Hi! We have implemented the logging of geoip information using event.request.geoip in the onExecutePostLogin function. As described in this article:
However, we find that sometimes the geoip reports the incorrect location as “United States, Ashburn” when it should be “Brazil, Vila Velha” (for example).
For instance, this user logs in from Brazil but then logs in from the United States based on the geoip provided by the event. How is this possible? We have a ton of users that have this same issue where the login reports as “United States, Ashburn”. What might be the cause of this?
Interesting I haven’t ever come across this behavior myself - Obviously the geoip isn’t 100% reliable given the use of VPNs, anonymizer services, etc. but that is curious you’re seeing a non-trivial number of events coming from the same locale in the United States. Have you been able to reproduce this with a user you own or are these isolated to other users?
@tyf I was able to reproduce it myself actually. I’m from Toronto, Canada. You can see below, it reported me as Toronto, Canada but also reports me as United States, Ashburn.
What’s interesting is when I login it reports the correct location but when I just visit the site without logging in after a long time its reporting as the incorrect location. That might give you a hint on what’s happening. It seems like the login action uses my IP but visiting the site uses the server’s IP. Note this only happens after a long time of inactivity and visiting the site.
Just looking at the code you shared, I believe this is expected behavior - Can you confirm that the actual geoip (geoip: event?.request?.geoip) object data is off? It makes sense to me that the IP (ip: event?.request?.ip) translates to a different location than the user given that Auth0 is making an outbound call, but the actual geoip data should be correct, unless a service is in use.
Regarding the Success Exchange event type: The IP is always going to be the IP as opposed to geoip of the user.
So how do I filter out the “Success Exchange” event type and only track geoip for “Success Login” event types? Does the event have a property that I can check?
Those event types can be filtered in the logs sections of your tenant dashboard, but not in the action code itself. To only account for the geoip you should just be able to remove the IP bit of the code, like:
@tyf Thanks for the reply. I don’t think we are on the same page. I don’t want to remove the IP. I want to only log the LOGIN event in onExecutePostLogin if it’s a successful login event.
I’ll admit I’m a bit confused on the ask here. Are you asking to filter out the “successful exchange” event in your tenant dashboard logs or are you seeing this event come through in your own logs as a result of the action code?
Unfortunately, as far as I’m aware (asking internally to confirm) geoip is not directly available in action details (if you were to log via action) nor in the log stream directly. You can however retrieve the geoip using the Management API via the /api/v2/logs/{id} endpoint OR should you log them through your Action, you can grab the execution ID from the log event and fetch the data from /api/v2/actions/executions/{id}
I came across the following feedback request, it might be worth adding your own to include geoip in log streaming by default.