failed_on_behalf_of_token_exchange
Failed Exchange via On-Behalf-Of Token Exchange
The audience in the JWT associated with the request.
Client name associated with the client_id, when available. May be empty string.
Description of the event. This can also contain a description of the issue for failure logs.
Log details
The name of the environment where the event occurred
"prod-eu-1"
"prod-us-1"
The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.
The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like sapi and mgmt_api_read this should be the IP of the admin using the manage dashboard.
Log id
Tenant name
Failed Exchange via On-Behalf-Of Token Exchange
"failed_on_behalf_of_token_exchange"Event schema meta
Stable identifier for the agent acting as principal in this flow. Present when an Auth0 Agent has been granted authority via token exchange and is acting on behalf of a user or itself.
The client or SDK used to do this request, if any. This is based on the Auth0-Client HTTP header.
Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.
The date when the event occurred in ISO 8601 format
"2024-01-15T10:30:00.000Z"
Whether the request originated from a mobile device. Only present when user_agent is available.
List of scopes in the JWT, either as an array like ["read:logs","read:users"] or a space-separated list of scopes like read:logs read:users delete:clients
The user_agent behind this log, when available
"Chrome 120.0.0 / Mac OS X 10.15.7"