Actions Triggers: post-login - Event Object

Actions Triggers: post-login - Event Object

The event object for the post-login Actions trigger provides contextual information about a single user logging in via Auth0.

Note: The event.user object will not include any top-level attributes added by an external identity provider.

Property Description

event.authentication

(Optional)

Details about authentication signals obtained during the login flow.

Includes the following properties:

  • methods Array of objects.

    Contains the authentication methods a user has completed during their session.

    Elements include the following properties:

    • name String.

      Possible values include:

      • federated A social or enterprise connection was used to authenticate the user.
      • pwd A database connection was used to authenticate the user.
      • sms A Passwordless SMS connection was used to authenticate the user.
      • email A Passwordless Email connection was used to authenticate the user.
      • mfa The user completed multi-factor authentication.
      • mock Used for internal testing.
      • String A custom authentication method denoted by a URL.
    • timestamp String.

event.authorization

(Optional)

An object containing information describing the authorization granted to the user who is logging in.

Includes the following properties:

  • roles Array of strings. An array containing the names of a user's assigned roles.

event.client

Information about the Client with which this login transaction was initiated.

Includes the following properties:

  • client_id String. The client id of the application the user is logging in to.
  • metadata Dictionary. An object for holding other application properties.
  • name String. The name of the application (as defined in the Dashboard).

event.connection

Details about the Connection that was used to authenticate the user.

Includes the following properties:

  • id String. The connection's unique identifier.
  • metadata Optional dictionary. Metadata associated with the connection.
  • name String. The name of the connection used to authenticate the user (such as twitter or some-g-suite-domain).
  • strategy String. The type of connection. For social connections, event.connection.strategy === event.connection.name. For enterprise connections, the strategy is waad (Windows Azure AD), ad (Active Directory/LDAP), auth0 (database connections), and so on.

event.organization

(Optional)

Details about the Organization associated with the current transaction.

Includes the following properties:

  • display_name String. The friendly name of the Organization.
  • id String. The Organization identifier.
  • metadata Dictionary. Metadata associated with the Organization.
  • name String. The name of the Organization.

event.request

Details about the request that initiated the transaction.

Includes the following properties:

  • body Dictionary. The body of the POST request. This data will only be available during refresh token and Client Credential Exchange flows.
  • geoip Object.

    Includes the following properties:

    • cityName Optional string.
    • continentCode Optional string.
    • countryCode Optional string.
    • countryCode3 Optional string.
    • countryName Optional string.
    • latitude Optional number.
    • longitude Optional number.
    • subdivisionCode Optional string.
    • subdivisionName Optional string.
    • timeZone Optional string.
  • hostname Optional string. The hostname that is being used for the authentication flow.
  • ip String. The originating IP address of the request.
  • language Optional string. The language requested by the browser.
  • method String. The HTTP method used for the request
  • query Dictionary. The query string parameters sent to the authorization request.
  • user_agent Optional string. The value of the User-Agent header received when initiating the transaction.

event.resource_server

(Optional)

Details about the resource server to which the access is being requested.

Includes the following properties:

  • identifier String. The identifier of the resource server. For example: https://your-api.example.com.

event.stats

Login statistics for the current user.

Includes the following properties:

  • logins_count Number. The number of times this user has logged in.

event.tenant

Details about the Tenant associated with the current transaction.

Includes the following properties:

  • id String. The name of the tenant.

event.transaction

(Optional)

Details about the current transaction.

Includes the following properties:

  • acr_values Array of strings. Any acr_values provided in the original authentication request.
  • locale String. The locale to be used for this transaction as determined by comparing the browser's requested languages to the tenant's language settings.
  • login_hint Optional string. Hint to the Authorization Server about the login identifier the End-User might use to log in (if necessary).
  • prompt Optional array of strings. List of instructions indicating whether the user may be prompted for re-authentication and consent.
  • protocol Optional string.

    Possible values include:

    • oidc-basic-profile Most used, web-based login.
    • oidc-implicit-profile Used on mobile devices and single-page apps.
    • samlp SAML protocol used on SaaS apps.
    • wsfed WS-Federation used on Microsoft products like Office365.
    • wstrust-usernamemixed WS-trust User/password login used on CRM and Office365.
    • oauth2-device-code Transaction using the Device Authorization Flow.
    • oauth2-resource-owner User/password login typically used on database connections.
    • oauth2-resource-owner-jwt-bearer Login using a bearer JWT signed with user's private key.
    • oauth2-password Login using the password exchange.
    • oauth2-access-token Refreshing a token using the refresh token exchange.
    • oauth2-refresh-token Refreshing a token using the refresh token exchange.
    • oauth2-token-exchange
    • oidc-hybrid-profile Allows your application to have immediate access to an ID token while still providing for secure and safe retrieval of access and refresh tokens.
  • redirect_uri Optional string. The URL to which Auth0 will redirect the browser after the transaction is completed.
  • requested_scopes Array of strings. The scopes requested (if any) when starting this authentication flow.
  • response_mode Optional string. Informs the Authorization Server of the mechanism to be used for returning parameters from the Authorization Endpoint.
  • response_type Optional array of strings. Denotes the kind of credential that Auth0 will return.
  • state Optional string. An opaque arbitrary alphanumeric string your app adds to the initial request that Auth0 includes when redirecting back to your application.
  • ui_locales Array of strings. The ui_locales provided in the original authentication request.

event.user

An object describing the user on whose behalf the current transaction was initiated.

Includes the following properties:

  • app_metadata Dictionary. Custom fields that store info about a user that influences the user's access, such as support plan, security roles, or access control groups.
  • created_at String. Timestamp indicating when the user profile was first created.
  • email Optional string. (unique) User's email address.
  • email_verified Boolean. Indicates whether the user has verified their email address.
  • family_name Optional string. User's family name.
  • given_name Optional string. User's given name.
  • identities Array of objects.

    Contains info retrieved from the identity provider with which the user originally authenticates. Users may also link their profile to multiple identity providers; those identities will then also appear in this array. The contents of an individual identity provider object varies by provider.

    Elements include the following properties:

    • connection Optional string. Name of the Auth0 connection used to authenticate the user.
    • isSocial Optional boolean. Indicates whether the connection is a social one.
    • profileData Optional dictionary. User information associated with the connection. When profiles are linked, it is populated with the associated user info for secondary accounts.
    • provider Optional string. Name of the entity that is authenticating the user, such as Facebook, Google, SAML, or your own provider.
    • user_id Optional string. User's unique identifier for this connection/provider.
  • last_password_reset Optional string. Timestamp indicating the last time the user's password was reset/changed. At user creation, this field does not exist. This property is only available for Database connections.
  • multifactor Optional array of strings. List of multi-factor authentication (MFA) providers with which the user is enrolled. This array is updated when the user enrolls in MFA and when an administrator resets a user's MFA enrollments.
  • name Optional string. User's full name.
  • nickname Optional string. User's nickname.
  • phone_number Optional string. User's phone number. Only valid for users with SMS connections.
  • phone_verified Optional boolean. Indicates whether the user has verified their phone number. Only valid for users with SMS connections.
  • picture Optional string. URL pointing to the user's profile picture.
  • updated_at String. Timestamp indicating when the user's profile was last updated/modified.
  • user_id String. (unique) User's unique identifier.
  • user_metadata Dictionary. Custom fields that store info about a user that does not impact what they can or cannot access, such as work address, home address, or user preferences.
  • username Optional string. (unique) User's username.