Log Event Type Codes
The following table lists the codes associated with each log event. If you want to learn more about log event schemas, you can reference our GitHub repo.
Event Code | Event | Event Description |
---|---|---|
api_limit |
Rate Limit on the Authentication or Management APIs | The maximum number of requests to the Authentication or Management APIs in given time has been reached. |
cls |
Code/Link Sent | Passwordless login code/link has been sent |
cs |
Code Sent | Passwordless login code has been sent |
depnote |
Deprecation Notice | |
f |
Failed Login | |
fc |
Failed by Connector | |
fce |
Failed Change Email | Failed to change user email |
fco |
Failed by CORS | Origin is not in the Allowed Origins list for the specified application |
fcoa |
Failed cross-origin authentication | |
fcp |
Failed Change Password | |
fcph |
Failed Post Change Password Hook | |
fcpn |
Failed Change Phone Number | |
fcpr |
Failed Change Password Request | |
fcpro |
Failed Connector Provisioning | Failed to provision a AD/LDAP connector |
fcu |
Failed Change Username | Failed to change username |
fd |
Failed Delegation | Failed to generate delegation token |
fdeac |
Failed Device Activation | Failed to activate device. |
fdeaz |
Failed Device Authorization Request | Device authorization request failed. |
fdecc |
User Canceled Device Confirmation | User did not confirm device. |
fdu |
Failed User Deletion | |
feacft |
Failed Exchange | Failed to exchange authorization code for Access Token |
feccft |
Failed Exchange | Failed exchange of Access Token for a Client Credentials Grant |
fede |
Failed Exchange | Failed to exchange Device Code for Access Token |
fens |
Failed Exchange | Failed exchange for Native Social Login |
feoobft |
Failed Exchange | Failed exchange of Password and OOB Challenge for Access Token |
feotpft |
Failed Exchange | Failed exchange of Password and OTP Challenge for Access Token |
fepft |
Failed Exchange | Failed exchange of Password for Access Token |
fepotpft |
Failed Exchange | Failed exchange of Passwordless OTP for Access Token |
fercft |
Failed Exchange | Failed Exchange of Password and MFA Recovery code for Access Token |
fertft |
Failed Exchange | Failed Exchange of Refresh Token for Access Token. This could occur if the refresh token is revoked or expired. |
ferrt |
Failed Exchange | Failed Exchange of Rotating Refresh Token. This could occur when reuse is detected. |
fi |
Failed invite accept | Failed to accept a user invitation. This could happen if the user accepts an invitation using a different email address than provided in the invitation, or due to a system failure while provisioning the invitation. |
flo |
Failed Logout | User logout failed |
fn |
Failed Sending Notification | Failed to send email notification |
fp |
Failed Login (Incorrect Password) | |
fpar |
Failed Pushed Authorization Request | |
fs |
Failed Signup | |
fsa |
Failed Silent Auth | |
fu |
Failed Login (Invalid Email/Username) | |
fui |
Failed users import | Failed to import users |
fv |
Failed Verification Email | Failed to send verification email |
fvr |
Failed Verification Email Request | Failed to process verification email request |
gd_auth_failed |
MFA Auth failed | Multi-factor authentication failed. This could happen due to a wrong code entered for SMS/Voice/Email/TOTP factors, or a system failure. |
gd_auth_rejected |
MFA Auth rejected | A user rejected a Multi-factor authentication request via push-notification. |
gd_auth_succeed |
MFA Auth success | Multi-factor authentication success. |
gd_enrollment_complete |
MFA enrollment complete | A first time MFA user has successfully enrolled using one of the factors. |
gd_otp_rate_limit_exceed |
Too many failures | A user sends more than 10 requests to their device within one hour. Users can only send 10 OTP requests within an hour. If they exceed this limit, they must wait at least an hour to request another OTP. One additional attempt is allowed with the passage of each subsequent hour. Note: The request limit does not reset upon a successful login event. Users must wait an hour after their first request to send another OTP to their device. |
gd_recovery_failed |
Recovery failed | A user enters a wrong recovery code when attempting to authenticate. |
gd_recovery_rate_limit_exceed |
Too many failures | A user enters a wrong recovery code too many times. |
gd_recovery_succeed |
Recovery success | A user successfully authenticates with a recovery code. |
gd_send_email |
Email Sent | Email for MFA successfully sent. |
gd_send_pn |
Push notification sent | Push notification for MFA successfully sent. |
gd_send_pn_failure |
Push notification sent | Push notification for MFA failed. |
gd_send_sms |
SMS sent | SMS for MFA successfully sent. |
gd_send_sms_failure |
SMS sent failures | Attempt to send SMS for MFA failed. |
gd_send_voice |
Voice call made | Voice call for MFA successfully made. |
gd_send_voice_failure |
Voice call failure | Attempt to make Voice call for MFA failed. |
gd_start_auth |
Second factor started | Second factor authentication event started for MFA. |
gd_start_enroll |
Enroll started | Multi-factor authentication enroll has started. |
gd_start_enroll_failed |
Enrollment failed | Push to start enrollement failed. |
gd_tenant_update |
Guardian tenant update | |
gd_unenroll |
Unenroll device account | Device used for second factor authentication has been unenrolled. |
gd_update_device_account |
Update device account | Device used for second factor authentication has been updated. |
gd_webauthn_challenge_failed |
Enrollment challenge issued | User failed to verify Webauthn factor. |
gd_webauthn_enrollment_failed |
Enroll failed | WebAuthn factor enrollment failed. |
limit_delegation |
Too Many Calls to /delegation | Rate limit exceeded to /delegation endpoint |
limit_mu |
Blocked IP Address | An IP address is blocked because it attempted too many failed logins without a successful login. Or an IP address is blocked because it attempted too many sign-ups, whether successful or failed. For more information, see Attack Protection. |
limit_wc |
Blocked Account | An IP address is blocked because it reached the maximum failed login attempts into a single account. |
limit_sul |
Blocked Account | A user is temporarily prevented from logging in because they reached the maximum logins per time period from the same IP address. For more information, see Attack Protection. |
mfar |
MFA Required | A user has been prompted for multi-factor authentication (MFA). When using Adaptive MFA, Auth0 includes details about the risk assessment. |
mgmt_api_read |
Management API read Operation | API GET operation returning secrets completed successfully |
oidc_backchannel_logout_failed |
Failed OIDC Back-Channel Logout request | Failed OIDC Back-Channel Logout request |
oidc_backchannel_logout_succeeded |
Successful OIDC Back-Channel Logout request | Successful OIDC Back-Channel Logout request |
pla |
Pre-login assessment | This log is generated before a login and helps in monitoring the behavior of bot detection without having to enable it. |
pwd_leak |
Breached password | Someone behind the IP address ip attempted to login with a leaked password. |
resource_cleanup |
Refresh token excess warning | Emitted when resources exceeding defined limits were removed. |
s |
Success Login | Successful login event. |
sapi |
Success API Operation | Successful management API write event. |
sce |
Success Change Email | |
scoa |
Success cross-origin authentication | |
scp |
Success Change Password | |
scpn |
Success Change Phone Number | |
scpr |
Success Change Password Request | |
scu |
Success Change Username | |
sd |
Success Delegation | |
sdu |
Success User Deletion | User successfully deleted |
seacft |
Success Exchange | Successful exchange of authorization code for Access Token |
seccft |
Success Exchange | Successful exchange of Access Token for a Client Credentials Grant |
sede |
Success Exchange | Successful exchange of device code for Access Token |
sens |
Success Exchange | Native Social Login |
seoobft |
Success Exchange | Successful exchange of Password and OOB Challenge for Access Token |
seotpft |
Success Exchange | Successful exchange of Password and OTP Challenge for Access Token |
sepft |
Success Exchange | Successful exchange of Password for Access Token |
sercft |
Success Exchange | Successful exchange of Password and MFA Recovery code for Access Token |
sertft |
Success Exchange | Successful exchange of Refresh Token for Access Token |
si |
Successful invite accept | Successfully accepted a user invitation |
signup_pwd_leak |
Breached password | Someone behind the IP address ip attempted to signup with a leaked password. |
srrt |
Success Revocation | Successfully revoked a Refresh Token |
slo |
Success Logout | User successfully logged out |
ss |
Success Signup | |
ssa |
Success Silent Auth | |
sui |
Success users import | Successfully imported users |
sv |
Success Verification Email | Successfully consumed email verification link |
svr |
Success Verification Email Request | Successfully called verification email endpoint. Verification email in queue to send. |
ublkdu |
User login block released | User block setup by anomaly detection has been released |
w |
Warnings During Login | Filters for logs of type warning during login |