Discrepancies Between Last Login and Login Logs in Auth0

Knowledge Articles
1

Overview

This article explains why a user’s last_login field in the Auth0 user profile indicates a recent login, but there are no corresponding login logs for that time period in the tenant’s Logs or log streaming. This situation can cause confusion during auditing or security reviews.

Applies To

  • Logs
  • Monitoring
  • Actions

Cause

The discrepancy typically arises due to the way the login flow and logging mechanisms work in Auth0.

The key points to understand are:

Last Login Field Update:

The last_login field is updated when a user initiates the login flow and provides valid credentials. This can happen even if the login flow is not fully completed.

Login Logs:

A login log is created only when the authentication flow is finalized. If the flow is interrupted (for example, if the user closes the browser or device mid-login) or improperly implemented, like the /continue endpoint in Actions is not hit, no login log will be generated.

Scenarios Leading to Discrepancy

Incomplete Login Flow:

  1. The user initiated the login flow but did not finalize it due to actions like closing the browser/device mid-login.
  2. The /continue endpoint in the login flow wasn’t properly invoked, resulting in an incomplete flow.

Solution

To address this issue and prevent discrepancies, ensure Proper Implementation of Actions with Redirects:

Verify that all redirects in the login flow are correctly finalized by invoking the /continue endpoint. This ensures that the login flow completes successfully, creating the corresponding login log.

  • Refer to Auth0 documentation Resume the authentication flow for more details on implementing redirects.
  • If the behavior persists or you need further assistance reviewing your implementation, contact Auth0 support or your Technical Account Manager (TAM).

Key Notes

  • This is not a security issue, as sessions are only created after valid credentials are provided.
  • To improve traceability, ensure all login flows are finalized properly.
  • For any additional updates on the backlog item, coordinate with your TAM or submit a follow-up support request.