Confirming that a CAPTCHA was Presented to a User and Correlate to a Successful Login

Problem statement

How to confirm that a CAPTCHA was presented to a user and that this is correlated to a successful login?


  • In the Auth0 Dashboard (Security > Attack Protection > Bot Detection) switch on “Enable tenant logs for risk assessment” for additional logging
  • Under “Response” select the CAPTCHA service and set “Enforce CAPTCHA” to “When Risky”.

An end user login will provide a tenant log with event type “pla” Log Event Type Codes . This log entry will contain a boolean details.requiresVerification property. When this field is “true” a CAPTCHA was presented to the user. When the field is “false” a CAPTCHA was not presented to a user.

The “pla” log entry will also have a details.session_id field. The related event type “s” (successful login) event will have a matching details.session_id field so this can be used for correlation to a successful login.