How to report failure from an Action

andreas.lundgren · May 3, 2023, 1:38pm

How do I report failure from a Login Action.

I the login action fails to perform its task, I would like to see that in the logs. I would also like that to be transferred via the (Amazon EventBridge) log stream.

If I throw an exception, the entire login flow will halt and the user cannot be logged in at all. This is not an option for us. If the post login action fails, we would like to continue with decreased functionality. Is it possible to report failures only for the Action some how?

Is it possible to get logs from actions on the Monitoring stream as well?

rueben.tiow · May 5, 2023, 4:00pm

Hi @andreas.lundgren,

Thanks for reaching out to the Auth0 Community!

In the case of a Post-Login Action script failing, this would cause the login transaction to fail with the f (failed login) Log Event Type code in your Logs.

Then when inspecting the Logs through the Auth0 Dashboard > Monitoring > Logs, there is an Action Details tab that will contain more information about the Action scripts that succeeded or failed during this login transaction.

Alternatively, you could use the Management API to accomplish this:

Use the Search log events endpoint to search for f Event Type logs
Call the Get a log event by id endpoint to retrieve an individual f log event.
Take the Action’s execution ID from the f Log event and call the Get an execution endpoint

This should provide you with the same information found on your Auth0 Dashboard regarding the Action Details.

To add on, you could use the Amazon EventBridge log stream to monitor the logs for f logs and inspect the Action Details for more information. For this, I recommend reviewing our Log Streams and Auth0 Marketplace - Amazon EventBridge documentation.

I hope the explanation was clear!

Please let me know if you have any questions.

Thanks,
Rueben

andreas.lundgren · May 8, 2023, 7:53am

Thank you for your input! It does not solve our challenges though, let me try to rephrase:

What I really wanted was
A) Not to have my Action throw an exception and fail the entire login, because that would really prevent the user from logging in all together. Since this is not vital, I would just like to report that it failed (so that it can be fixed by an on-call team), but still let the login succeed.

B) Get the Action Log in the log stream to AWS Event Bridge so that I can build automated alerting upon failures.

Right now, from what I can see, I need to throw an exception and failing the entire login on order to get any information to AWS that something is not working as expected in my Action.

andreas.lundgren · May 11, 2023, 4:35pm

@rueben.tiow Yes, I did have a counter question. Just checking if you saw it.

rueben.tiow · May 12, 2023, 7:15pm

Hi @andreas.lundgren,

Thank you for your response.

For this scenario, you could use console.log() statements to report the failures and view them in the logs as mentioned in my previous message while still allowing the users to log in.

You can still use the Amazon EventBridge log stream to monitor the logs, but in this case, you will need to look for s logs for the successful login log event type code. Then filter for the console.log statements regarding the failure report.

Does this help?

I would be happy to clarify further if needed.

Thanks,
Rueben

andreas.lundgren · May 16, 2023, 9:02am

This is not possible, since the “Action Details” part of the log is not propagates to AWS EventBridge via the log stream.

This is the Auth0 log event:
Raw

{
  "date": "2023-05-16T08:48:13.623Z",
  "type": "s",
  "connection": "Username-Password-Authentication",
  "connection_id": "con_IECH*******4YXEz",
  "client_id": "1Co1y06xBtw*************p0r4Jl",
  "client_name": "Name Of Client",
  "ip": "194.17.253.84",
  "user_agent": "Electron 18.3.5 / Windows 10.0.0",
  "details": {
    "prompts": [
      {
        "name": "prompt-authenticate",
        "completedAt": 1684226892739,
        "connection": "Username-Password-Authentication",
        "connection_id": "con_IECHjeYdh9w4YXEz",
        "strategy": "auth0",
        "identity": "645396d8dad598694bc7cb81",
        "stats": {
          "loginsCount": 3
        },
        "elapsedTime": null
      },
      {
        "name": "login",
        "flow": "universal-login",
        "initiatedAt": 1684226879953,
        "completedAt": 1684226892758,
        "user_id": "auth0|645396d8dad598694bc7cb81",
        "user_name": "*******+tester@gmail.com",
        "timers": {
          "rules": 563
        },
        "elapsedTime": 12805
      }
    ],
    "initiatedAt": 1684226879944,
    "completedAt": 1684226893621,
    "elapsedTime": 13677,
    "actions": {
      "executions": [
        "EpNQOyW-TyGyS1071DNLuzIwMjMwNTE2"
      ]
    },
    "session_id": "snRXFq0OY5r1ka_Ngq5kohdXBYRuiQrT",
    "stats": {
      "loginsCount": 3
    }
  },
  "hostname": "login.example.dev",
  "user_id": "auth0|645396d8dad598694bc7cb81",
  "user_name": "*******+tester@gmail.com",
  "strategy": "auth0",
  "strategy_type": "database",
  "log_id": "90020230516084817232013000000000000001223372037055289981",
  "_id": "90020230516084817232013000000000000001223372037055289981",
  "isMobile": false,
  "id": "90020230516084817232013000000000000001223372037055289981",
  "description": "Successful login"
}

Action Details

{
  "action_name": "extend-jwt",
  "response": {
    "logs": "crm login: \"auth0|645396d8dad598694bc7cb81\"\nUser auth0|645396d8dad598694bc7cb81 was not found in CRM systemn",
    "stats": {
      "total_request_duration_ms": 550,
      "total_runtime_execution_duration_ms": 548,
      "runtime_processing_duration_ms": 5,
      "action_duration_ms": 543,
      "boot_duration_ms": 5,
      "network_duration_ms": 2
    }
  },
  "started_at": "2023-05-16T08:48:13.055241248Z",
  "ended_at": "2023-05-16T08:48:13.606271743Z"
}

And the received log in AWS EventBridge:

{
    "version": "0",
    "id": "0893dbc8-5706-c40e-1f9f-12099312beae",
    "detail-type": "Auth0 log",
    "source": "aws.partner/auth0.com/dev-28t3w**********6-2da99e3a-a482-42b6-ba7a-ee8387815482/auth0.logs",
    "account": "1781******14",
    "time": "2023-05-16T08:48:21Z",
    "region": "eu-west-1",
    "resources": [],
    "detail": {
        "log_id": "90020230516084817232013000000000000001223372037055289981",
        "data": {
            "date": "2023-05-16T08:48:13.623Z",
            "type": "s",
            "connection": "Username-Password-Authentication",
            "connection_id": "con_IE*********4YXEz",
            "client_id": "1Co1y0********************r4Jl",
            "client_name": "TheClientName",
            "ip": "**********",
            "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Postman/10.13.0 Chrome/100.0.4896.160 Electron/18.3.5 Safari/537.36",
            "details": {
                "prompts": [
                    {
                        "name": "prompt-authenticate",
                        "completedAt": 1684226892739,
                        "connection": "Username-Password-Authentication",
                        "connection_id": "con_IE*******YXEz",
                        "strategy": "auth0",
                        "identity": "6453**************81",
                        "stats": {
                            "loginsCount": 3
                        },
                        "elapsedTime": null
                    },
                    {
                        "name": "login",
                        "flow": "universal-login",
                        "initiatedAt": 1684226879953,
                        "completedAt": 1684226892758,
                        "user_id": "auth0|645396d8dad598694bc7cb81",
                        "user_name": "*********+tester@gmail.com",
                        "timers": {
                            "rules": 563
                        },
                        "elapsedTime": 12805
                    }
                ],
                "initiatedAt": 1684226879944,
                "completedAt": 1684226893621,
                "elapsedTime": 13677,
                "actions": {
                    "executions": [
                        "EpNQOyW-TyGyS1071DNLuzIwMjMwNTE2"
                    ]
                },
                "session_id": "snRXFq0O**********iQrT",
                "stats": {
                    "loginsCount": 3
                }
            },
            "hostname": "login.example.dev",
            "user_id": "auth0|645396d8dad598694bc7cb81",
            "user_name": "*********+tester@gmail.com",
            "strategy": "auth0",
            "strategy_type": "database",
            "log_id": "90020230516084817232013000000000000001223372037055289981"
        }
    }
}

andreas.lundgren · May 29, 2023, 6:14am

@rueben.tiow - Any thought on this? Am I right that this is not possible?!?

andreas.lundgren · June 14, 2023, 9:19am

I got a response via the support, this is for future reference:

This is not currently sent through to log streams unfortunately but this is something we are reviewing and looking to add to the roadmap at some point.

Otherwise you could create own API and send logs there, this example demonstrates how you might use Axios to call an external API Post User Registration Flow

rueben.tiow · June 15, 2023, 5:24pm

Hi @andreas.lundgren,

Thanks for sharing the response from our Developer Support with the rest of the Community!

Let us know if you have any additional questions.

Thanks,
Rueben

system · June 29, 2023, 5:25pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.