Actions Triggers: post-challenge - Event Object

The event object for the post-challenge Actions trigger provides contextual information for a user resetting their password when logging in with Auth0.

Note: The event.user object does not include any top-level attributes added by an external identity provider.

Property Description

event.authentication

Details about authentication obtained during the password reset flow.

Includes the following properties:

  • methods Array of objects.

    Contains the authentication methods a user completed during their session.

    Returns one of the following objects:

    • Object.

      Includes the following properties:

      • name String.

        The name of the first factor completed during the session. Possible values include:

        • federated A social or enterprise connection was used to authenticate the user as the first factor.
        • pwd A database connection was used to authenticate the user as the first factor.
        • sms A Passwordless SMS connection was used to authenticate the user as the first factor.
        • email A Passwordless Email connection was used to authenticate the user as the first factor or verify email for password reset.
        • mock Used for internal testing.
        • string A custom authentication method denoted by a URL (as second or later factor).
      • timestamp String.
    • Object.

      Includes the following properties:

      • name The value mfa. The user completed multi-factor authentication (second or later factors).
      • timestamp String.
      • type Optional string.

        The type of the second (or later) factor that was used for multi-factor authentication (MFA), if available. Possible values include:

        • email MFA with email factor.
        • otp MFA with OTP factor.
        • push-notification MFA with push notification factor.
        • recovery-code MFA with recovery code factor.
        • phone MFA with SMS or voice factor.
        • webauthn-roaming MFA with WebAuthn factor.
        • webauthn-platform MFA with WebAuthn factor.

event.authorization

An object containing information that describes the authorization granted to the user logging in.

Includes the following properties:

  • roles Array of strings. An array containing the names of the user's assigned roles.

event.client

Information about the Client with which the password reset transaction was initiated.

Includes the following properties:

  • client_id String. The client id of the application the user is logging in to.
  • metadata Dictionary. An object for holding other application properties.
  • name String. The name of the application (as defined in the Dashboard).

event.connection

Details about the connection used to authenticate the user.

Includes the following properties:

  • id String. The connection's unique identifier.
  • metadata Optional dictionary. Metadata associated with the connection.
  • name String. The name of the connection used to authenticate the user (such as twitter or example-g-suite-domain).
  • strategy String. The type of connection.
    • For social connections, event.connection.strategy === event.connection.name.
    • For enterprise connections, the strategy is waad (Windows Azure AD), ad (Active Directory/LDAP), auth0 (database connections), and so on.

event.organization

(Optional)

Details about the Organization associated with the current transaction.

Includes the following properties:

  • display_name String. The friendly name of the Organization.
  • id String. The Organization identifier.
  • metadata Dictionary. Metadata associated with the Organization.
  • name String. The name of the Organization.

event.request

Details about the request that initiated the transaction.

Includes the following properties:

  • body Dictionary. The body of the POST request. This data is only available during refresh token and Client Credential Exchange flows.
  • geoip Object.

    Includes the following properties:

    • cityName Optional string.
    • continentCode Optional string.
    • countryCode Optional string.
    • countryCode3 Optional string.
    • countryName Optional string.
    • latitude Optional number.
    • longitude Optional number.
    • subdivisionCode Optional string.
    • subdivisionName Optional string.
    • timeZone Optional string.
  • hostname Optional string. The hostname used for the authentication flow.
  • ip String. The originating IP address of the request.
  • language Optional string. The language requested by the browser.
  • method String. The HTTP method used for the request.
  • query Dictionary. The query string parameters sent to the authorization request.
  • user_agent Optional string. The value of the User-Agent header received when initiating the transaction.

event.stats

Login statistics for the current user.

Includes the following properties:

  • logins_count Number. The number of times the user has logged in.

event.tenant

Details about the tenant associated with the current transaction.

Includes the following properties:

  • id String. The name of the tenant.

event.transaction

Details about the current transaction.

Includes the following properties:

  • locale String. The locale to use for this transaction as determined by comparing the browser's requested languages to the tenant's language settings.
  • login_hint Optional string. Hint to the Authorization Server about the login identifier the end-user might use when logging in, if necessary.
  • state Optional string. An opaque, arbitrary alphanumeric string your app adds to the initial request that Auth0 includes when redirecting back to your application.
  • ui_locales Array of strings. The ui_locales provided in the original authentication request.

event.user

An object describing the user associated with the current transaction.

Includes the following properties:

  • app_metadata Dictionary. Custom fields that store info about a user that influences the user's access, such as support plan, security roles, or access control groups.
  • created_at String. Timestamp indicating when the user profile was first created.
  • email Optional string. (unique) User's email address.
  • email_verified Boolean. Indicates whether the user has verified their email address.
  • enrolledFactors Optional array of objects.

    An array of authentication factors that the user has enrolled. An empty array indicates the user has not enrolled any factors. If enrolledFactors is undefined, the system could not fetch the information, and the user may or may not have enrolled any factors.

    Includes the following properties:

    • options Optional object.

      Additional options describing this instance of the enrolled factor.

    • type String. The type of authentication factor such as push-notification, phone, email, otp, webauthn-roaming and webauthn-platform.
  • family_name Optional string. User's family name.
  • given_name Optional string. User's given name.
  • identities Array of objects.

    Contains info retrieved from the identity provider originially used to authenticate the user. If a user has linked their profile to multiple identity providers, this array also contains those identities. The contents of an identity provider object vary by provider.

    Includes the following properties:

    • connection Optional string. Name of the Auth0 connection used to authenticate the user.
    • isSocial Optional boolean. Indicates whether a social connection was used.
    • profileData Optional dictionary. User information associated with the connection. If user profiles have been linked, profileData contains associated user data for secondary accounts.
    • provider Optional string. Name of the entity authenticating the user, such as Facebook, Google, SAML, or your own provider.
    • user_id Optional string. User's unique identifier for this connection or provider.
  • last_password_reset Optional string. Timestamp indicating the last time the user's password was updated. This field does not exist at user creation. This property is only available for Database connections.
  • name Optional string. User's full name.
  • nickname Optional string. User's nickname.
  • phone_number Optional string. User's phone number. Only valid for users with SMS connections.
  • phone_verified Optional boolean. Indicates whether the user has verified their phone number. Only valid for users with SMS connections.
  • picture Optional string. URL pointing to the user's profile picture.
  • updated_at String. Timestamp indicating when the user's profile was last updated.
  • user_id String. (unique) User's unique identifier.
  • user_metadata Dictionary. Custom fields that store user information that does not impact their level of access, such as work address, home address, or user preferences.
  • username Optional string. (unique) User's username.