Log type 'flo' and its triggers

lihua.zhang · February 16, 2023, 10:34pm

Problem statement

We want to understand the log event type “flo” (Failed Logout) for Auth0 tenants.
What are the triggers for this event code? And are they triggered by malicious actors or threats?

Solution

The log type ‘flo’ means failed logout. It can be triggered by

Malformed client_id
client_id for federated clients trying to access non-authority tenants
post_logout_redirect_uris for the client not being set to an array
client_id supplied doesn’t exist
return_to URL is invalid
return_to URL is not specified in Allowed Logout URLs

They are related to the misconfiguration of logout URIs. We wouldn’t log a flo for something like bot detection or other tools that we have to detect malicious actors. But we would log flo if a malicious actor attempts a logout and does something to trigger one of the conditions above (e.g. trying to redirect to a URL that isn’t in the allow list).

Topic		Replies	Views
Verifying Logout Implementations Knowledge Articles logout-implementation	1	15	September 9, 2024
When does the logout event (slo) get logged? Help	3	2521	April 6, 2020
Slo log event and session timeouts Help login , event , log	3	1564	November 8, 2022
Database Action Scripts get Error with the right Event Type Help	3	1411	December 21, 2022
Failed API Operation Logs "fapi" Knowledge Articles api , management_api , tenant-logs	1	448	January 8, 2024

Log type 'flo' and its triggers

Problem statement

Solution

Related Topics