When accessing the log history of a specific user under User Management, we consistently see our Server IP instead of the User’s IP address. We have tested logging in using our own accounts without a VPN and still encountered the same issue of the server IP address being displayed in the user’s history.
Hey there @aj1337, interesting topic!
I did some research and found a few potentially relevant to your problem situations happening under VPN / other network settings -
- (“aggressive”) IP reusing; limited addresses pool; remote desktop protocol’s related activities.
If Auth0 would be the offender of it, it would mean we do some IP mappings on our side when logging users’ sessions, which I’m not aware of in terms of what I observe on my Auth0 tenants - different users logging in via Auth0 login page are correctly logged with the relevant, non-repeatable IP addresses. This observation has been taken under no additional network protection, like VPN.
I’m happy to discuss it further, but I believe some additional context on your network settings would be helpful. Thanks!
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
UPDATE:
For the PROG flow, in order to log the call to https://{yourDomain}/oauth/token with the end-user IP address instead of the server IP address (from which the request is sent), the recommendation is to add to this request an additional header: 'auth0-forwarded-for': req.ip // End user ip and to make relevant adjustments in the Auth0 dashboard described in this faq or this article.
Hope this helps and any feedback would be appreciated.