming and
webauthn-platform .
-
family_name Optional string.
User's family name.
-
given_name Optional string.
User's given name.
-
-
groups Optional array of strings.
The groups a user belongs to.
-
identities Array of objects.
Contains info retrieved from the identity provider with which the
user originally authenticates. Users may also link their profile
to multiple identity providers; those identities will then also
appear in this array. The contents of an individual identity
provider object varies by provider.
Elements include the following properties:
-
connection Optional string.
Name of the Auth0 connection used to authenticate the
user.
-
isSocial Optional boolean.
Indicates whether the connection is a social one.
-
profileData Optional dictionary.
User information associated with the connection. When
profiles are linked, it is populated with the associated user
info for secondary accounts.
-
provider Optional string.
Name of the entity that is authenticating the user, such as
Facebook, Google, SAML, or your own provider.
-
user_id Optional string.
User's unique identifier for this connection/provider.
-
last_password_reset Optional string.
Timestamp indicating the last time the user's password was
reset/changed. At user creation, this field does not exist. This
property is only available for Database connections.
-
multifactor Optional array of strings.
List of multi-factor authentication (MFA) providers with which
the user is enrolled. This array is updated when the user enrolls
in MFA and when an administrator resets a user's MFA
enrollments.
-
name Optional string.
User's full name.
-
nickname Optional string.
User's nickname.
-
phone_number Optional string.
User's phone number. Only valid for users with SMS
connections.
-
phone_verified Optional boolean.
Indicates whether the user has verified their phone number. Only
valid for users with SMS connections.
-
picture Optional string.
URL pointing to the
user's profile picture.
-
updated_at String.
Timestamp indicating when the user's profile was last
updated/modified.
-
user_id String.
(unique) User's unique identifier.
-
user_metadata Dictionary.
Custom fields that store info about a user that does not impact
what they can or cannot access, such as work address, home
address, or user preferences.
-
username Optional string.
(unique) User's username.
|