Hi @dfleming,
Thank you for your response.
The seacft log event type code refers to a “Successful exchange of authorization code for Access Token”
(Reference: Log Event Type Codes)
This is where you take the code returned from calling the /authorize endpoint and pass it to the /oauth/token endpoint to exchange it for an access token. For example:
curl --request POST \
--url 'https://{yourDomain}/oauth/token' \
--header 'content-type: application/x-www-form-urlencoded' \
--data grant_type=authorization_code \
--data 'client_id={yourClientId}' \
--data 'client_secret={yourClientSecret}' \
--data 'code=yourAuthorizationCode}' \
--data 'redirect_uri={https://yourApp/callback}'
(Reference: Call Your API Using the Authorization Code Flow)
Moreover, the user could automatically be logged in if their session is still active. By default, the Login Session Management settings have the Inactivity timeout at 3 days, and the Require login after at 7 days.
With that, I recommend adjusting these settings on your Auth0 Dashboard > Settings > Advanced > Login Session Management to your preference.
Please let me know how this goes for you.
Thanks,
Rueben