Geoip doesn't always work

Hi! We have implemented the logging of geoip information using event.request.geoip in the onExecutePostLogin function. As described in this article:

However, we find that sometimes the geoip reports the incorrect location as “United States, Ashburn” when it should be “Brazil, Vila Velha” (for example).

For instance, this user logs in from Brazil but then logs in from the United States based on the geoip provided by the event. How is this possible? We have a ton of users that have this same issue where the login reports as “United States, Ashburn”. What might be the cause of this?

Here is our implementation

 exports.onExecutePostLogin = async (event, api) => {
   const metadata = {
    ip: event?.request?.ip,
    geoip: event?.request?.geoip,    
  }
  ...
  insertLoginEvent({
      user,
      metadata,
    });
  ...
}

Any help would be greatly appreciate in determining why the event.request.geoip is so inconsistent. Please help!

Hey there @adrian5 welcome to the community!

Interesting :thinking: I haven’t ever come across this behavior myself - Obviously the geoip isn’t 100% reliable given the use of VPNs, anonymizer services, etc. but that is curious you’re seeing a non-trivial number of events coming from the same locale in the United States. Have you been able to reproduce this with a user you own or are these isolated to other users?

Let us know!

@tyf I was able to reproduce it myself actually. I’m from Toronto, Canada. You can see below, it reported me as Toronto, Canada but also reports me as United States, Ashburn.

What’s interesting is when I login it reports the correct location but when I just visit the site without logging in after a long time its reporting as the incorrect location. That might give you a hint on what’s happening. It seems like the login action uses my IP but visiting the site uses the server’s IP. Note this only happens after a long time of inactivity and visiting the site.

Also the event that appears to be giving the wrong geoip is this one. Maybe I can filter out the location tracking when this event occurs?

" * Authorization Code for Access Token"

Also if I look up the IP address for that event it does give the United States, Ashborn location:

1 Like

Hey @adrian5 thanks for getting back to me!

Just looking at the code you shared, I believe this is expected behavior - Can you confirm that the actual geoip (geoip: event?.request?.geoip) object data is off? It makes sense to me that the IP (ip: event?.request?.ip) translates to a different location than the user given that Auth0 is making an outbound call, but the actual geoip data should be correct, unless a service is in use.

Regarding the Success Exchange event type: The IP is always going to be the IP as opposed to geoip of the user.

@tyf Ah okay. That makes sense.

So how do I filter out the “Success Exchange” event type and only track geoip for “Success Login” event types? Does the event have a property that I can check?

i.e.

if (event.type === "Success Login") {
 insertLoginEvent({
      user,
      metadata,
    });
}

Would this work to only track the geoip login of the user? Based on these docs.

if (event.type === "s") {
 insertLoginEvent({
      user,
      metadata,
    });
}

Those event types can be filtered in the logs sections of your tenant dashboard, but not in the action code itself. To only account for the geoip you should just be able to remove the IP bit of the code, like:

exports.onExecutePostLogin = async (event, api) => {
   const metadata = {
    geoip: event?.request?.geoip,    
  }
  ...
  insertLoginEvent({
      user,
      metadata,
    });
  ...
}

Does that make sense?

@tyf Thanks for the reply. I don’t think we are on the same page. I don’t want to remove the IP. I want to only log the LOGIN event in onExecutePostLogin if it’s a successful login event.

@tyf Is there a way to get the geoip from the log stream?

Hey @adrian5 - Thanks for clarifying!

I’ll admit I’m a bit confused on the ask here. Are you asking to filter out the “successful exchange” event in your tenant dashboard logs or are you seeing this event come through in your own logs as a result of the action code?

Unfortunately, as far as I’m aware (asking internally to confirm) geoip is not directly available in action details (if you were to log via action) nor in the log stream directly. You can however retrieve the geoip using the Management API via the /api/v2/logs/{id} endpoint OR should you log them through your Action, you can grab the execution ID from the log event and fetch the data from /api/v2/actions/executions/{id}

I came across the following feedback request, it might be worth adding your own to include geoip in log streaming by default.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.