Log Event Type Codes

The following table lists the codes associated with each log event. If you want to learn more about log event schemas, you can reference our GitHub repo.

Event Code Event Event Description
api_limit Rate Limit on the Authentication or Management APIs The maximum number of requests to the Authentication or Management APIs in given time has been reached.
cls Code/Link Sent Passwordless login code/link has been sent
cs Code Sent Passwordless login code has been sent
depnote Deprecation Notice
f Failed Login
fc Failed by Connector
fce Failed Change Email Failed to change user email
fco Failed by CORS Origin is not in the Allowed Origins list for the specified application
fcoa Failed cross-origin authentication
fcp Failed Change Password
fcph Failed Post Change Password Hook
fcpn Failed Change Phone Number
fcpr Failed Change Password Request
fcpro Failed Connector Provisioning Failed to provision a AD/LDAP connector
fcu Failed Change Username Failed to change username
fd Failed Delegation Failed to generate delegation token
fdeac Failed Device Activation Failed to activate device.
fdeaz Failed Device Authorization Request Device authorization request failed.
fdecc User Canceled Device Confirmation User did not confirm device.
fdu Failed User Deletion
feacft Failed Exchange Failed to exchange authorization code for Access Token
feccft Failed Exchange Failed exchange of Access Token for a Client Credentials Grant
fede Failed Exchange Failed to exchange Device Code for Access Token
fens Failed Exchange Failed exchange for Native Social Login
feoobft Failed Exchange Failed exchange of Password and OOB Challenge for Access Token
feotpft Failed Exchange Failed exchange of Password and OTP Challenge for Access Token
fepft Failed Exchange Failed exchange of Password for Access Token
fepotpft Failed Exchange Failed exchange of Passwordless OTP for Access Token
fercft Failed Exchange Failed Exchange of Password and MFA Recovery code for Access Token
fertft Failed Exchange Failed Exchange of Refresh Token for Access Token. This could occur if the refresh token is revoked or expired.
ferrt Failed Exchange Failed Exchange of Rotating Refresh Token. This could occur when reuse is detected.
fi Failed invite accept Failed to accept a user invitation. This could happen if the user accepts an invitation using a different email address than provided in the invitation, or due to a system failure while provisioning the invitation.
flo Failed Logout User logout failed
fn Failed Sending Notification Failed to send email notification
fp Failed Login (Incorrect Password)
fpar Failed Pushed Authorization Request
fs Failed Signup
fsa Failed Silent Auth
fu Failed Login (Invalid Email/Username)
fui Failed users import Failed to import users
fv Failed Verification Email Failed to send verification email
fvr Failed Verification Email Request Failed to process verification email request
gd_auth_failed MFA Auth failed Multi-factor authentication failed. This could happen due to a wrong code entered for SMS/Voice/Email/TOTP factors, or a system failure.
gd_auth_rejected MFA Auth rejected A user rejected a Multi-factor authentication request via push-notification.
gd_auth_succeed MFA Auth success Multi-factor authentication success.
gd_enrollment_complete MFA enrollment complete A first time MFA user has successfully enrolled using one of the factors.
gd_otp_rate_limit_exceed Too many failures A user sends more than 10 requests to their device within one hour.

Users can only send 10 OTP requests within an hour. If they exceed this limit, they must wait at least an hour to request another OTP. One additional attempt is allowed with the passage of each subsequent hour.

Note: The request limit does not reset upon a successful login event. Users must wait an hour after their first request to send another OTP to their device.
gd_recovery_failed Recovery failed A user enters a wrong recovery code when attempting to authenticate.
gd_recovery_rate_limit_exceed Too many failures A user enters a wrong recovery code too many times.
gd_recovery_succeed Recovery success A user successfully authenticates with a recovery code.
gd_send_email Email Sent Email for MFA successfully sent.
gd_send_pn Push notification sent Push notification for MFA successfully sent.
gd_send_pn_failure Push notification sent Push notification for MFA failed.
gd_send_sms SMS sent SMS for MFA successfully sent.
gd_send_sms_failure SMS sent failures Attempt to send SMS for MFA failed.
gd_send_voice Voice call made Voice call for MFA successfully made.
gd_send_voice_failure Voice call failure Attempt to make Voice call for MFA failed.
gd_start_auth Second factor started Second factor authentication event started for MFA.
gd_start_enroll Enroll started Multi-factor authentication enroll has started.
gd_start_enroll_failed Enrollment failed Push to start enrollement failed.
gd_tenant_update Guardian tenant update
gd_unenroll Unenroll device account Device used for second factor authentication has been unenrolled.
gd_update_device_account Update device account Device used for second factor authentication has been updated.
gd_webauthn_challenge_failed Enrollment challenge issued User failed to verify Webauthn factor.
gd_webauthn_enrollment_failed Enroll failed WebAuthn factor enrollment failed.
limit_delegation Too Many Calls to /delegation Rate limit exceeded to /delegation endpoint
limit_mu Blocked IP Address An IP address is blocked because it attempted too many failed logins without a successful login. Or an IP address is blocked because it attempted too many sign-ups, whether successful or failed. For more information, see Attack Protection.
limit_wc Blocked Account An IP address is blocked because it reached the maximum failed login attempts into a single account.
limit_sul Blocked Account A user is temporarily prevented from logging in because they reached the maximum logins per time period from the same IP address. For more information, see Attack Protection.
mfar MFA Required A user has been prompted for multi-factor authentication (MFA). When using Adaptive MFA, Auth0 includes details about the risk assessment.
mgmt_api_read Management API read Operation API GET operation returning secrets completed successfully
oidc_backchannel_logout_failed Failed OIDC Back-Channel Logout request Failed OIDC Back-Channel Logout request
oidc_backchannel_logout_succeeded Successful OIDC Back-Channel Logout request Successful OIDC Back-Channel Logout request
pla Pre-login assessment This log is generated before a login and helps in monitoring the behavior of bot detection without having to enable it.
pwd_leak Breached password Someone behind the IP address ip attempted to login with a leaked password.
resource_cleanup Refresh token excess warning Emitted when resources exceeding defined limits were removed.
s Success Login Successful login event.
sapi Success API Operation Successful management API write event.
sce Success Change Email
scoa Success cross-origin authentication
scp Success Change Password
scpn Success Change Phone Number
scpr Success Change Password Request
scu Success Change Username
sd Success Delegation
sdu Success User Deletion User successfully deleted
seacft Success Exchange Successful exchange of authorization code for Access Token
seccft Success Exchange Successful exchange of Access Token for a Client Credentials Grant
sede Success Exchange Successful exchange of device code for Access Token
sens Success Exchange Native Social Login
seoobft Success Exchange Successful exchange of Password and OOB Challenge for Access Token
seotpft Success Exchange Successful exchange of Password and OTP Challenge for Access Token
sepft Success Exchange Successful exchange of Password for Access Token
sercft Success Exchange Successful exchange of Password and MFA Recovery code for Access Token
sertft Success Exchange Successful exchange of Refresh Token for Access Token
si Successful invite accept Successfully accepted a user invitation
signup_pwd_leak Breached password Someone behind the IP address ip attempted to signup with a leaked password.
srrt Success Revocation Successfully revoked a Refresh Token
slo Success Logout User successfully logged out
ss Success Signup
ssa Success Silent Auth
sui Success users import Successfully imported users
sv Success Verification Email Successfully consumed email verification link
svr Success Verification Email Request Successfully called verification email endpoint. Verification email in queue to send.
ublkdu User login block released User block setup by anomaly detection has been released
w Warnings During Login Filters for logs of type warning during login

Learn more