Description: Currently, investigating failed authentication logs is difficult due to the lack of modern browser identifiers and inconsistencies in how log data is presented. We are requesting the following improvements to the logging and log streaming capabilities:
-
Include Modern User-Agent Headers: Please include modern User-Agent Client Hints (
sec-ch-ua,sec-ch-ua-mobile,sec-ch-ua-platform) in both the Auth0 Dashboard Log View and Log Streaming payloads. LegacyUser-Agentstrings are now largely frozen by modern browsers and easily forged by automated scanners (like TruffleHog). Fake browsers often omit these newsec-ch-uaheaders, making them a crucial differentiator. -
Resolve Data Discrepancies: The User-Agent field currently passed through Log Streaming does not match the User-Agent field displayed in the Auth0 Dashboard Logs view. This discrepancy breaks our ability to correlate events and reduces our overall trust in the log data.
-
Standardize Log Messages: Log event descriptions are currently highly inconsistent. Some start with capital letters, some end with periods, and the narrative voice changes unpredictably (e.g., “user is blocked” [third person] vs. “You may have pressed the back button” [second person]). Standardizing the phrasing, capitalization, and punctuation would make the logs look much more professional and easier to parse programmatically.
Use-case: We are building a secure platform where we rely heavily on failure logs (e.g., bad passwords, SAML InResponseTo validation failures, unauthorized access) to proactively troubleshoot issues for our actual customers.
Currently, our logs are flooded with noise from automated attacks and fake browsers. Because we only see the legacy, easily-forged User-Agent header, we cannot reliably distinguish between a real customer experiencing a login error and a bot probing our tenant. Setting up a proxy in front of Auth0 to capture these headers and build a custom WAF essentially means re-implementing Auth0’s routing, which defeats the purpose of using a managed identity provider.
If Auth0 exposed sec-ch-ua headers and ensured data consistency across the dashboard and log streams, our operations team could quickly filter out attacker noise. This would allow us to focus entirely on genuine user friction without wasting hours investigating obsolete or forged browser requests.