| ciba_exchange_succeeded |
Successful CIBA Exchange |
Successful exchange of AuthReqId for Access Token |
| ciba_start_failed |
Failed CIBA Start |
Client-Initiated Backchannel Authentication Flow failed to be initiated. |
| ciba_start_succeeded |
Successful CIBA Start |
Client-Initiated Backchannel Authentication Flow has been successfully initiated. |
| f |
Failed Login |
|
| fce |
Failed Change Email |
Failed to change user email |
fcoa |
Failed cross-origin authentication |
|
fcp |
Failed Change Password |
|
fcpn |
Failed Change Phone Number |
|
| fcu |
Failed Change Username |
Failed to change username |
| fd |
Failed Delegation |
Failed to generate delegation token |
| fdeac |
Failed Device Activation |
Failed to activate device. |
| fdeaz |
Failed Device Authorization Request |
Device authorization request failed. |
| fdecc |
User Canceled Device Confirmation |
User did not confirm device. |
| fdu |
Failed User Deletion |
|
| feacft |
Failed Exchange |
Failed to exchange authorization code for Access Token |
| feccft |
Failed Exchange |
Failed exchange of Access Token for a Client Credentials Grant |
| fecte |
Failed Exchange |
Failed Exchange via Custom Token Exchange |
| fede |
Failed Exchange |
Failed to exchange Device Code for Access Token |
| federated_logout_failed |
Failed Federated Logout |
Failed to logout of the upstream Identity Provider |
| fens |
Failed Exchange |
Failed exchange for Native Social Login |
| feoobft |
Failed Exchange |
Failed exchange of Password and OOB Challenge for Access Token |
| feotpft |
Failed Exchange |
Failed exchange of Password and OTP Challenge for Access Token |
| fepft |
Failed Exchange |
Failed exchange of Password for Access Token |
| fepotpft |
Failed Exchange |
Failed exchange of Passwordless OTP for Access Token |
| fercft |
Failed Exchange |
Failed Exchange of Password and MFA Recovery code for Access Token |
| ferrt |
Failed Exchange |
Failed Exchange of Rotating Refresh Token. This could occur when reuse is detected. |
| fertft |
Failed Exchange |
Failed Exchange of Refresh Token for Access Token. This could occur if the refresh token is revoked or expired. |
fi |
Failed invite accept" |
Failed to accept a user invitation. This could happen if the user accepts an invitation using a different email address than provided in the invitation, or due to a system failure while provisioning the invitation. |
flo |
Failed Logout |
User logout failed |
fp |
Failed Login (Incorrect Password) |
|
fpar |
Failed Pushed Authorization Request |
|
| fs |
Failed Signup |
|
| fsa |
Failed Silent Auth |
|
| fu |
Failed Login (Invalid Email/Username) |
|
| gd_auth_email_verification |
Email Verification Confirmed |
Email verification completed successfully |
| gd_auth_fail_email_verification |
Email Verification Failed |
Email verification failed. |
| gd_auth_failed |
MFA Auth failed |
Multi-factor authentication failed. This could happen due to a wrong code entered for SMS/Voice/Email/TOTP factors, or a system failure. |
| gd_auth_rejected |
MFA Auth rejected |
A user rejected a Multi-factor authentication request via push-notification. |
| gd_auth_succeed |
MFA Auth success |
Multi-factor authentication success. |
| gd_enrollment_complete |
MFA enrollment complete |
A first time MFA user has successfully enrolled using one of the factors. |
| gd_otp_rate_limit_exceed |
Too many MFA failures |
A user sends more than 10 requests to their device within one hour. Note that the request limit does not reset upon a successful login event. |
| gd_recovery_failed |
Recovery failed |
A user enters a wrong recovery code when attempting to authenticate. |
| gd_recovery_rate_limit_exceed |
Multi-factor recovery code has failed too many times |
A user has entered a wrong recovery code too many times. |
| gd_recovery_succeed |
MFA recovery success |
A user successfully authenticates with a recovery code. |
| gd_start_auth |
Second factor started |
Second factor authentication event started for MFA. |
| gd_start_enroll |
MFA Enroll started |
Multi-factor authentication enroll has started. |
| gd_unenroll |
Unenroll device account |
Device used for second factor authentication has been unenrolled. |
| gd_update_device_account |
Update device account |
Device used for second factor authentication has been updated. |
| gd_webauthn_challenge_failed |
WebAuthn browser error |
User failed to verify Webauthn factor. |
| gd_webauthn_enrollment_failed |
WebAuthn browser error |
WebAuthn browser enrollment failed. |
| limit_mu |
Blocked IP Address |
An IP address is blocked because it attempted too many failed logins without a successful login. Or an IP address is blocked because it attempted too many sign-ups, whether successful or failed. For more information, see Attack Protection. |
| limit_sul |
Blocked Account |
A user is temporarily prevented from logging in because they reached the maximum logins per time period from the same IP address. For more information, see Attack Protection. |
| limit_wc |
Blocked Account |
An IP address is blocked because it reached the maximum failed login attempts into a single account. |
| mfar |
MFA Required |
A user has been prompted for multi-factor authentication (MFA). When using Adaptive MFA, Auth0 includes details about the risk assessment. Available in only the Resource Owner Password Flow. |
| oidc_backchannel_logout_failed |
Failed OIDC Back-Channel Logout request |
Failed OIDC Back-Channel Logout request |
| oidc_backchannel_logout_succeeded |
Successful OIDC Back-Channel Logout request |
Successful OIDC Back-Channel Logout request |
| passkey_challenge_failed |
Passkey Challenge Failed |
Native passkey challenge failed |
| passkey_challenge_started |
Passkey Challenge Started |
Native passkey challenge was successfully initiated |
| pla |
Pre-login assessment |
This log is generated before a login and helps in monitoring the behavior of bot detection without having to enable it. |
| pwd_leak |
Breached password |
Someone behind the IP address ip attempted to login with a leaked password. The pwd_leak tenant log is emitted once per hour per IP address. |
| reset_pwd_leak |
Breached Password on Reset |
Someone behind the IP address ip attempted to reset with a leaked password. |
s |
Success Login |
Successful login event. |
| sce |
Success Change Email |
|
| scoa |
Success cross-origin authentication |
|
| scp |
Success Change Password |
|
| scpn |
Success Change Phone Number |
|
| scpr |
Success Change Password Request |
|
| scu |
Success Change Username |
|
| scv |
Success Credential Validation |
Successful credential validation event. |
| sdu |
Success User Deletion |
User successfully deleted |
| seacft |
Success Exchange |
Successful exchange of authorization code for Access Token |
| seccft |
Success Exchange |
Successful exchange of Access Token for a Client Credentials Grant |
| secte |
Success Exchange |
Succesful Exchange via Custom Token Exchange |
| sede |
Success Exchange |
Successful exchange of device code for Access Token |
| sens |
Success Exchange |
Native Social Login |
| seoobft |
Success Exchange |
Successful exchange of Password and OOB Challenge for Access Token |
| seotpft |
Success Exchange |
Successful exchange of Password and OTP Challenge for Access Token |
| sepft |
Success Exchange |
Successful exchange of Password for Access Token |
| sepkoobft |
Success Exchange |
Successful exchange of Passkey and OOB Challenge for Access Token |
| sepkotpft |
Success Exchange |
Successful exchange of Passkey and OTP Challenge for Access Token |
| sepkrcft |
Success Exchange |
Successful exchange of Passkey and MFA Recovery Code for Access Token |
| sercft |
Success Exchange |
Successful exchange of Password and MFA Recovery code for Access Token |
| sertft |
Success Exchange |
Successful exchange of Refresh Token for Access Token |
| signup_pwd_leak |
Breached Password on Signup |
Someone behind the IP address ip attempted to signup with a leaked password. |
| slo |
Success Logout |
User successfully logged out |
| srrt |
Success Revocation |
Successfully revoked a Refresh Token |
| ss |
Success Signup |
|
| ss_sso_failure |
Failed SS-SSO Operation |
Self-Service operation failed |
ssa |
Success Silent Auth |
|
| sv |
Success Verification Email |
Successfully consumed email verification link |
| svr |
Success Verification Email Request |
Successfully called verification email endpoint. Verification email in queue to send. |
| too_many_records |
Max Amount of Authenticators |
User has created the maximum amount of authenticators |
| ublkdu |
User login block released |
User block setup by anomaly detection has been released |