Prompt Details in Tenant Logs
Auth0 tenant logs provide transaction details for user authentication actions. Tenant logs capture information from the sign-in, login, and verification processes for review. You can review how the user authenticated, which credentials they provided, length of transaction, and connection status.
Below are the default values captured in tenant logs:
| Attribute | Description |
|---|---|
completedAt |
Stage completion time, including user interaction time |
elapsedTime |
Difference between completedAt and initiatedAt |
flow |
Varies based on login experience (i.e., Universal or Classic) |
initiatedAt |
Stage start time |
name |
Name of the stage |
login
The login stage provides the following values:
| Attribute | Description |
|---|---|
flow |
Able to take two values dependent on Universal or Classic Login |
user_id |
Auth0 ID of the user authenticated in this stage |
user_name |
Name of the user authenticated in this stage |
Additional fields with the following information:
| Attribute | Description |
|---|---|
connection |
Connection used to authenticate the user |
connection_id |
ID of the connection used to authenticate the user |
strategy |
Strategy of the connection used to authenticate user |
identity |
Users’ authenticated identity |
Values for additional events in the login flow:
| Name | Universal Login Experience | Description |
|---|---|---|
federated-authenticate |
Universal | Federated connection used for authentication, social, legal, or enterprise |
lock-password-authenticate |
Classic | User authenticated with a username and password |
oauth1-authenticate |
Classic | User authenticated with an oauth1 federation |
oauth2-authenticate |
Classic | User authenticated with an oauth2 federation |
oidc-authenticate |
Classic | User authenticated with an oidc federation |
prompt-authenticate |
Universal | User authenticated with a username and password |
prompt-authenticate-password |
Universal | User authenticated with username and password in the idfirst flow |
prompt-signup |
Universal | User signed up using a username and password |
prompt-signup-password |
Universal | User signed up using username and password using the idfirst flow |
saml-authenticate |
Classic | User authenticated with a SAML federation |
wsfed-authenticate |
Classic | User authenticated with a WS-FED federation |
consent
The consent stage provides the following values:
| Attribute | Description |
|---|---|
grantInfo |
The {myApiIdentifier} or identifier of the API granted permission by the user |
audience |
Token audience |
id |
User grant persisted in the database |
scope |
Approved scope granted by the user |
login-email-verification
The email verification prompt provides the following values:
| Attribute | Description |
|---|---|
login-email-verification |
Is included if the email verification prompt was presented |
redirect
The redirect stage provides the following values:
| Attribute | Description |
|---|---|
URL |
URL the user was redirected to |
mfa
Multi-factor authentication provides the following values:
| Attribute | Description |
|---|---|
flow |
Can take two values depending if used with the Classic experience (mfa) or the Universal experience (universal-mfa). |
performed_acr |
acr that will be included in the id_token. |
performed_amr |
amr that will be included in the id_token. |
provider |
Provider used to perform mfa. |