Log Event Type Codes

The following table lists the codes associated with each log event. If you want to learn more about log event schemas, you can reference our GitHub repo.

Event Code Event Event Description
api_limit Rate Limit on the Authentication or Management APIs The maximum number of requests to the Authentication or Management APIs in a given time has been reached.
appi Notice for API Peak Performance initiated Increases the Elevated Public Authentication API Limits by the 100 RPS multiple purchased by the customer for up to 48 hours per month. For more information, see Public performance rate limit policy.
ciba_exchange_failed Failed CIBA Exchange Failed to exchange AuthReqId for Access Token
ciba_exchange_succeeded Successful CIBA Exchange Successful exchange of AuthReqId for Access Token
ciba_start_failed Failed CIBA Start Client-Initiated Backchannel Authentication Flow failed to be initiated.
ciba_start_succeeded Successful CIBA Start Client-Initiated Backchannel Authentication Flow has been successfully initiated.
cls Code/Link Sent Passwordless login code/link has been sent
cs Code Sent Passwordless login code has been sent
depnote Deprecation Notice
f Failed Login
fc Failed by Connector
fce Failed Change Email Failed to change user email
fco Failed by CORS Origin is not in the Allowed Origins list for the specified application
fcoa Failed cross-origin authentication
fcp Failed Change Password
fcph Failed Post Change Password Hook
fcpn Failed Change Phone Number
fcpr Failed Change Password Request
fcpro Failed Connector Provisioning Failed to provision an AD/LDAP connector
fcu Failed Change Username Failed to change username
fd Failed Delegation Failed to generate delegation token
fdeac Failed Device Activation Failed to activate device.
fdeaz Failed Device Authorization Request Device authorization request failed.
fdecc User Canceled Device Confirmation User did not confirm device.
fdu Failed User Deletion
feacft Failed Exchange Failed to exchange authorization code for Access Token
feccft Failed Exchange Failed exchange of Access Token for a Client Credentials Grant
fede Failed Exchange Failed to exchange Device Code for Access Token
fens Failed Exchange Failed exchange for Native Social Login
feoobft Failed Exchange Failed exchange of Password and OOB Challenge for Access Token
feotpft Failed Exchange Failed exchange of Password and OTP Challenge for Access Token
fepft Failed Exchange Failed exchange of Password for Access Token
fepotpft Failed Exchange Failed exchange of Passwordless OTP for Access Token
fercft Failed Exchange Failed Exchange of Password and MFA Recovery code for Access Token
ferrt Failed Exchange Failed Exchange of Rotating Refresh Token. This could occur when reuse is detected.
fertft Failed Exchange Failed Exchange of Refresh Token for Access Token. This could occur if the refresh token is revoked or expired.
fi Failed invite accept Failed to accept a user invitation. This could happen if the user accepts an invitation using a different email address than provided in the invitation, or due to a system failure while provisioning the invitation.
flo Failed Logout User logout failed
fn Failed Sending Notification Failed to send email notification
fp Failed Login (Incorrect Password)
fpar Failed Pushed Authorization Request
fs Failed Signup
fsa Failed Silent Auth
fu Failed Login (Invalid Email/Username)
fui Failed users import Failed to import users
fv Failed Verification Email Failed to send verification email
fvr Failed Verification Email Request Failed to process verification email request
gd_auth_email_verification Email Verification Confirmed Email verification completed successfully
gd_auth_fail_email_verification Email Verification Failed Email verification failed.
gd_auth_failed MFA Auth failed Multi-factor authentication failed. This could happen due to a wrong code entered for SMS/Voice/Email/TOTP factors, or a system failure.
gd_auth_rejected MFA Auth rejected A user rejected a Multi-factor authentication request via push-notification.
gd_auth_succeed MFA Auth success Multi-factor authentication success.
gd_enrollment_complete MFA enrollment complete A first time MFA user has successfully enrolled using one of the factors.
gd_otp_rate_limit_exceed Too many MFA failures A user sends more than 10 requests to their device within one hour. Note that the request limit does not reset upon a successful login event.
gd_recovery_failed Recovery failed A user enters a wrong recovery code when attempting to authenticate.
gd_recovery_rate_limit_exceed Multi-factor recovery code has failed too many times A user has entered a wrong recovery code too many times.
gd_recovery_succeed MFA recovery success A user successfully authenticates with a recovery code.
gd_send_email MFA Email Sent Email for MFA successfully sent.
gd_send_email_verification Email Verification Sent Verification email sent successfully.
gd_send_email_verification_failure Email Verification Failed Email verification failed.
gd_send_pn Push notification sent Push notification for MFA successfully sent.
gd_send_pn_failure Error Sending MFA Push Notification Push notification for MFA failed.
gd_send_sms MFA SMS Sent SMS for MFA successfully sent.
gd_send_sms_failure Error Sending MFA SMS Attempt to send SMS for MFA failed.
gd_send_voice MFA voice call success Voice call for MFA successfully made.
gd_send_voice_failure MFA voice call failed Attempt to make Voice call for MFA failed.
gd_start_auth Second factor started Second factor authentication event started for MFA.
gd_start_enroll MFA Enroll started Multi-factor authentication enroll has started.
gd_start_enroll_failed MFA Enrollment Failed Push to start enrollement failed.
gd_tenant_update Guardian tenant update
gd_unenroll Unenroll device account Device used for second factor authentication has been unenrolled.
gd_update_device_account Update device account Device used for second factor authentication has been updated.
gd_webauthn_challenge_failed WebAuthn browser error User failed to verify Webauthn factor.
gd_webauthn_enrollment_failed WebAuthn browser error WebAuthn browser enrollment failed.
kms_key_management_failure Failed KMS API Operation KMS operation failed
kms_key_management_success Success KMS API Operation KMS operation completed successfully
kms_key_state_changed KMS Key State Change KMS key state changed
limit_delegation Too Many Calls to /delegation Rate limit exceeded to `/delegation` endpoint
limit_mu Blocked IP Address An IP address is blocked because it attempted too many failed logins without a successful login. Or an IP address is blocked because it attempted too many sign-ups, whether successful or failed. For more information, see Attack Protection.
limit_sul Blocked Account A user is temporarily prevented from logging in because they reached the maximum logins per time period from the same IP address. For more information, see Attack Protection.
limit_wc Blocked Account An IP address is blocked because it reached the maximum failed login attempts into a single account.
mfar MFA Required A user has been prompted for multi-factor authentication (MFA). When using Adaptive MFA, Auth0 includes details about the risk assessment. Available in only the Resource Owner Password Flow.
mgmt_api_read Management API read Operation API GET operation returning secrets completed successfully
oidc_backchannel_logout_failed Failed OIDC Back-Channel Logout request Failed OIDC Back-Channel Logout request
oidc_backchannel_logout_succeeded Successful OIDC Back-Channel Logout request Successful OIDC Back-Channel Logout request
organization_member_added Organization Member Added Successfully added member to organization
pla Pre-login assessment This log is generated before a login and helps in monitoring the behavior of bot detection without having to enable it.
pwd_leak Breached password Someone behind the IP address ip attempted to login with a leaked password. The pwd_leak tenant log is emitted once per hour per IP address.
resource_cleanup Success Resource Cleanup Emitted when resources exceeding defined limits were removed.
rich_consents_access_error Rich Consents Access Error Error fetching a Rich Consent record
s Success Login Successful login event.
sapi Success API Operation Successful management API write event.
sce Success Change Email
scoa Success cross-origin authentication
scp Success Change Password
scpn Success Change Phone Number
scpr Success Change Password Request
scu Success Change Username
scv Success Credential Validation Successful credential validation event.
sd Success Delegation
sdu Success User Deletion User successfully deleted
seacft Success Exchange Successful exchange of authorization code for Access Token
seccft Success Exchange Successful exchange of Access Token for a Client Credentials Grant
sede Success Exchange Successful exchange of device code for Access Token
sens Success Exchange Native Social Login
seoobft Success Exchange Successful exchange of Password and OOB Challenge for Access Token
seotpft Success Exchange Successful exchange of Password and OTP Challenge for Access Token
sepft Success Exchange Successful exchange of Password for Access Token
sepkoobft Success Exchange Successful exchange of Passkey and OOB Challenge for Access Token
sepkotpft Success Exchange Successful exchange of Passkey and OTP Challenge for Access Token
sepkrcft Success Exchange Successful exchange of Passkey and MFA Recovery Code for Access Token
sercft Success Exchange Successful exchange of Password and MFA Recovery code for Access Token
sertft Success Exchange Successful exchange of Refresh Token for Access Token
si Successfully accepted a user invite Successfully accepted a user invitation
signup_pwd_leak Breached Password on Signup Someone behind the IP address ip attempted to signup with a leaked password.
slo Success Logout User successfully logged out
srrt Success Revocation Successfully revoked a Refresh Token
ss Success Signup
ss_sso_failure Failed SS-SSO Operation Ticket generation/consumption failed; Connection creation/update/enablement failed
ss_sso_info Information from an SS-SSO Operation Try-connection flow started/completed
ss_sso_success Success SS-SSO Operation Ticket generated/consumed successfully; Connection created/updated/enabled successfully
ssa Success Silent Auth
sui Successfully imported users Successfully imported users
sv Success Verification Email Successfully consumed email verification link
svr Success Verification Email Request Successfully called verification email endpoint. Verification email in queue to send.
ublkdu User login block released User block setup by anomaly detection has been released
w Warning During Login Filters for logs of type warning during login
wum Warning User Management Filters for logs of type warning during user management operations

Learn more