Log Event Type Codes
The following table lists the codes associated with each log event.
| Event Code | Event | Event Description |
|---|---|---|
admin_update_launch |
Auth0 Update Launched | |
api_limit |
Rate Limit on the Authentication or Management APIs | The maximum number of requests to the Authentication or Management APIs in given time has reached. |
cls |
Code/Link Sent | Passwordless login code/link has been sent |
cs |
Code Sent | Passwordless login code has been sent |
depnote |
Deprecation Notice | |
du |
Deleted User | User has been deleted |
f |
Failed Login | |
fapi |
Operation on API failed | |
fc |
Failed by Connector | |
fce |
Failed Change Email | Failed to change user email |
fco |
Failed by CORS | Origin is not in the Allowed Origins list for the specified application |
fcoa |
Failed cross-origin authentication | |
fcp |
Failed Change Password | |
fcph |
Failed Post Change Password Hook | |
fcpn |
Failed Change Phone Number | |
fcpr |
Failed Change Password Request | |
fcpro |
Failed Connector Provisioning | Failed to provision a AD/LDAP connector |
fcu |
Failed Change Username | Failed to change username |
fd |
Failed Delegation | Failed to generate delegation token |
fdeac |
Failed Device Activation | Failed to activate device. |
fdeaz |
Failed Device Authorization Request | Device authorization request failed. |
fdecc |
User Canceled Device Confirmation | User did not confirm device. |
fdu |
Failed User Deletion | |
feacft |
Failed Exchange | Failed to exchange authorization code for Access Token |
feccft |
Failed Exchange | Failed exchange of Access Token for a Client Credentials Grant |
fede |
Failed Exchange | Failed to exchange Device Code for Access Token |
fens |
Failed Exchange | Failed exchange for Native Social Login |
feoobft |
Failed Exchange | Failed exchange of Password and OOB Challenge for Access Token |
feotpft |
Failed Exchange | Failed exchange of Password and OTP Challenge for Access Token |
fepft |
Failed Exchange | Failed exchange of Password for Access Token |
fepotpft |
Failed Exchange | Failed exchange of Passwordless OTP for Access Token |
fercft |
Failed Exchange | Failed Exchange of Password and MFA Recovery code for Access Token |
fertft |
Failed Exchange | Failed Exchange of Refresh Token for Access Token. This could occur if the refresh token is revoked or expired. |
ferrt |
Failed Exchange | Failed Exchange of Rotating Refresh Token. This could occur when reuse is detected. |
fi |
Failed invite accept | Failed to accept a user invitation. This could happen if the user accepts an invitation using a different email address than provided in the invitation, or due to a system failure while provisioning the invitation. |
flo |
Failed Logout | User logout failed |
fn |
Failed Sending Notification | Failed to send email notification |
fp |
Failed Login (Incorrect Password) | |
fs |
Failed Signup | |
fsa |
Failed Silent Auth | |
fu |
Failed Login (Invalid Email/Username) | |
fui |
Failed users import | Failed to import users |
fv |
Failed Verification Email | Failed to send verification email |
fvr |
Failed Verification Email Request | Failed to process verification email request |
gd_auth_failed |
MFA Auth failed | Multi-factor authentication failed. This could happen due to a wrong code entered for SMS/Voice/Email/TOTP factors, or a system failure. |
gd_auth_rejected |
MFA Auth rejected | A user rejected a Multi-factor authentication request via push-notification. |
gd_auth_succeed |
MFA Auth success | Multi-factor authentication success. |
gd_enrollment_complete |
MFA enrollment complete | A first time MFA user has successfully enrolled using one of the factors. |
gd_otp_rate_limit_exceed |
Too many failures | A user, during enrollment or authentication, enters an incorrect code more than the maximum allowed number of times. Ex: A user enrolling in SMS enters the 6-digit code wrong more than 10 times in a row. |
gd_recovery_failed |
Recovery failed | A user enters a wrong recovery code when attempting to authenticate. |
gd_recovery_rate_limit_exceed |
Too many failures | A user enters a wrong recovery code too many times. |
gd_recovery_succeed |
Recovery success | A user successfully authenticates with a recovery code. |
gd_send_email |
Email Sent | Email for MFA successfully sent. |
gd_send_pn |
Push notification sent | Push notification for MFA sent successfully sent. |
gd_send_pn_failure |
Push notification sent | Push notification for MFA failed. |
gd_send_sms |
SMS sent | SMS for MFA successfully sent. |
gd_send_sms_failure |
SMS sent failures | Attempt to send SMS for MFA failed. |
gd_send_voice |
Voice call made | Voice call for MFA successfully made. |
gd_send_voice_failure |
Voice call failure | Attempt to make Voice call for MFA failed. |
gd_start_auth |
Second factor started | Second factor authentication event started for MFA. |
gd_start_enroll |
Enroll started | Multi-factor authentication enroll has started. |
gd_start_enroll_failed |
Enrollment failed | Push to start enrollement failed. |
gd_tenant_update |
Guardian tenant update | |
gd_unenroll |
Unenroll device account | Device used for second factor authentication has been unenrolled. |
gd_update_device_account |
Update device account | Device used for second factor authentication has been updated. |
gd_webauthn_challenge_failed |
Enrollment challenge issued | User failed to verify Webauthn factor. |
gd_webauthn_enrollment_failed |
Enroll failed | WebAuthn factor enrollment failed. |
limit_delegation |
Too Many Calls to /delegation | Rate limit exceeded to /delegation endpoint |
limit_mu |
Blocked IP Address | An IP address is blocked because it attempted too many failed logins without a successful login. Or an IP address is blocked because it attempted too many sign-ups, whether successful or failed. For more information, see Attack Protection. |
limit_wc |
Blocked Account | An IP address is blocked because it reached the maximum failed login attempts into a single account. |
limit_sul |
Blocked Account | A user is temporarily prevented from logging in because they reached the maximum logins per time period from the same IP address. For more information, see Attack Protection. |
mfar |
MFA Required | A user has been prompted for multi-factor authentication (MFA). When using Adaptive MFA, Auth0 includes details about the risk assessment. |
mgmt_api_read |
Management API read Operation | API GET operation returning secrets completed successfully |
pla |
Pre-login assessment | This log is generated before a login and helps in monitoring the behavior of bot detection without having to enable it. |
pwd_leak |
Breached password | Someone behind the IP address ip attempted to login with a leaked password. |
resource_cleanup |
Refresh token excess warning | Emitted when resources exceeding defined limits were removed. |
s |
Success Login | Successful login event. |
sapi |
Success API Operation | Successful management API write event. |
sce |
Success Change Email | |
scoa |
Success cross-origin authentication | |
scp |
Success Change Password | |
scph |
Success Post Change Password Hook | |
scpn |
Success Change Phone Number | |
scpr |
Success Change Password Request | |
scu |
Success Change Username | |
sd |
Success Delegation | |
sdu |
Success User Deletion | User successfully deleted |
seacft |
Success Exchange | Successful exchange of authorization code for Access Token |
seccft |
Success Exchange | Successful exchange of Access Token for a Client Credentials Grant |
sede |
Success Exchange | Successful exchange of device code for Access Token |
sens |
Success Exchange | Native Social Login |
seoobft |
Success Exchange | Successful exchange of Password and OOB Challenge for Access Token |
seotpft |
Success Exchange | Successful exchange of Password and OTP Challenge for Access Token |
sepft |
Success Exchange | Successful exchange of Password for Access Token |
sercft |
Success Exchange | Successful exchange of Password and MFA Recovery code for Access Token |
sertft |
Success Exchange | Successful exchange of Refresh Token for Access Token |
si |
Successful invite accept | Successfully accepted a user invitation |
signup_pwd_leak |
Breached password | Someone behind the IP address ip attempted to signup with a leaked password. |
srrt |
Success Revocation | Successfully revoked a Refresh Token |
slo |
Success Logout | User successfully logged out |
ss |
Success Signup | |
ssa |
Success Silent Auth | |
sui |
Success users import | Successfully imported users |
sv |
Success Verification Email | Successfully consumed email verification link |
svr |
Success Verification Email Request | Successfully called verification email endpoint. Verification email in queue to send. |
sys_os_update_end |
Auth0 OS Update Ended | |
sys_os_update_start |
Auth0 OS Update Started | |
sys_update_end |
Auth0 Update Ended | |
sys_update_start |
Auth0 Update Started | |
ublkdu |
User login block released | User block setup by anomaly detection has been released |
w |
Warnings During Login | Filters for logs of type warning during login |