event object for the post-login Actions trigger provides contextual information about the trigger execution.
event.authentication
Details about authentication signals obtained during the login flow.
Hide authentication properties
Hide authentication properties
Contains the authentication methods a user has completed during their session.Array elements can be one of the following schemas:
- First Factor
- Multi-factor Authentication
The name of the first factor that was completed. Values include the following:
federatedA social or enterprise connection was used to authenticate the user as the first factor.pwdA password was used to authenticate a database connection user as the first factor.passkeyA passkey was used to authenticate a database connection user as the first factor.smsA Passwordless SMS connection was used to authenticate the user as the first factor.emailA Passwordless Email connection was used to authenticate the user as the first factor or verify email for password reset.phone_numberA phone number was used for password reset.mockUsed for internal testing.- May also be a URL denoting a custom authentication method (as second or later factor).
Details about risk assessments obtained during the login or password reset flow.
Hide riskAssessment properties
Hide riskAssessment properties
Show assessments properties
Show assessments properties
Determines if the user is logging in from a location signaling impossible travel.
Show ImpossibleTravel properties
Show ImpossibleTravel properties
Possible values:
minimal_travel_from_last_logintravel_from_last_loginsubstantial_travel_from_last_loginimpossible_travel_from_last_logininvalid_travelmissing_geoipanonymous_proxyunknown_locationinitial_loginlocation_history_not_foundassessment_not_available
Allowed values:
low, medium, high, neutralDetermines if the user is logging in from a known device.
Show NewDevice properties
Show NewDevice properties
Possible values:
initial_loginassessment_not_availablematchpartial_matchno_matchunknown_deviceno_device_history
Allowed values:
low, medium, high, neutralShows if the IP was found in Auth0’s repository of low reputation IPs.
Show UntrustedIP properties
Show UntrustedIP properties
Allowed values:
assessment_not_available, not_found_on_deny_list, found_on_deny_list, invalid_ip_addressAllowed values:
low, medium, high, neutralOverall risk scoreAllowed values:
low, medium, high, neutral[Limited Early Access] Supplemental risk assessment.
Show supplemental properties
Show supplemental properties
[Limited Early Access] Supplemental risk assessment.
Show akamai properties
Show akamai properties
The bot detection results as forwarded by Akamai Bot Manager.
Show akamaiBot properties
Show akamaiBot properties
The type of the Akamai bot manager results.
The action of the Akamai bot manager results.
The bot category of the Akamai bot manager results.
The bot score of the Akamai bot manager results.
The bot score response segment of the Akamai bot manager results.
The botnet ID of the Akamai bot manager results.
The user risk detection results as forwarded by Akamai Account Protector.
Show akamaiUserRisk properties
Show akamaiUserRisk properties
The action of the Akamai user risk assessment.
The allowed status of the Akamai user risk assessment.
The email domain of the user.
The general risk of the Akamai user risk assessment.
The OUID of the user.
The request ID of the user.
The risk of the Akamai user risk assessment.
The score of the Akamai user risk assessment.
The status of the Akamai user risk assessment.
The trust of the Akamai user risk assessment.
The username of the user.
The UUID of the Akamai user risk assessment.
event.authorization
An object containing information describing the authorization granted to the user who is logging in.
Hide authorization properties
Hide authorization properties
An array containing the names of a user’s assigned roles.
event.client
Information about the Client with which this login transaction was initiated.
Hide client properties
Hide client properties
The client id of the application to which the user is logging in.
An object for holding other application properties.
The name of the application (as defined in the Dashboard).
[Private Early Access] An object for holding refresh token configuration properties.
Hide refresh_token properties
Hide refresh_token properties
[Private Early Access] A collection of policies governing multi-resource refresh token exchange (MRRT), defining how refresh tokens can be used across different resource servers
event.connection
Details about the Connection that was used to authenticate the user.
Hide connection properties
Hide connection properties
The connection’s unique identifier.
Metadata associated with the connection.
The name of the connection used to authenticate the user (such as
twitter or some-g-suite-domain).The type of connection. For social connections,
event.connection.strategy === event.connection.name. For enterprise connections, the strategy is waad (Windows Azure AD), ad (Active Directory/LDAP), auth0 (database connections), and so on.event.custom_domain
event.organization
event.prompt
event.refresh_token
[Enterprise Customers] The current refresh token.
Hide refresh_token properties
Hide refresh_token properties
[Enterprise Customers] The ID of the refresh token.
[Enterprise Customers] The ID of the client associated with the refresh token.
[Enterprise Customers] Timestamp of when the refresh token was created.
Hide device properties
Hide device properties
[Enterprise Customers] First autonomous system number associated with this refresh token.
[Enterprise Customers] First IP address associated with this refresh token.
[Enterprise Customers] First user agent of the device associated with this refresh token.
[Enterprise Customers] Last autonomous system number from which this refresh token was last exchanged.
[Enterprise Customers] Last IP address from which this refresh token was last exchanged.
[Enterprise Customers] Last user agent of the device from which this refresh token was last exchanged.
[Enterprise Customers] Timestamp of when the refresh token will absolutely expire.
[Enterprise Customers] Timestamp of when the refresh token will idle expire.
[Enterprise Customers] Timestamp of when the refresh token was last successfully exchanged.
[Enterprise Customers] If the refresh token is a rotating refresh token.
[Enterprise Customers] The ID of the session bound to the refresh token.
[Enterprise Customers] This object is defined when the session is created from a session transfer token (Native to Web SSO), undefined otherwise.
Hide session_transfer properties
Hide session_transfer properties
[Enterprise Customers] This object is defined when the refresh token is created from a session initiated as a result of session transfer (Native to Web SSO), undefined otherwise.
Show parent_refresh_token properties
Show parent_refresh_token properties
[Enterprise Customers] The ID of the parent refresh token from which this session/refresh token was created as a result of a session transfer (Native to Web SSO).
[Enterprise Customers] The ID of the user bound to the refresh token.
event.request
Details about the request that initiated the transaction.
Hide request properties
Hide request properties
The ASN (autonomous system number) of the user-agent making the request.
The body of the POST request. This data will only be available during refresh token and Client Credential Exchange flows and Post Login Action.
The hostname that is being used for the authentication flow.
The originating IP address of the request.
The language requested by the browser.
The HTTP method used for the request
The query string parameters sent to the authorization request.
The value of the
User-Agent header received when initiating the transaction.event.resource_server
Details about the resource server to which the access is being requested.
Hide resource_server properties
Hide resource_server properties
The identifier of the resource server. For example:
https://your-api.example.com.event.security_context
An object containing fingerprint signatures. This will be available only if the client is using cloudflare. The JA3/JA4 fingerprint can be null or empty in some cases. The most common case is for HTTP requests because JA3 and JA4 are calculated in TLS. It can also be empty due to the Worker sending requests within the same zone or to a zone that is not proxied (or a third party).
event.session
The current login session.
Hide session properties
Hide session properties
The ID of the current session.
[Enterprise Customers] The date and time when the session was last authenticated.
[Enterprise Customers] List of client details for the session.
Hide clients properties
Hide clients properties
[Enterprise Customers] ID of client for the session.
[Enterprise Customers] Cookie configuration for the session, which determines how the session cookie is handled by the User Agent.
Hide cookie properties
Hide cookie properties
[Enterprise Customers] The persistence mode of the session cookie. When set to ‘non-persistent’ (ephemeral), the cookie will be deleted when the browser is closed. When set to ‘persistent’, the cookie will be stored until it expires or is deleted by the user.Allowed values:
persistent, non-persistent[Enterprise Customers] The date and time when the session was created.
[Enterprise Customers] Metadata related to the device used in the session.
Hide device properties
Hide device properties
[Enterprise Customers] First autonomous system number associated with this session.
[Enterprise Customers] First IP address associated with this session.
[Enterprise Customers] First user agent of the device associated with this session.
[Enterprise Customers] Last autonomous system number from which this user logged in.
[Enterprise Customers] Last IP address from which this user logged in.
[Enterprise Customers] Last user agent of the device from which this user logged in.
[Enterprise Customers] The date and time when the session will expire.
[Enterprise Customers] The date and time when the session will expire if idle.
[Enterprise Customers] The date and time when the session was last successfully interacted with.
[Enterprise Customers] [Limited Early Access] Session Metadata
[Enterprise Customers] [Limited Early Access] This object is defined when the session is created from a session transfer token (Native to Web SSO), undefined otherwise.
Hide session_transfer properties
Hide session_transfer properties
[Enterprise Customers] This object is defined when the refresh token is created from a session initiated as a result of session transfer (Native to Web SSO), undefined otherwise.
Show parent_refresh_token properties
Show parent_refresh_token properties
[Enterprise Customers] The ID of the parent refresh token from which this session/refresh token was created as a result of a session transfer (Native to Web SSO).
[Enterprise Customers] The metadata of the parent refresh token from which this session/refresh token was created as a result of a session transfer (Native to Web SSO).
[Enterprise Customers] The date and time when the session was last updated.
[Enterprise Customers] ID of the user which can be used when interacting with other APIs.
event.session_transfer_token
[Private Early Access] Details of the current session transfer token being used to establish Single Sign-On (SSO) from a native application to a web application.
Hide session_transfer_token properties
Hide session_transfer_token properties
[Private Early Access] The client identifier of the application that issued the token.
[Private Early Access] Details about the request that issued the token.
Hide request properties
Hide request properties
[Private Early Access] The Autonomous System Number (ASN) associated with the request that issued the token.
[Private Early Access] The IP address associated with the request that issued the token.
[Private Early Access] The User-Agent string of the device that issued the token.
[Private Early Access] The scopes requested when the token was issued.
event.stats
Login statistics for the current user.
Hide stats properties
Hide stats properties
The number of times this user has logged in.
event.tenant
Details about the Tenant associated with the current transaction.
Hide tenant properties
Hide tenant properties
The name of the tenant.
event.transaction
Details about the current transaction.
Hide transaction properties
Hide transaction properties
Unique identifier for the transaction. Populated for all browser-based login flows.
Any acr_values provided in the original authentication request.
Dynamic Linking ID that allows developers to reference this transaction.
The locale to be used for this transaction as determined by comparing the browser’s requested languages to the tenant’s language settings.
Hint to the Authorization Server about the login identifier the End-User might use to log in (if necessary).
List of instructions indicating whether the user may be prompted for re-authentication and consent.
Possible values:
oidc-basic-profileoidc-cibaoidc-ciba-web-linkoidc-implicit-profileoauth2-device-codeoauth2-resource-owneroauth2-resource-owner-jwt-beareroauth2-passwordoauth2-webauthnoauth2-access-tokenoauth2-refresh-tokenoauth2-token-exchangeoidc-hybrid-profilesamlpwsfedwstrust-usernamemixed
The URL to which Auth0 will redirect the browser after the transaction is completed.
The details of a rich authorization request per Section 2 of the Rich Authorization Requests spec at https://datatracker.ietf.org/doc/html/draft-ietf-oauth-rar#section-2.
Hide requested_authorization_details properties
Hide requested_authorization_details properties
The type of authorization details as a string. The value of the type field determines the allowable contents of the object which contains it.
The scopes requested (if any) when starting this authentication flow.
Informs the Authorization Server of the mechanism to be used for returning parameters from the Authorization Endpoint.Allowed values:
query, fragment, form_post, web_messageDenotes the kind of credential that Auth0 will return.
An opaque arbitrary alphanumeric string your app adds to the initial request that Auth0 includes when redirecting back to your application.
The ui_locales provided in the original authentication request.
Correlation ID can be provided in the initial authentication request when the application redirects to Universal Login. You can use value to correlate logs and requests from your Action code with the user flow.
An object containing shared data across custom Actions for the duration of a transaction.
event.user
An object describing the user on whose behalf the current transaction was initiated.
Hide user properties
Hide user properties
Custom fields that store info about a user that influences the user’s access, such as support plan, security roles, or access control groups.
Timestamp indicating when the user profile was first created.
(unique) User’s email address.
Indicates whether the user has verified their email address.
User’s family name.
User’s given name.
Timestamp indicating the last time the user’s password was reset/changed. At user creation, this field does not exist. This property is only available for Database connections.
User’s full name.
User’s nickname.
User’s phone number.
Indicates whether the user has verified their phone number.
URL pointing to the user’s profile picture.
Timestamp indicating when the user’s profile was last updated/modified.
(unique) User’s unique identifier.
Custom fields that store info about a user that does not impact what they can or cannot access, such as work address, home address, or user preferences.
(unique) User’s username.
An an array of authentication factors that the user has enrolled.
List of multi-factor authentication (MFA) providers with which the user is enrolled. This array is updated when the user enrolls in MFA and when an administrator resets a user’s MFA enrollments.
Contains info retrieved from the identity provider with which the user originally authenticates. Users may also link their profile to multiple identity providers; those identities will then also appear in this array. The contents of an individual identity provider object varies by provider.
Hide identities element properties
Hide identities element properties
Name of the Auth0 connection used to authenticate the user.
Indicates whether the connection is a social one.
User information associated with the connection. When profiles are linked, it is populated with the associated user info for secondary accounts.
Name of the entity that is authenticating the user, such as Facebook, Google, SAML, or your own provider.
User’s unique identifier for this connection/provider.
event.secrets
Secret values securely associated with this Action.