diff --git a/main/config/navigation/generated/tenant-logs.en.json b/main/config/navigation/generated/tenant-logs.en.json
new file mode 100644
index 0000000000..44a6e9fceb
--- /dev/null
+++ b/main/config/navigation/generated/tenant-logs.en.json
@@ -0,0 +1,164 @@
+{
+ "pages": [
+ "docs/tenant-logs",
+ "docs/tenant-logs/acls-summary",
+ "docs/tenant-logs/actions-execution-failed",
+ "docs/tenant-logs/acul-sdk-notice",
+ "docs/tenant-logs/api-limit",
+ "docs/tenant-logs/api-limit-warning",
+ "docs/tenant-logs/appi",
+ "docs/tenant-logs/ciba-exchange-failed",
+ "docs/tenant-logs/ciba-exchange-succeeded",
+ "docs/tenant-logs/ciba-start-failed",
+ "docs/tenant-logs/ciba-start-succeeded",
+ "docs/tenant-logs/cls",
+ "docs/tenant-logs/connected-accounts-connection-failed",
+ "docs/tenant-logs/connected-accounts-connection-succeeded",
+ "docs/tenant-logs/connected-accounts-delete-failed",
+ "docs/tenant-logs/connected-accounts-delete-succeeded",
+ "docs/tenant-logs/cs",
+ "docs/tenant-logs/custom-domain-verification-failed",
+ "docs/tenant-logs/depnote",
+ "docs/tenant-logs/directory-sync-completed",
+ "docs/tenant-logs/directory-sync-failed",
+ "docs/tenant-logs/directory-sync-started",
+ "docs/tenant-logs/f",
+ "docs/tenant-logs/failed-on-behalf-of-token-exchange",
+ "docs/tenant-logs/fce",
+ "docs/tenant-logs/fco",
+ "docs/tenant-logs/fcoa",
+ "docs/tenant-logs/fcp",
+ "docs/tenant-logs/fcph",
+ "docs/tenant-logs/fcpn",
+ "docs/tenant-logs/fcpr",
+ "docs/tenant-logs/fcpro",
+ "docs/tenant-logs/fcu",
+ "docs/tenant-logs/fd",
+ "docs/tenant-logs/fdeac",
+ "docs/tenant-logs/fdeaz",
+ "docs/tenant-logs/fdecc",
+ "docs/tenant-logs/fdu",
+ "docs/tenant-logs/feacft",
+ "docs/tenant-logs/feccft",
+ "docs/tenant-logs/fecte",
+ "docs/tenant-logs/fede",
+ "docs/tenant-logs/federated-logout-failed",
+ "docs/tenant-logs/fens",
+ "docs/tenant-logs/feoobft",
+ "docs/tenant-logs/feotpft",
+ "docs/tenant-logs/fepft",
+ "docs/tenant-logs/fepotpft",
+ "docs/tenant-logs/fercft",
+ "docs/tenant-logs/ferrt",
+ "docs/tenant-logs/fertft",
+ "docs/tenant-logs/feta",
+ "docs/tenant-logs/fi",
+ "docs/tenant-logs/flo",
+ "docs/tenant-logs/flows-execution-completed",
+ "docs/tenant-logs/flows-execution-failed",
+ "docs/tenant-logs/fn",
+ "docs/tenant-logs/forms-submission-failed",
+ "docs/tenant-logs/forms-submission-succeeded",
+ "docs/tenant-logs/fp",
+ "docs/tenant-logs/fpar",
+ "docs/tenant-logs/fpurh",
+ "docs/tenant-logs/fs",
+ "docs/tenant-logs/fsa",
+ "docs/tenant-logs/fu",
+ "docs/tenant-logs/fui",
+ "docs/tenant-logs/fv",
+ "docs/tenant-logs/fvr",
+ "docs/tenant-logs/gd-auth-email-verification",
+ "docs/tenant-logs/gd-auth-failed",
+ "docs/tenant-logs/gd-auth-rejected",
+ "docs/tenant-logs/gd-auth-succeed",
+ "docs/tenant-logs/gd-enrollment-complete",
+ "docs/tenant-logs/gd-otp-rate-limit-exceed",
+ "docs/tenant-logs/gd-recovery-failed",
+ "docs/tenant-logs/gd-recovery-succeed",
+ "docs/tenant-logs/gd-send-email",
+ "docs/tenant-logs/gd-send-email-verification",
+ "docs/tenant-logs/gd-send-pn",
+ "docs/tenant-logs/gd-send-pn-failure",
+ "docs/tenant-logs/gd-send-sms",
+ "docs/tenant-logs/gd-send-sms-failure",
+ "docs/tenant-logs/gd-send-voice",
+ "docs/tenant-logs/gd-send-voice-failure",
+ "docs/tenant-logs/gd-start-auth",
+ "docs/tenant-logs/gd-start-enroll",
+ "docs/tenant-logs/gd-start-enroll-failed",
+ "docs/tenant-logs/gd-tenant-update",
+ "docs/tenant-logs/gd-unenroll",
+ "docs/tenant-logs/gd-update-device-account",
+ "docs/tenant-logs/gd-webauthn-challenge-failed",
+ "docs/tenant-logs/gd-webauthn-enrollment-failed",
+ "docs/tenant-logs/idjag-exchange-failed",
+ "docs/tenant-logs/idjag-exchange-succeeded",
+ "docs/tenant-logs/jwt-bearer-exchange-failed",
+ "docs/tenant-logs/kms-key-management-failure",
+ "docs/tenant-logs/kms-key-management-success",
+ "docs/tenant-logs/kms-key-state-changed",
+ "docs/tenant-logs/limit-delegation",
+ "docs/tenant-logs/limit-mu",
+ "docs/tenant-logs/limit-sul",
+ "docs/tenant-logs/limit-wc",
+ "docs/tenant-logs/mfar",
+ "docs/tenant-logs/mgmt-api-read",
+ "docs/tenant-logs/my-account-authentication-method-failed",
+ "docs/tenant-logs/my-account-authentication-method-succeeded",
+ "docs/tenant-logs/oidc-backchannel-logout-failed",
+ "docs/tenant-logs/oidc-backchannel-logout-succeeded",
+ "docs/tenant-logs/organization-member-added",
+ "docs/tenant-logs/passkey-challenge-failed",
+ "docs/tenant-logs/passkey-challenge-started",
+ "docs/tenant-logs/pla",
+ "docs/tenant-logs/pwd-leak",
+ "docs/tenant-logs/reset-pwd-leak",
+ "docs/tenant-logs/resource-cleanup",
+ "docs/tenant-logs/rich-consents-access-error",
+ "docs/tenant-logs/s",
+ "docs/tenant-logs/sapi",
+ "docs/tenant-logs/sce",
+ "docs/tenant-logs/scoa",
+ "docs/tenant-logs/scp",
+ "docs/tenant-logs/scpn",
+ "docs/tenant-logs/scpr",
+ "docs/tenant-logs/scu",
+ "docs/tenant-logs/scv",
+ "docs/tenant-logs/sd",
+ "docs/tenant-logs/sdu",
+ "docs/tenant-logs/seacft",
+ "docs/tenant-logs/seccft",
+ "docs/tenant-logs/secte",
+ "docs/tenant-logs/sede",
+ "docs/tenant-logs/sens",
+ "docs/tenant-logs/seoobft",
+ "docs/tenant-logs/seotpft",
+ "docs/tenant-logs/sepft",
+ "docs/tenant-logs/sepkoobft",
+ "docs/tenant-logs/sepkotpft",
+ "docs/tenant-logs/sepkrcft",
+ "docs/tenant-logs/sercft",
+ "docs/tenant-logs/sertft",
+ "docs/tenant-logs/seta",
+ "docs/tenant-logs/si",
+ "docs/tenant-logs/slo",
+ "docs/tenant-logs/srrt",
+ "docs/tenant-logs/ss",
+ "docs/tenant-logs/ss-sso-failure",
+ "docs/tenant-logs/ss-sso-info",
+ "docs/tenant-logs/ss-sso-success",
+ "docs/tenant-logs/ssa",
+ "docs/tenant-logs/sscim",
+ "docs/tenant-logs/success-on-behalf-of-token-exchange",
+ "docs/tenant-logs/sui",
+ "docs/tenant-logs/sv",
+ "docs/tenant-logs/svr",
+ "docs/tenant-logs/ublkdu",
+ "docs/tenant-logs/universal-logout-failed",
+ "docs/tenant-logs/universal-logout-succeeded",
+ "docs/tenant-logs/w",
+ "docs/tenant-logs/wn",
+ "docs/tenant-logs/wum"
+ ]
+}
diff --git a/main/config/navigation/generated/tenant-logs.fr-ca.json b/main/config/navigation/generated/tenant-logs.fr-ca.json
new file mode 100644
index 0000000000..84183ebe2c
--- /dev/null
+++ b/main/config/navigation/generated/tenant-logs.fr-ca.json
@@ -0,0 +1,164 @@
+{
+ "pages": [
+ "docs/fr-ca/tenant-logs",
+ "docs/fr-ca/tenant-logs/acls-summary",
+ "docs/fr-ca/tenant-logs/actions-execution-failed",
+ "docs/fr-ca/tenant-logs/acul-sdk-notice",
+ "docs/fr-ca/tenant-logs/api-limit",
+ "docs/fr-ca/tenant-logs/api-limit-warning",
+ "docs/fr-ca/tenant-logs/appi",
+ "docs/fr-ca/tenant-logs/ciba-exchange-failed",
+ "docs/fr-ca/tenant-logs/ciba-exchange-succeeded",
+ "docs/fr-ca/tenant-logs/ciba-start-failed",
+ "docs/fr-ca/tenant-logs/ciba-start-succeeded",
+ "docs/fr-ca/tenant-logs/cls",
+ "docs/fr-ca/tenant-logs/connected-accounts-connection-failed",
+ "docs/fr-ca/tenant-logs/connected-accounts-connection-succeeded",
+ "docs/fr-ca/tenant-logs/connected-accounts-delete-failed",
+ "docs/fr-ca/tenant-logs/connected-accounts-delete-succeeded",
+ "docs/fr-ca/tenant-logs/cs",
+ "docs/fr-ca/tenant-logs/custom-domain-verification-failed",
+ "docs/fr-ca/tenant-logs/depnote",
+ "docs/fr-ca/tenant-logs/directory-sync-completed",
+ "docs/fr-ca/tenant-logs/directory-sync-failed",
+ "docs/fr-ca/tenant-logs/directory-sync-started",
+ "docs/fr-ca/tenant-logs/f",
+ "docs/fr-ca/tenant-logs/failed-on-behalf-of-token-exchange",
+ "docs/fr-ca/tenant-logs/fce",
+ "docs/fr-ca/tenant-logs/fco",
+ "docs/fr-ca/tenant-logs/fcoa",
+ "docs/fr-ca/tenant-logs/fcp",
+ "docs/fr-ca/tenant-logs/fcph",
+ "docs/fr-ca/tenant-logs/fcpn",
+ "docs/fr-ca/tenant-logs/fcpr",
+ "docs/fr-ca/tenant-logs/fcpro",
+ "docs/fr-ca/tenant-logs/fcu",
+ "docs/fr-ca/tenant-logs/fd",
+ "docs/fr-ca/tenant-logs/fdeac",
+ "docs/fr-ca/tenant-logs/fdeaz",
+ "docs/fr-ca/tenant-logs/fdecc",
+ "docs/fr-ca/tenant-logs/fdu",
+ "docs/fr-ca/tenant-logs/feacft",
+ "docs/fr-ca/tenant-logs/feccft",
+ "docs/fr-ca/tenant-logs/fecte",
+ "docs/fr-ca/tenant-logs/fede",
+ "docs/fr-ca/tenant-logs/federated-logout-failed",
+ "docs/fr-ca/tenant-logs/fens",
+ "docs/fr-ca/tenant-logs/feoobft",
+ "docs/fr-ca/tenant-logs/feotpft",
+ "docs/fr-ca/tenant-logs/fepft",
+ "docs/fr-ca/tenant-logs/fepotpft",
+ "docs/fr-ca/tenant-logs/fercft",
+ "docs/fr-ca/tenant-logs/ferrt",
+ "docs/fr-ca/tenant-logs/fertft",
+ "docs/fr-ca/tenant-logs/feta",
+ "docs/fr-ca/tenant-logs/fi",
+ "docs/fr-ca/tenant-logs/flo",
+ "docs/fr-ca/tenant-logs/flows-execution-completed",
+ "docs/fr-ca/tenant-logs/flows-execution-failed",
+ "docs/fr-ca/tenant-logs/fn",
+ "docs/fr-ca/tenant-logs/forms-submission-failed",
+ "docs/fr-ca/tenant-logs/forms-submission-succeeded",
+ "docs/fr-ca/tenant-logs/fp",
+ "docs/fr-ca/tenant-logs/fpar",
+ "docs/fr-ca/tenant-logs/fpurh",
+ "docs/fr-ca/tenant-logs/fs",
+ "docs/fr-ca/tenant-logs/fsa",
+ "docs/fr-ca/tenant-logs/fu",
+ "docs/fr-ca/tenant-logs/fui",
+ "docs/fr-ca/tenant-logs/fv",
+ "docs/fr-ca/tenant-logs/fvr",
+ "docs/fr-ca/tenant-logs/gd-auth-email-verification",
+ "docs/fr-ca/tenant-logs/gd-auth-failed",
+ "docs/fr-ca/tenant-logs/gd-auth-rejected",
+ "docs/fr-ca/tenant-logs/gd-auth-succeed",
+ "docs/fr-ca/tenant-logs/gd-enrollment-complete",
+ "docs/fr-ca/tenant-logs/gd-otp-rate-limit-exceed",
+ "docs/fr-ca/tenant-logs/gd-recovery-failed",
+ "docs/fr-ca/tenant-logs/gd-recovery-succeed",
+ "docs/fr-ca/tenant-logs/gd-send-email",
+ "docs/fr-ca/tenant-logs/gd-send-email-verification",
+ "docs/fr-ca/tenant-logs/gd-send-pn",
+ "docs/fr-ca/tenant-logs/gd-send-pn-failure",
+ "docs/fr-ca/tenant-logs/gd-send-sms",
+ "docs/fr-ca/tenant-logs/gd-send-sms-failure",
+ "docs/fr-ca/tenant-logs/gd-send-voice",
+ "docs/fr-ca/tenant-logs/gd-send-voice-failure",
+ "docs/fr-ca/tenant-logs/gd-start-auth",
+ "docs/fr-ca/tenant-logs/gd-start-enroll",
+ "docs/fr-ca/tenant-logs/gd-start-enroll-failed",
+ "docs/fr-ca/tenant-logs/gd-tenant-update",
+ "docs/fr-ca/tenant-logs/gd-unenroll",
+ "docs/fr-ca/tenant-logs/gd-update-device-account",
+ "docs/fr-ca/tenant-logs/gd-webauthn-challenge-failed",
+ "docs/fr-ca/tenant-logs/gd-webauthn-enrollment-failed",
+ "docs/fr-ca/tenant-logs/idjag-exchange-failed",
+ "docs/fr-ca/tenant-logs/idjag-exchange-succeeded",
+ "docs/fr-ca/tenant-logs/jwt-bearer-exchange-failed",
+ "docs/fr-ca/tenant-logs/kms-key-management-failure",
+ "docs/fr-ca/tenant-logs/kms-key-management-success",
+ "docs/fr-ca/tenant-logs/kms-key-state-changed",
+ "docs/fr-ca/tenant-logs/limit-delegation",
+ "docs/fr-ca/tenant-logs/limit-mu",
+ "docs/fr-ca/tenant-logs/limit-sul",
+ "docs/fr-ca/tenant-logs/limit-wc",
+ "docs/fr-ca/tenant-logs/mfar",
+ "docs/fr-ca/tenant-logs/mgmt-api-read",
+ "docs/fr-ca/tenant-logs/my-account-authentication-method-failed",
+ "docs/fr-ca/tenant-logs/my-account-authentication-method-succeeded",
+ "docs/fr-ca/tenant-logs/oidc-backchannel-logout-failed",
+ "docs/fr-ca/tenant-logs/oidc-backchannel-logout-succeeded",
+ "docs/fr-ca/tenant-logs/organization-member-added",
+ "docs/fr-ca/tenant-logs/passkey-challenge-failed",
+ "docs/fr-ca/tenant-logs/passkey-challenge-started",
+ "docs/fr-ca/tenant-logs/pla",
+ "docs/fr-ca/tenant-logs/pwd-leak",
+ "docs/fr-ca/tenant-logs/reset-pwd-leak",
+ "docs/fr-ca/tenant-logs/resource-cleanup",
+ "docs/fr-ca/tenant-logs/rich-consents-access-error",
+ "docs/fr-ca/tenant-logs/s",
+ "docs/fr-ca/tenant-logs/sapi",
+ "docs/fr-ca/tenant-logs/sce",
+ "docs/fr-ca/tenant-logs/scoa",
+ "docs/fr-ca/tenant-logs/scp",
+ "docs/fr-ca/tenant-logs/scpn",
+ "docs/fr-ca/tenant-logs/scpr",
+ "docs/fr-ca/tenant-logs/scu",
+ "docs/fr-ca/tenant-logs/scv",
+ "docs/fr-ca/tenant-logs/sd",
+ "docs/fr-ca/tenant-logs/sdu",
+ "docs/fr-ca/tenant-logs/seacft",
+ "docs/fr-ca/tenant-logs/seccft",
+ "docs/fr-ca/tenant-logs/secte",
+ "docs/fr-ca/tenant-logs/sede",
+ "docs/fr-ca/tenant-logs/sens",
+ "docs/fr-ca/tenant-logs/seoobft",
+ "docs/fr-ca/tenant-logs/seotpft",
+ "docs/fr-ca/tenant-logs/sepft",
+ "docs/fr-ca/tenant-logs/sepkoobft",
+ "docs/fr-ca/tenant-logs/sepkotpft",
+ "docs/fr-ca/tenant-logs/sepkrcft",
+ "docs/fr-ca/tenant-logs/sercft",
+ "docs/fr-ca/tenant-logs/sertft",
+ "docs/fr-ca/tenant-logs/seta",
+ "docs/fr-ca/tenant-logs/si",
+ "docs/fr-ca/tenant-logs/slo",
+ "docs/fr-ca/tenant-logs/srrt",
+ "docs/fr-ca/tenant-logs/ss",
+ "docs/fr-ca/tenant-logs/ss-sso-failure",
+ "docs/fr-ca/tenant-logs/ss-sso-info",
+ "docs/fr-ca/tenant-logs/ss-sso-success",
+ "docs/fr-ca/tenant-logs/ssa",
+ "docs/fr-ca/tenant-logs/sscim",
+ "docs/fr-ca/tenant-logs/success-on-behalf-of-token-exchange",
+ "docs/fr-ca/tenant-logs/sui",
+ "docs/fr-ca/tenant-logs/sv",
+ "docs/fr-ca/tenant-logs/svr",
+ "docs/fr-ca/tenant-logs/ublkdu",
+ "docs/fr-ca/tenant-logs/universal-logout-failed",
+ "docs/fr-ca/tenant-logs/universal-logout-succeeded",
+ "docs/fr-ca/tenant-logs/w",
+ "docs/fr-ca/tenant-logs/wn",
+ "docs/fr-ca/tenant-logs/wum"
+ ]
+}
diff --git a/main/config/navigation/generated/tenant-logs.ja-jp.json b/main/config/navigation/generated/tenant-logs.ja-jp.json
new file mode 100644
index 0000000000..5b4f4303b1
--- /dev/null
+++ b/main/config/navigation/generated/tenant-logs.ja-jp.json
@@ -0,0 +1,164 @@
+{
+ "pages": [
+ "docs/ja-jp/tenant-logs",
+ "docs/ja-jp/tenant-logs/acls-summary",
+ "docs/ja-jp/tenant-logs/actions-execution-failed",
+ "docs/ja-jp/tenant-logs/acul-sdk-notice",
+ "docs/ja-jp/tenant-logs/api-limit",
+ "docs/ja-jp/tenant-logs/api-limit-warning",
+ "docs/ja-jp/tenant-logs/appi",
+ "docs/ja-jp/tenant-logs/ciba-exchange-failed",
+ "docs/ja-jp/tenant-logs/ciba-exchange-succeeded",
+ "docs/ja-jp/tenant-logs/ciba-start-failed",
+ "docs/ja-jp/tenant-logs/ciba-start-succeeded",
+ "docs/ja-jp/tenant-logs/cls",
+ "docs/ja-jp/tenant-logs/connected-accounts-connection-failed",
+ "docs/ja-jp/tenant-logs/connected-accounts-connection-succeeded",
+ "docs/ja-jp/tenant-logs/connected-accounts-delete-failed",
+ "docs/ja-jp/tenant-logs/connected-accounts-delete-succeeded",
+ "docs/ja-jp/tenant-logs/cs",
+ "docs/ja-jp/tenant-logs/custom-domain-verification-failed",
+ "docs/ja-jp/tenant-logs/depnote",
+ "docs/ja-jp/tenant-logs/directory-sync-completed",
+ "docs/ja-jp/tenant-logs/directory-sync-failed",
+ "docs/ja-jp/tenant-logs/directory-sync-started",
+ "docs/ja-jp/tenant-logs/f",
+ "docs/ja-jp/tenant-logs/failed-on-behalf-of-token-exchange",
+ "docs/ja-jp/tenant-logs/fce",
+ "docs/ja-jp/tenant-logs/fco",
+ "docs/ja-jp/tenant-logs/fcoa",
+ "docs/ja-jp/tenant-logs/fcp",
+ "docs/ja-jp/tenant-logs/fcph",
+ "docs/ja-jp/tenant-logs/fcpn",
+ "docs/ja-jp/tenant-logs/fcpr",
+ "docs/ja-jp/tenant-logs/fcpro",
+ "docs/ja-jp/tenant-logs/fcu",
+ "docs/ja-jp/tenant-logs/fd",
+ "docs/ja-jp/tenant-logs/fdeac",
+ "docs/ja-jp/tenant-logs/fdeaz",
+ "docs/ja-jp/tenant-logs/fdecc",
+ "docs/ja-jp/tenant-logs/fdu",
+ "docs/ja-jp/tenant-logs/feacft",
+ "docs/ja-jp/tenant-logs/feccft",
+ "docs/ja-jp/tenant-logs/fecte",
+ "docs/ja-jp/tenant-logs/fede",
+ "docs/ja-jp/tenant-logs/federated-logout-failed",
+ "docs/ja-jp/tenant-logs/fens",
+ "docs/ja-jp/tenant-logs/feoobft",
+ "docs/ja-jp/tenant-logs/feotpft",
+ "docs/ja-jp/tenant-logs/fepft",
+ "docs/ja-jp/tenant-logs/fepotpft",
+ "docs/ja-jp/tenant-logs/fercft",
+ "docs/ja-jp/tenant-logs/ferrt",
+ "docs/ja-jp/tenant-logs/fertft",
+ "docs/ja-jp/tenant-logs/feta",
+ "docs/ja-jp/tenant-logs/fi",
+ "docs/ja-jp/tenant-logs/flo",
+ "docs/ja-jp/tenant-logs/flows-execution-completed",
+ "docs/ja-jp/tenant-logs/flows-execution-failed",
+ "docs/ja-jp/tenant-logs/fn",
+ "docs/ja-jp/tenant-logs/forms-submission-failed",
+ "docs/ja-jp/tenant-logs/forms-submission-succeeded",
+ "docs/ja-jp/tenant-logs/fp",
+ "docs/ja-jp/tenant-logs/fpar",
+ "docs/ja-jp/tenant-logs/fpurh",
+ "docs/ja-jp/tenant-logs/fs",
+ "docs/ja-jp/tenant-logs/fsa",
+ "docs/ja-jp/tenant-logs/fu",
+ "docs/ja-jp/tenant-logs/fui",
+ "docs/ja-jp/tenant-logs/fv",
+ "docs/ja-jp/tenant-logs/fvr",
+ "docs/ja-jp/tenant-logs/gd-auth-email-verification",
+ "docs/ja-jp/tenant-logs/gd-auth-failed",
+ "docs/ja-jp/tenant-logs/gd-auth-rejected",
+ "docs/ja-jp/tenant-logs/gd-auth-succeed",
+ "docs/ja-jp/tenant-logs/gd-enrollment-complete",
+ "docs/ja-jp/tenant-logs/gd-otp-rate-limit-exceed",
+ "docs/ja-jp/tenant-logs/gd-recovery-failed",
+ "docs/ja-jp/tenant-logs/gd-recovery-succeed",
+ "docs/ja-jp/tenant-logs/gd-send-email",
+ "docs/ja-jp/tenant-logs/gd-send-email-verification",
+ "docs/ja-jp/tenant-logs/gd-send-pn",
+ "docs/ja-jp/tenant-logs/gd-send-pn-failure",
+ "docs/ja-jp/tenant-logs/gd-send-sms",
+ "docs/ja-jp/tenant-logs/gd-send-sms-failure",
+ "docs/ja-jp/tenant-logs/gd-send-voice",
+ "docs/ja-jp/tenant-logs/gd-send-voice-failure",
+ "docs/ja-jp/tenant-logs/gd-start-auth",
+ "docs/ja-jp/tenant-logs/gd-start-enroll",
+ "docs/ja-jp/tenant-logs/gd-start-enroll-failed",
+ "docs/ja-jp/tenant-logs/gd-tenant-update",
+ "docs/ja-jp/tenant-logs/gd-unenroll",
+ "docs/ja-jp/tenant-logs/gd-update-device-account",
+ "docs/ja-jp/tenant-logs/gd-webauthn-challenge-failed",
+ "docs/ja-jp/tenant-logs/gd-webauthn-enrollment-failed",
+ "docs/ja-jp/tenant-logs/idjag-exchange-failed",
+ "docs/ja-jp/tenant-logs/idjag-exchange-succeeded",
+ "docs/ja-jp/tenant-logs/jwt-bearer-exchange-failed",
+ "docs/ja-jp/tenant-logs/kms-key-management-failure",
+ "docs/ja-jp/tenant-logs/kms-key-management-success",
+ "docs/ja-jp/tenant-logs/kms-key-state-changed",
+ "docs/ja-jp/tenant-logs/limit-delegation",
+ "docs/ja-jp/tenant-logs/limit-mu",
+ "docs/ja-jp/tenant-logs/limit-sul",
+ "docs/ja-jp/tenant-logs/limit-wc",
+ "docs/ja-jp/tenant-logs/mfar",
+ "docs/ja-jp/tenant-logs/mgmt-api-read",
+ "docs/ja-jp/tenant-logs/my-account-authentication-method-failed",
+ "docs/ja-jp/tenant-logs/my-account-authentication-method-succeeded",
+ "docs/ja-jp/tenant-logs/oidc-backchannel-logout-failed",
+ "docs/ja-jp/tenant-logs/oidc-backchannel-logout-succeeded",
+ "docs/ja-jp/tenant-logs/organization-member-added",
+ "docs/ja-jp/tenant-logs/passkey-challenge-failed",
+ "docs/ja-jp/tenant-logs/passkey-challenge-started",
+ "docs/ja-jp/tenant-logs/pla",
+ "docs/ja-jp/tenant-logs/pwd-leak",
+ "docs/ja-jp/tenant-logs/reset-pwd-leak",
+ "docs/ja-jp/tenant-logs/resource-cleanup",
+ "docs/ja-jp/tenant-logs/rich-consents-access-error",
+ "docs/ja-jp/tenant-logs/s",
+ "docs/ja-jp/tenant-logs/sapi",
+ "docs/ja-jp/tenant-logs/sce",
+ "docs/ja-jp/tenant-logs/scoa",
+ "docs/ja-jp/tenant-logs/scp",
+ "docs/ja-jp/tenant-logs/scpn",
+ "docs/ja-jp/tenant-logs/scpr",
+ "docs/ja-jp/tenant-logs/scu",
+ "docs/ja-jp/tenant-logs/scv",
+ "docs/ja-jp/tenant-logs/sd",
+ "docs/ja-jp/tenant-logs/sdu",
+ "docs/ja-jp/tenant-logs/seacft",
+ "docs/ja-jp/tenant-logs/seccft",
+ "docs/ja-jp/tenant-logs/secte",
+ "docs/ja-jp/tenant-logs/sede",
+ "docs/ja-jp/tenant-logs/sens",
+ "docs/ja-jp/tenant-logs/seoobft",
+ "docs/ja-jp/tenant-logs/seotpft",
+ "docs/ja-jp/tenant-logs/sepft",
+ "docs/ja-jp/tenant-logs/sepkoobft",
+ "docs/ja-jp/tenant-logs/sepkotpft",
+ "docs/ja-jp/tenant-logs/sepkrcft",
+ "docs/ja-jp/tenant-logs/sercft",
+ "docs/ja-jp/tenant-logs/sertft",
+ "docs/ja-jp/tenant-logs/seta",
+ "docs/ja-jp/tenant-logs/si",
+ "docs/ja-jp/tenant-logs/slo",
+ "docs/ja-jp/tenant-logs/srrt",
+ "docs/ja-jp/tenant-logs/ss",
+ "docs/ja-jp/tenant-logs/ss-sso-failure",
+ "docs/ja-jp/tenant-logs/ss-sso-info",
+ "docs/ja-jp/tenant-logs/ss-sso-success",
+ "docs/ja-jp/tenant-logs/ssa",
+ "docs/ja-jp/tenant-logs/sscim",
+ "docs/ja-jp/tenant-logs/success-on-behalf-of-token-exchange",
+ "docs/ja-jp/tenant-logs/sui",
+ "docs/ja-jp/tenant-logs/sv",
+ "docs/ja-jp/tenant-logs/svr",
+ "docs/ja-jp/tenant-logs/ublkdu",
+ "docs/ja-jp/tenant-logs/universal-logout-failed",
+ "docs/ja-jp/tenant-logs/universal-logout-succeeded",
+ "docs/ja-jp/tenant-logs/w",
+ "docs/ja-jp/tenant-logs/wn",
+ "docs/ja-jp/tenant-logs/wum"
+ ]
+}
diff --git a/main/docs/fr-ca/tenant-logs/_metadata.json b/main/docs/fr-ca/tenant-logs/_metadata.json
new file mode 100644
index 0000000000..aa5045d366
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/_metadata.json
@@ -0,0 +1,3 @@
+{
+ "schemaVersion": "2.131.0"
+}
diff --git a/main/docs/fr-ca/tenant-logs/acls-summary.mdx b/main/docs/fr-ca/tenant-logs/acls-summary.mdx
new file mode 100644
index 0000000000..093d4aea19
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/acls-summary.mdx
@@ -0,0 +1,8 @@
+---
+title: "acls_summary"
+openapi-schema: logs-schema acls_summary
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/actions-execution-failed.mdx b/main/docs/fr-ca/tenant-logs/actions-execution-failed.mdx
new file mode 100644
index 0000000000..1118b69d3d
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/actions-execution-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "actions_execution_failed"
+openapi-schema: logs-schema actions_execution_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/acul-sdk-notice.mdx b/main/docs/fr-ca/tenant-logs/acul-sdk-notice.mdx
new file mode 100644
index 0000000000..3ac9977c6b
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/acul-sdk-notice.mdx
@@ -0,0 +1,8 @@
+---
+title: "acul_sdk_notice"
+openapi-schema: logs-schema acul_sdk_notice
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/api-limit-warning.mdx b/main/docs/fr-ca/tenant-logs/api-limit-warning.mdx
new file mode 100644
index 0000000000..b957187034
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/api-limit-warning.mdx
@@ -0,0 +1,8 @@
+---
+title: "api_limit_warning"
+openapi-schema: logs-schema api_limit_warning
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/api-limit.mdx b/main/docs/fr-ca/tenant-logs/api-limit.mdx
new file mode 100644
index 0000000000..c5b1e00233
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/api-limit.mdx
@@ -0,0 +1,8 @@
+---
+title: "api_limit"
+openapi-schema: logs-schema api_limit
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/appi.mdx b/main/docs/fr-ca/tenant-logs/appi.mdx
new file mode 100644
index 0000000000..aa1889c48e
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/appi.mdx
@@ -0,0 +1,8 @@
+---
+title: "appi"
+openapi-schema: logs-schema appi
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/ciba-exchange-failed.mdx b/main/docs/fr-ca/tenant-logs/ciba-exchange-failed.mdx
new file mode 100644
index 0000000000..6bf353dc43
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/ciba-exchange-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "ciba_exchange_failed"
+openapi-schema: logs-schema ciba_exchange_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/ciba-exchange-succeeded.mdx b/main/docs/fr-ca/tenant-logs/ciba-exchange-succeeded.mdx
new file mode 100644
index 0000000000..00b08144ed
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/ciba-exchange-succeeded.mdx
@@ -0,0 +1,8 @@
+---
+title: "ciba_exchange_succeeded"
+openapi-schema: logs-schema ciba_exchange_succeeded
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/ciba-start-failed.mdx b/main/docs/fr-ca/tenant-logs/ciba-start-failed.mdx
new file mode 100644
index 0000000000..9dba690e8c
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/ciba-start-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "ciba_start_failed"
+openapi-schema: logs-schema ciba_start_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/ciba-start-succeeded.mdx b/main/docs/fr-ca/tenant-logs/ciba-start-succeeded.mdx
new file mode 100644
index 0000000000..518f536d96
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/ciba-start-succeeded.mdx
@@ -0,0 +1,8 @@
+---
+title: "ciba_start_succeeded"
+openapi-schema: logs-schema ciba_start_succeeded
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/cls.mdx b/main/docs/fr-ca/tenant-logs/cls.mdx
new file mode 100644
index 0000000000..b110579073
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/cls.mdx
@@ -0,0 +1,8 @@
+---
+title: "cls"
+openapi-schema: logs-schema cls
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/connected-accounts-connection-failed.mdx b/main/docs/fr-ca/tenant-logs/connected-accounts-connection-failed.mdx
new file mode 100644
index 0000000000..21e2fa6fb0
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/connected-accounts-connection-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "connected_accounts_connection_failed"
+openapi-schema: logs-schema connected_accounts_connection_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/connected-accounts-connection-succeeded.mdx b/main/docs/fr-ca/tenant-logs/connected-accounts-connection-succeeded.mdx
new file mode 100644
index 0000000000..f9bbda95e1
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/connected-accounts-connection-succeeded.mdx
@@ -0,0 +1,8 @@
+---
+title: "connected_accounts_connection_succeeded"
+openapi-schema: logs-schema connected_accounts_connection_succeeded
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/connected-accounts-delete-failed.mdx b/main/docs/fr-ca/tenant-logs/connected-accounts-delete-failed.mdx
new file mode 100644
index 0000000000..0d63b16142
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/connected-accounts-delete-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "connected_accounts_delete_failed"
+openapi-schema: logs-schema connected_accounts_delete_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/connected-accounts-delete-succeeded.mdx b/main/docs/fr-ca/tenant-logs/connected-accounts-delete-succeeded.mdx
new file mode 100644
index 0000000000..89fa24d7fa
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/connected-accounts-delete-succeeded.mdx
@@ -0,0 +1,8 @@
+---
+title: "connected_accounts_delete_succeeded"
+openapi-schema: logs-schema connected_accounts_delete_succeeded
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/cs.mdx b/main/docs/fr-ca/tenant-logs/cs.mdx
new file mode 100644
index 0000000000..0029dea0f9
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/cs.mdx
@@ -0,0 +1,8 @@
+---
+title: "cs"
+openapi-schema: logs-schema cs
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/custom-domain-verification-failed.mdx b/main/docs/fr-ca/tenant-logs/custom-domain-verification-failed.mdx
new file mode 100644
index 0000000000..6224072e65
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/custom-domain-verification-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "custom_domain_verification_failed"
+openapi-schema: logs-schema custom_domain_verification_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/depnote.mdx b/main/docs/fr-ca/tenant-logs/depnote.mdx
new file mode 100644
index 0000000000..2b0e2eec3e
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/depnote.mdx
@@ -0,0 +1,8 @@
+---
+title: "depnote"
+openapi-schema: logs-schema depnote
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/directory-sync-completed.mdx b/main/docs/fr-ca/tenant-logs/directory-sync-completed.mdx
new file mode 100644
index 0000000000..1dd8ea0bd4
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/directory-sync-completed.mdx
@@ -0,0 +1,8 @@
+---
+title: "directory_sync_completed"
+openapi-schema: logs-schema directory_sync_completed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/directory-sync-failed.mdx b/main/docs/fr-ca/tenant-logs/directory-sync-failed.mdx
new file mode 100644
index 0000000000..80ddfbb7b2
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/directory-sync-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "directory_sync_failed"
+openapi-schema: logs-schema directory_sync_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/directory-sync-started.mdx b/main/docs/fr-ca/tenant-logs/directory-sync-started.mdx
new file mode 100644
index 0000000000..b0edd5f915
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/directory-sync-started.mdx
@@ -0,0 +1,8 @@
+---
+title: "directory_sync_started"
+openapi-schema: logs-schema directory_sync_started
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/f.mdx b/main/docs/fr-ca/tenant-logs/f.mdx
new file mode 100644
index 0000000000..c3cba7f88c
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/f.mdx
@@ -0,0 +1,8 @@
+---
+title: "f"
+openapi-schema: logs-schema f
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/failed-on-behalf-of-token-exchange.mdx b/main/docs/fr-ca/tenant-logs/failed-on-behalf-of-token-exchange.mdx
new file mode 100644
index 0000000000..47f623add2
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/failed-on-behalf-of-token-exchange.mdx
@@ -0,0 +1,8 @@
+---
+title: "failed_on_behalf_of_token_exchange"
+openapi-schema: logs-schema failed_on_behalf_of_token_exchange
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/fce.mdx b/main/docs/fr-ca/tenant-logs/fce.mdx
new file mode 100644
index 0000000000..371a206262
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/fce.mdx
@@ -0,0 +1,8 @@
+---
+title: "fce"
+openapi-schema: logs-schema fce
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/fco.mdx b/main/docs/fr-ca/tenant-logs/fco.mdx
new file mode 100644
index 0000000000..fcf9b788f5
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/fco.mdx
@@ -0,0 +1,8 @@
+---
+title: "fco"
+openapi-schema: logs-schema fco
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/fcoa.mdx b/main/docs/fr-ca/tenant-logs/fcoa.mdx
new file mode 100644
index 0000000000..e202413ee8
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/fcoa.mdx
@@ -0,0 +1,8 @@
+---
+title: "fcoa"
+openapi-schema: logs-schema fcoa
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/fcp.mdx b/main/docs/fr-ca/tenant-logs/fcp.mdx
new file mode 100644
index 0000000000..8d3153f488
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/fcp.mdx
@@ -0,0 +1,8 @@
+---
+title: "fcp"
+openapi-schema: logs-schema fcp
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/fcph.mdx b/main/docs/fr-ca/tenant-logs/fcph.mdx
new file mode 100644
index 0000000000..d7169eab1b
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/fcph.mdx
@@ -0,0 +1,8 @@
+---
+title: "fcph"
+openapi-schema: logs-schema fcph
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/fcpn.mdx b/main/docs/fr-ca/tenant-logs/fcpn.mdx
new file mode 100644
index 0000000000..3c8c84f8ee
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/fcpn.mdx
@@ -0,0 +1,8 @@
+---
+title: "fcpn"
+openapi-schema: logs-schema fcpn
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/fcpr.mdx b/main/docs/fr-ca/tenant-logs/fcpr.mdx
new file mode 100644
index 0000000000..d56ff6ba40
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/fcpr.mdx
@@ -0,0 +1,8 @@
+---
+title: "fcpr"
+openapi-schema: logs-schema fcpr
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/fcpro.mdx b/main/docs/fr-ca/tenant-logs/fcpro.mdx
new file mode 100644
index 0000000000..4a2a67d5c6
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/fcpro.mdx
@@ -0,0 +1,8 @@
+---
+title: "fcpro"
+openapi-schema: logs-schema fcpro
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/fcu.mdx b/main/docs/fr-ca/tenant-logs/fcu.mdx
new file mode 100644
index 0000000000..c3b0142713
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/fcu.mdx
@@ -0,0 +1,8 @@
+---
+title: "fcu"
+openapi-schema: logs-schema fcu
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/fd.mdx b/main/docs/fr-ca/tenant-logs/fd.mdx
new file mode 100644
index 0000000000..fd60c01dc6
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/fd.mdx
@@ -0,0 +1,8 @@
+---
+title: "fd"
+openapi-schema: logs-schema fd
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/fdeac.mdx b/main/docs/fr-ca/tenant-logs/fdeac.mdx
new file mode 100644
index 0000000000..959b5d781f
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/fdeac.mdx
@@ -0,0 +1,8 @@
+---
+title: "fdeac"
+openapi-schema: logs-schema fdeac
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/fdeaz.mdx b/main/docs/fr-ca/tenant-logs/fdeaz.mdx
new file mode 100644
index 0000000000..9dbec9d453
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/fdeaz.mdx
@@ -0,0 +1,8 @@
+---
+title: "fdeaz"
+openapi-schema: logs-schema fdeaz
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/fdecc.mdx b/main/docs/fr-ca/tenant-logs/fdecc.mdx
new file mode 100644
index 0000000000..de2f23d901
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/fdecc.mdx
@@ -0,0 +1,8 @@
+---
+title: "fdecc"
+openapi-schema: logs-schema fdecc
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/fdu.mdx b/main/docs/fr-ca/tenant-logs/fdu.mdx
new file mode 100644
index 0000000000..6df42066da
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/fdu.mdx
@@ -0,0 +1,8 @@
+---
+title: "fdu"
+openapi-schema: logs-schema fdu
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/feacft.mdx b/main/docs/fr-ca/tenant-logs/feacft.mdx
new file mode 100644
index 0000000000..cfabcf57c8
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/feacft.mdx
@@ -0,0 +1,8 @@
+---
+title: "feacft"
+openapi-schema: logs-schema feacft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/feccft.mdx b/main/docs/fr-ca/tenant-logs/feccft.mdx
new file mode 100644
index 0000000000..9b23480230
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/feccft.mdx
@@ -0,0 +1,8 @@
+---
+title: "feccft"
+openapi-schema: logs-schema feccft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/fecte.mdx b/main/docs/fr-ca/tenant-logs/fecte.mdx
new file mode 100644
index 0000000000..9af3c52542
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/fecte.mdx
@@ -0,0 +1,8 @@
+---
+title: "fecte"
+openapi-schema: logs-schema fecte
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/fede.mdx b/main/docs/fr-ca/tenant-logs/fede.mdx
new file mode 100644
index 0000000000..faca59e826
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/fede.mdx
@@ -0,0 +1,8 @@
+---
+title: "fede"
+openapi-schema: logs-schema fede
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/federated-logout-failed.mdx b/main/docs/fr-ca/tenant-logs/federated-logout-failed.mdx
new file mode 100644
index 0000000000..599da10d1c
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/federated-logout-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "federated_logout_failed"
+openapi-schema: logs-schema federated_logout_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/fens.mdx b/main/docs/fr-ca/tenant-logs/fens.mdx
new file mode 100644
index 0000000000..30b2692a06
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/fens.mdx
@@ -0,0 +1,8 @@
+---
+title: "fens"
+openapi-schema: logs-schema fens
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/feoobft.mdx b/main/docs/fr-ca/tenant-logs/feoobft.mdx
new file mode 100644
index 0000000000..ca40a8613f
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/feoobft.mdx
@@ -0,0 +1,8 @@
+---
+title: "feoobft"
+openapi-schema: logs-schema feoobft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/feotpft.mdx b/main/docs/fr-ca/tenant-logs/feotpft.mdx
new file mode 100644
index 0000000000..f2adef346d
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/feotpft.mdx
@@ -0,0 +1,8 @@
+---
+title: "feotpft"
+openapi-schema: logs-schema feotpft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/fepft.mdx b/main/docs/fr-ca/tenant-logs/fepft.mdx
new file mode 100644
index 0000000000..9d54c13b37
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/fepft.mdx
@@ -0,0 +1,8 @@
+---
+title: "fepft"
+openapi-schema: logs-schema fepft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/fepotpft.mdx b/main/docs/fr-ca/tenant-logs/fepotpft.mdx
new file mode 100644
index 0000000000..d7217efe2f
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/fepotpft.mdx
@@ -0,0 +1,8 @@
+---
+title: "fepotpft"
+openapi-schema: logs-schema fepotpft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/fercft.mdx b/main/docs/fr-ca/tenant-logs/fercft.mdx
new file mode 100644
index 0000000000..23ef538b76
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/fercft.mdx
@@ -0,0 +1,8 @@
+---
+title: "fercft"
+openapi-schema: logs-schema fercft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/ferrt.mdx b/main/docs/fr-ca/tenant-logs/ferrt.mdx
new file mode 100644
index 0000000000..e1daab0a60
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/ferrt.mdx
@@ -0,0 +1,8 @@
+---
+title: "ferrt"
+openapi-schema: logs-schema ferrt
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/fertft.mdx b/main/docs/fr-ca/tenant-logs/fertft.mdx
new file mode 100644
index 0000000000..0aaf6c48f8
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/fertft.mdx
@@ -0,0 +1,8 @@
+---
+title: "fertft"
+openapi-schema: logs-schema fertft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/feta.mdx b/main/docs/fr-ca/tenant-logs/feta.mdx
new file mode 100644
index 0000000000..a9291eda52
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/feta.mdx
@@ -0,0 +1,8 @@
+---
+title: "feta"
+openapi-schema: logs-schema feta
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/fi.mdx b/main/docs/fr-ca/tenant-logs/fi.mdx
new file mode 100644
index 0000000000..82d81ffbb5
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/fi.mdx
@@ -0,0 +1,8 @@
+---
+title: "fi"
+openapi-schema: logs-schema fi
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/flo.mdx b/main/docs/fr-ca/tenant-logs/flo.mdx
new file mode 100644
index 0000000000..380c25693e
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/flo.mdx
@@ -0,0 +1,8 @@
+---
+title: "flo"
+openapi-schema: logs-schema flo
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/flows-execution-completed.mdx b/main/docs/fr-ca/tenant-logs/flows-execution-completed.mdx
new file mode 100644
index 0000000000..2e2d14a576
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/flows-execution-completed.mdx
@@ -0,0 +1,8 @@
+---
+title: "flows_execution_completed"
+openapi-schema: logs-schema flows_execution_completed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/flows-execution-failed.mdx b/main/docs/fr-ca/tenant-logs/flows-execution-failed.mdx
new file mode 100644
index 0000000000..c26ffda221
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/flows-execution-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "flows_execution_failed"
+openapi-schema: logs-schema flows_execution_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/fn.mdx b/main/docs/fr-ca/tenant-logs/fn.mdx
new file mode 100644
index 0000000000..65d425531a
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/fn.mdx
@@ -0,0 +1,8 @@
+---
+title: "fn"
+openapi-schema: logs-schema fn
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/forms-submission-failed.mdx b/main/docs/fr-ca/tenant-logs/forms-submission-failed.mdx
new file mode 100644
index 0000000000..d1430e8d3c
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/forms-submission-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "forms_submission_failed"
+openapi-schema: logs-schema forms_submission_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/forms-submission-succeeded.mdx b/main/docs/fr-ca/tenant-logs/forms-submission-succeeded.mdx
new file mode 100644
index 0000000000..ed06e7e147
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/forms-submission-succeeded.mdx
@@ -0,0 +1,8 @@
+---
+title: "forms_submission_succeeded"
+openapi-schema: logs-schema forms_submission_succeeded
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/fp.mdx b/main/docs/fr-ca/tenant-logs/fp.mdx
new file mode 100644
index 0000000000..7a390ff18d
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/fp.mdx
@@ -0,0 +1,8 @@
+---
+title: "fp"
+openapi-schema: logs-schema fp
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/fpar.mdx b/main/docs/fr-ca/tenant-logs/fpar.mdx
new file mode 100644
index 0000000000..fc4f4f5d48
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/fpar.mdx
@@ -0,0 +1,8 @@
+---
+title: "fpar"
+openapi-schema: logs-schema fpar
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/fpurh.mdx b/main/docs/fr-ca/tenant-logs/fpurh.mdx
new file mode 100644
index 0000000000..ec6cfbb1ba
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/fpurh.mdx
@@ -0,0 +1,8 @@
+---
+title: "fpurh"
+openapi-schema: logs-schema fpurh
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/fs.mdx b/main/docs/fr-ca/tenant-logs/fs.mdx
new file mode 100644
index 0000000000..5d7a8ccc5e
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/fs.mdx
@@ -0,0 +1,8 @@
+---
+title: "fs"
+openapi-schema: logs-schema fs
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/fsa.mdx b/main/docs/fr-ca/tenant-logs/fsa.mdx
new file mode 100644
index 0000000000..85d76a0d6e
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/fsa.mdx
@@ -0,0 +1,8 @@
+---
+title: "fsa"
+openapi-schema: logs-schema fsa
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/fu.mdx b/main/docs/fr-ca/tenant-logs/fu.mdx
new file mode 100644
index 0000000000..fbb24dbbd1
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/fu.mdx
@@ -0,0 +1,8 @@
+---
+title: "fu"
+openapi-schema: logs-schema fu
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/fui.mdx b/main/docs/fr-ca/tenant-logs/fui.mdx
new file mode 100644
index 0000000000..617702e09c
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/fui.mdx
@@ -0,0 +1,8 @@
+---
+title: "fui"
+openapi-schema: logs-schema fui
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/fv.mdx b/main/docs/fr-ca/tenant-logs/fv.mdx
new file mode 100644
index 0000000000..280c6dcd13
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/fv.mdx
@@ -0,0 +1,8 @@
+---
+title: "fv"
+openapi-schema: logs-schema fv
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/fvr.mdx b/main/docs/fr-ca/tenant-logs/fvr.mdx
new file mode 100644
index 0000000000..256b2aaa00
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/fvr.mdx
@@ -0,0 +1,8 @@
+---
+title: "fvr"
+openapi-schema: logs-schema fvr
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/gd-auth-email-verification.mdx b/main/docs/fr-ca/tenant-logs/gd-auth-email-verification.mdx
new file mode 100644
index 0000000000..e51a9268e3
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/gd-auth-email-verification.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_auth_email_verification"
+openapi-schema: logs-schema gd_auth_email_verification
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/gd-auth-failed.mdx b/main/docs/fr-ca/tenant-logs/gd-auth-failed.mdx
new file mode 100644
index 0000000000..c1cfc3e34e
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/gd-auth-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_auth_failed"
+openapi-schema: logs-schema gd_auth_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/gd-auth-rejected.mdx b/main/docs/fr-ca/tenant-logs/gd-auth-rejected.mdx
new file mode 100644
index 0000000000..90d462b4a8
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/gd-auth-rejected.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_auth_rejected"
+openapi-schema: logs-schema gd_auth_rejected
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/gd-auth-succeed.mdx b/main/docs/fr-ca/tenant-logs/gd-auth-succeed.mdx
new file mode 100644
index 0000000000..e269d0d51f
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/gd-auth-succeed.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_auth_succeed"
+openapi-schema: logs-schema gd_auth_succeed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/gd-enrollment-complete.mdx b/main/docs/fr-ca/tenant-logs/gd-enrollment-complete.mdx
new file mode 100644
index 0000000000..06f570abc8
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/gd-enrollment-complete.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_enrollment_complete"
+openapi-schema: logs-schema gd_enrollment_complete
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/gd-otp-rate-limit-exceed.mdx b/main/docs/fr-ca/tenant-logs/gd-otp-rate-limit-exceed.mdx
new file mode 100644
index 0000000000..b086a7624a
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/gd-otp-rate-limit-exceed.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_otp_rate_limit_exceed"
+openapi-schema: logs-schema gd_otp_rate_limit_exceed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/gd-recovery-failed.mdx b/main/docs/fr-ca/tenant-logs/gd-recovery-failed.mdx
new file mode 100644
index 0000000000..e3cc0eca69
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/gd-recovery-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_recovery_failed"
+openapi-schema: logs-schema gd_recovery_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/gd-recovery-succeed.mdx b/main/docs/fr-ca/tenant-logs/gd-recovery-succeed.mdx
new file mode 100644
index 0000000000..772002bdb8
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/gd-recovery-succeed.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_recovery_succeed"
+openapi-schema: logs-schema gd_recovery_succeed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/gd-send-email-verification.mdx b/main/docs/fr-ca/tenant-logs/gd-send-email-verification.mdx
new file mode 100644
index 0000000000..187545f53d
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/gd-send-email-verification.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_send_email_verification"
+openapi-schema: logs-schema gd_send_email_verification
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/gd-send-email.mdx b/main/docs/fr-ca/tenant-logs/gd-send-email.mdx
new file mode 100644
index 0000000000..e150179892
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/gd-send-email.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_send_email"
+openapi-schema: logs-schema gd_send_email
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/gd-send-pn-failure.mdx b/main/docs/fr-ca/tenant-logs/gd-send-pn-failure.mdx
new file mode 100644
index 0000000000..3b912b9196
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/gd-send-pn-failure.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_send_pn_failure"
+openapi-schema: logs-schema gd_send_pn_failure
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/gd-send-pn.mdx b/main/docs/fr-ca/tenant-logs/gd-send-pn.mdx
new file mode 100644
index 0000000000..afd6bdc89a
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/gd-send-pn.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_send_pn"
+openapi-schema: logs-schema gd_send_pn
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/gd-send-sms-failure.mdx b/main/docs/fr-ca/tenant-logs/gd-send-sms-failure.mdx
new file mode 100644
index 0000000000..ac8857a2d8
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/gd-send-sms-failure.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_send_sms_failure"
+openapi-schema: logs-schema gd_send_sms_failure
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/gd-send-sms.mdx b/main/docs/fr-ca/tenant-logs/gd-send-sms.mdx
new file mode 100644
index 0000000000..3786da58d9
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/gd-send-sms.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_send_sms"
+openapi-schema: logs-schema gd_send_sms
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/gd-send-voice-failure.mdx b/main/docs/fr-ca/tenant-logs/gd-send-voice-failure.mdx
new file mode 100644
index 0000000000..f0ed2a8de6
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/gd-send-voice-failure.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_send_voice_failure"
+openapi-schema: logs-schema gd_send_voice_failure
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/gd-send-voice.mdx b/main/docs/fr-ca/tenant-logs/gd-send-voice.mdx
new file mode 100644
index 0000000000..3114e5927c
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/gd-send-voice.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_send_voice"
+openapi-schema: logs-schema gd_send_voice
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/gd-start-auth.mdx b/main/docs/fr-ca/tenant-logs/gd-start-auth.mdx
new file mode 100644
index 0000000000..cb736e7d2e
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/gd-start-auth.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_start_auth"
+openapi-schema: logs-schema gd_start_auth
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/gd-start-enroll-failed.mdx b/main/docs/fr-ca/tenant-logs/gd-start-enroll-failed.mdx
new file mode 100644
index 0000000000..f2ae5850df
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/gd-start-enroll-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_start_enroll_failed"
+openapi-schema: logs-schema gd_start_enroll_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/gd-start-enroll.mdx b/main/docs/fr-ca/tenant-logs/gd-start-enroll.mdx
new file mode 100644
index 0000000000..44c9f579eb
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/gd-start-enroll.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_start_enroll"
+openapi-schema: logs-schema gd_start_enroll
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/gd-tenant-update.mdx b/main/docs/fr-ca/tenant-logs/gd-tenant-update.mdx
new file mode 100644
index 0000000000..98fa966065
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/gd-tenant-update.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_tenant_update"
+openapi-schema: logs-schema gd_tenant_update
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/gd-unenroll.mdx b/main/docs/fr-ca/tenant-logs/gd-unenroll.mdx
new file mode 100644
index 0000000000..a370502d66
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/gd-unenroll.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_unenroll"
+openapi-schema: logs-schema gd_unenroll
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/gd-update-device-account.mdx b/main/docs/fr-ca/tenant-logs/gd-update-device-account.mdx
new file mode 100644
index 0000000000..a7d9891041
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/gd-update-device-account.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_update_device_account"
+openapi-schema: logs-schema gd_update_device_account
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/gd-webauthn-challenge-failed.mdx b/main/docs/fr-ca/tenant-logs/gd-webauthn-challenge-failed.mdx
new file mode 100644
index 0000000000..c23e6ed06c
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/gd-webauthn-challenge-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_webauthn_challenge_failed"
+openapi-schema: logs-schema gd_webauthn_challenge_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/gd-webauthn-enrollment-failed.mdx b/main/docs/fr-ca/tenant-logs/gd-webauthn-enrollment-failed.mdx
new file mode 100644
index 0000000000..4b88d66d4d
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/gd-webauthn-enrollment-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_webauthn_enrollment_failed"
+openapi-schema: logs-schema gd_webauthn_enrollment_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/idjag-exchange-failed.mdx b/main/docs/fr-ca/tenant-logs/idjag-exchange-failed.mdx
new file mode 100644
index 0000000000..c293757ebb
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/idjag-exchange-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "idjag_exchange_failed"
+openapi-schema: logs-schema idjag_exchange_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/idjag-exchange-succeeded.mdx b/main/docs/fr-ca/tenant-logs/idjag-exchange-succeeded.mdx
new file mode 100644
index 0000000000..68d9c9038b
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/idjag-exchange-succeeded.mdx
@@ -0,0 +1,8 @@
+---
+title: "idjag_exchange_succeeded"
+openapi-schema: logs-schema idjag_exchange_succeeded
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/jwt-bearer-exchange-failed.mdx b/main/docs/fr-ca/tenant-logs/jwt-bearer-exchange-failed.mdx
new file mode 100644
index 0000000000..1aa3b3e2b9
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/jwt-bearer-exchange-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "jwt_bearer_exchange_failed"
+openapi-schema: logs-schema jwt_bearer_exchange_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/kms-key-management-failure.mdx b/main/docs/fr-ca/tenant-logs/kms-key-management-failure.mdx
new file mode 100644
index 0000000000..fd40918e33
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/kms-key-management-failure.mdx
@@ -0,0 +1,8 @@
+---
+title: "kms_key_management_failure"
+openapi-schema: logs-schema kms_key_management_failure
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/kms-key-management-success.mdx b/main/docs/fr-ca/tenant-logs/kms-key-management-success.mdx
new file mode 100644
index 0000000000..513f2ca254
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/kms-key-management-success.mdx
@@ -0,0 +1,8 @@
+---
+title: "kms_key_management_success"
+openapi-schema: logs-schema kms_key_management_success
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/kms-key-state-changed.mdx b/main/docs/fr-ca/tenant-logs/kms-key-state-changed.mdx
new file mode 100644
index 0000000000..5cfe421d0e
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/kms-key-state-changed.mdx
@@ -0,0 +1,8 @@
+---
+title: "kms_key_state_changed"
+openapi-schema: logs-schema kms_key_state_changed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/limit-delegation.mdx b/main/docs/fr-ca/tenant-logs/limit-delegation.mdx
new file mode 100644
index 0000000000..17b075b265
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/limit-delegation.mdx
@@ -0,0 +1,8 @@
+---
+title: "limit_delegation"
+openapi-schema: logs-schema limit_delegation
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/limit-mu.mdx b/main/docs/fr-ca/tenant-logs/limit-mu.mdx
new file mode 100644
index 0000000000..5b498c817d
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/limit-mu.mdx
@@ -0,0 +1,8 @@
+---
+title: "limit_mu"
+openapi-schema: logs-schema limit_mu
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/limit-sul.mdx b/main/docs/fr-ca/tenant-logs/limit-sul.mdx
new file mode 100644
index 0000000000..a654e1dc20
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/limit-sul.mdx
@@ -0,0 +1,8 @@
+---
+title: "limit_sul"
+openapi-schema: logs-schema limit_sul
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/limit-wc.mdx b/main/docs/fr-ca/tenant-logs/limit-wc.mdx
new file mode 100644
index 0000000000..d39359ab21
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/limit-wc.mdx
@@ -0,0 +1,8 @@
+---
+title: "limit_wc"
+openapi-schema: logs-schema limit_wc
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/mfar.mdx b/main/docs/fr-ca/tenant-logs/mfar.mdx
new file mode 100644
index 0000000000..f68d8f6a7f
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/mfar.mdx
@@ -0,0 +1,8 @@
+---
+title: "mfar"
+openapi-schema: logs-schema mfar
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/mgmt-api-read.mdx b/main/docs/fr-ca/tenant-logs/mgmt-api-read.mdx
new file mode 100644
index 0000000000..226da10318
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/mgmt-api-read.mdx
@@ -0,0 +1,8 @@
+---
+title: "mgmt_api_read"
+openapi-schema: logs-schema mgmt_api_read
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/my-account-authentication-method-failed.mdx b/main/docs/fr-ca/tenant-logs/my-account-authentication-method-failed.mdx
new file mode 100644
index 0000000000..fa5e7388ff
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/my-account-authentication-method-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "my_account_authentication_method_failed"
+openapi-schema: logs-schema my_account_authentication_method_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/my-account-authentication-method-succeeded.mdx b/main/docs/fr-ca/tenant-logs/my-account-authentication-method-succeeded.mdx
new file mode 100644
index 0000000000..eedc3a64fd
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/my-account-authentication-method-succeeded.mdx
@@ -0,0 +1,8 @@
+---
+title: "my_account_authentication_method_succeeded"
+openapi-schema: logs-schema my_account_authentication_method_succeeded
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/oidc-backchannel-logout-failed.mdx b/main/docs/fr-ca/tenant-logs/oidc-backchannel-logout-failed.mdx
new file mode 100644
index 0000000000..8b738d1af6
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/oidc-backchannel-logout-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "oidc_backchannel_logout_failed"
+openapi-schema: logs-schema oidc_backchannel_logout_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/oidc-backchannel-logout-succeeded.mdx b/main/docs/fr-ca/tenant-logs/oidc-backchannel-logout-succeeded.mdx
new file mode 100644
index 0000000000..319ff6aa79
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/oidc-backchannel-logout-succeeded.mdx
@@ -0,0 +1,8 @@
+---
+title: "oidc_backchannel_logout_succeeded"
+openapi-schema: logs-schema oidc_backchannel_logout_succeeded
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/organization-member-added.mdx b/main/docs/fr-ca/tenant-logs/organization-member-added.mdx
new file mode 100644
index 0000000000..92ec6c12e0
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/organization-member-added.mdx
@@ -0,0 +1,8 @@
+---
+title: "organization_member_added"
+openapi-schema: logs-schema organization_member_added
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/passkey-challenge-failed.mdx b/main/docs/fr-ca/tenant-logs/passkey-challenge-failed.mdx
new file mode 100644
index 0000000000..a3add7282a
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/passkey-challenge-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "passkey_challenge_failed"
+openapi-schema: logs-schema passkey_challenge_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/passkey-challenge-started.mdx b/main/docs/fr-ca/tenant-logs/passkey-challenge-started.mdx
new file mode 100644
index 0000000000..73169904cf
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/passkey-challenge-started.mdx
@@ -0,0 +1,8 @@
+---
+title: "passkey_challenge_started"
+openapi-schema: logs-schema passkey_challenge_started
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/pla.mdx b/main/docs/fr-ca/tenant-logs/pla.mdx
new file mode 100644
index 0000000000..dcea887320
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/pla.mdx
@@ -0,0 +1,8 @@
+---
+title: "pla"
+openapi-schema: logs-schema pla
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/pwd-leak.mdx b/main/docs/fr-ca/tenant-logs/pwd-leak.mdx
new file mode 100644
index 0000000000..0a6e41c02a
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/pwd-leak.mdx
@@ -0,0 +1,8 @@
+---
+title: "pwd_leak"
+openapi-schema: logs-schema pwd_leak
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/reset-pwd-leak.mdx b/main/docs/fr-ca/tenant-logs/reset-pwd-leak.mdx
new file mode 100644
index 0000000000..94e030f89f
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/reset-pwd-leak.mdx
@@ -0,0 +1,8 @@
+---
+title: "reset_pwd_leak"
+openapi-schema: logs-schema reset_pwd_leak
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/resource-cleanup.mdx b/main/docs/fr-ca/tenant-logs/resource-cleanup.mdx
new file mode 100644
index 0000000000..fc95ffa07f
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/resource-cleanup.mdx
@@ -0,0 +1,8 @@
+---
+title: "resource_cleanup"
+openapi-schema: logs-schema resource_cleanup
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/rich-consents-access-error.mdx b/main/docs/fr-ca/tenant-logs/rich-consents-access-error.mdx
new file mode 100644
index 0000000000..f53e4232f8
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/rich-consents-access-error.mdx
@@ -0,0 +1,8 @@
+---
+title: "rich_consents_access_error"
+openapi-schema: logs-schema rich_consents_access_error
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/s.mdx b/main/docs/fr-ca/tenant-logs/s.mdx
new file mode 100644
index 0000000000..605f6d0d08
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/s.mdx
@@ -0,0 +1,8 @@
+---
+title: "s"
+openapi-schema: logs-schema s
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/sapi.mdx b/main/docs/fr-ca/tenant-logs/sapi.mdx
new file mode 100644
index 0000000000..497a8b2bb3
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/sapi.mdx
@@ -0,0 +1,8 @@
+---
+title: "sapi"
+openapi-schema: logs-schema sapi
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/sce.mdx b/main/docs/fr-ca/tenant-logs/sce.mdx
new file mode 100644
index 0000000000..3a165712cb
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/sce.mdx
@@ -0,0 +1,8 @@
+---
+title: "sce"
+openapi-schema: logs-schema sce
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/scoa.mdx b/main/docs/fr-ca/tenant-logs/scoa.mdx
new file mode 100644
index 0000000000..d273e29cd6
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/scoa.mdx
@@ -0,0 +1,8 @@
+---
+title: "scoa"
+openapi-schema: logs-schema scoa
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/scp.mdx b/main/docs/fr-ca/tenant-logs/scp.mdx
new file mode 100644
index 0000000000..345ade5df9
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/scp.mdx
@@ -0,0 +1,8 @@
+---
+title: "scp"
+openapi-schema: logs-schema scp
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/scpn.mdx b/main/docs/fr-ca/tenant-logs/scpn.mdx
new file mode 100644
index 0000000000..dff793be4c
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/scpn.mdx
@@ -0,0 +1,8 @@
+---
+title: "scpn"
+openapi-schema: logs-schema scpn
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/scpr.mdx b/main/docs/fr-ca/tenant-logs/scpr.mdx
new file mode 100644
index 0000000000..086f62e7c1
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/scpr.mdx
@@ -0,0 +1,8 @@
+---
+title: "scpr"
+openapi-schema: logs-schema scpr
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/scu.mdx b/main/docs/fr-ca/tenant-logs/scu.mdx
new file mode 100644
index 0000000000..37d22a20b7
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/scu.mdx
@@ -0,0 +1,8 @@
+---
+title: "scu"
+openapi-schema: logs-schema scu
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/scv.mdx b/main/docs/fr-ca/tenant-logs/scv.mdx
new file mode 100644
index 0000000000..a02d110359
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/scv.mdx
@@ -0,0 +1,8 @@
+---
+title: "scv"
+openapi-schema: logs-schema scv
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/sd.mdx b/main/docs/fr-ca/tenant-logs/sd.mdx
new file mode 100644
index 0000000000..7e41706031
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/sd.mdx
@@ -0,0 +1,8 @@
+---
+title: "sd"
+openapi-schema: logs-schema sd
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/sdu.mdx b/main/docs/fr-ca/tenant-logs/sdu.mdx
new file mode 100644
index 0000000000..9881eb1bd7
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/sdu.mdx
@@ -0,0 +1,8 @@
+---
+title: "sdu"
+openapi-schema: logs-schema sdu
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/seacft.mdx b/main/docs/fr-ca/tenant-logs/seacft.mdx
new file mode 100644
index 0000000000..73139c2a20
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/seacft.mdx
@@ -0,0 +1,8 @@
+---
+title: "seacft"
+openapi-schema: logs-schema seacft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/seccft.mdx b/main/docs/fr-ca/tenant-logs/seccft.mdx
new file mode 100644
index 0000000000..3f60a864ed
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/seccft.mdx
@@ -0,0 +1,8 @@
+---
+title: "seccft"
+openapi-schema: logs-schema seccft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/secte.mdx b/main/docs/fr-ca/tenant-logs/secte.mdx
new file mode 100644
index 0000000000..995b0b68c4
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/secte.mdx
@@ -0,0 +1,8 @@
+---
+title: "secte"
+openapi-schema: logs-schema secte
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/sede.mdx b/main/docs/fr-ca/tenant-logs/sede.mdx
new file mode 100644
index 0000000000..3312eb9d2b
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/sede.mdx
@@ -0,0 +1,8 @@
+---
+title: "sede"
+openapi-schema: logs-schema sede
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/sens.mdx b/main/docs/fr-ca/tenant-logs/sens.mdx
new file mode 100644
index 0000000000..a6ad7179d6
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/sens.mdx
@@ -0,0 +1,8 @@
+---
+title: "sens"
+openapi-schema: logs-schema sens
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/seoobft.mdx b/main/docs/fr-ca/tenant-logs/seoobft.mdx
new file mode 100644
index 0000000000..5b45b1cbca
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/seoobft.mdx
@@ -0,0 +1,8 @@
+---
+title: "seoobft"
+openapi-schema: logs-schema seoobft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/seotpft.mdx b/main/docs/fr-ca/tenant-logs/seotpft.mdx
new file mode 100644
index 0000000000..77037e5b39
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/seotpft.mdx
@@ -0,0 +1,8 @@
+---
+title: "seotpft"
+openapi-schema: logs-schema seotpft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/sepft.mdx b/main/docs/fr-ca/tenant-logs/sepft.mdx
new file mode 100644
index 0000000000..cbbf4cf464
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/sepft.mdx
@@ -0,0 +1,8 @@
+---
+title: "sepft"
+openapi-schema: logs-schema sepft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/sepkoobft.mdx b/main/docs/fr-ca/tenant-logs/sepkoobft.mdx
new file mode 100644
index 0000000000..881f3e2952
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/sepkoobft.mdx
@@ -0,0 +1,8 @@
+---
+title: "sepkoobft"
+openapi-schema: logs-schema sepkoobft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/sepkotpft.mdx b/main/docs/fr-ca/tenant-logs/sepkotpft.mdx
new file mode 100644
index 0000000000..a406744075
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/sepkotpft.mdx
@@ -0,0 +1,8 @@
+---
+title: "sepkotpft"
+openapi-schema: logs-schema sepkotpft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/sepkrcft.mdx b/main/docs/fr-ca/tenant-logs/sepkrcft.mdx
new file mode 100644
index 0000000000..de2c7c1ba3
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/sepkrcft.mdx
@@ -0,0 +1,8 @@
+---
+title: "sepkrcft"
+openapi-schema: logs-schema sepkrcft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/sercft.mdx b/main/docs/fr-ca/tenant-logs/sercft.mdx
new file mode 100644
index 0000000000..40adba2620
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/sercft.mdx
@@ -0,0 +1,8 @@
+---
+title: "sercft"
+openapi-schema: logs-schema sercft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/sertft.mdx b/main/docs/fr-ca/tenant-logs/sertft.mdx
new file mode 100644
index 0000000000..0b243788d4
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/sertft.mdx
@@ -0,0 +1,8 @@
+---
+title: "sertft"
+openapi-schema: logs-schema sertft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/seta.mdx b/main/docs/fr-ca/tenant-logs/seta.mdx
new file mode 100644
index 0000000000..d074c7ae31
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/seta.mdx
@@ -0,0 +1,8 @@
+---
+title: "seta"
+openapi-schema: logs-schema seta
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/si.mdx b/main/docs/fr-ca/tenant-logs/si.mdx
new file mode 100644
index 0000000000..72c2f09f23
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/si.mdx
@@ -0,0 +1,8 @@
+---
+title: "si"
+openapi-schema: logs-schema si
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/slo.mdx b/main/docs/fr-ca/tenant-logs/slo.mdx
new file mode 100644
index 0000000000..ff4363f456
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/slo.mdx
@@ -0,0 +1,8 @@
+---
+title: "slo"
+openapi-schema: logs-schema slo
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/srrt.mdx b/main/docs/fr-ca/tenant-logs/srrt.mdx
new file mode 100644
index 0000000000..81f076c6fc
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/srrt.mdx
@@ -0,0 +1,8 @@
+---
+title: "srrt"
+openapi-schema: logs-schema srrt
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/ss-sso-failure.mdx b/main/docs/fr-ca/tenant-logs/ss-sso-failure.mdx
new file mode 100644
index 0000000000..1d25d3e806
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/ss-sso-failure.mdx
@@ -0,0 +1,8 @@
+---
+title: "ss_sso_failure"
+openapi-schema: logs-schema ss_sso_failure
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/ss-sso-info.mdx b/main/docs/fr-ca/tenant-logs/ss-sso-info.mdx
new file mode 100644
index 0000000000..4e4229619b
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/ss-sso-info.mdx
@@ -0,0 +1,8 @@
+---
+title: "ss_sso_info"
+openapi-schema: logs-schema ss_sso_info
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/ss-sso-success.mdx b/main/docs/fr-ca/tenant-logs/ss-sso-success.mdx
new file mode 100644
index 0000000000..77e6c9f58e
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/ss-sso-success.mdx
@@ -0,0 +1,8 @@
+---
+title: "ss_sso_success"
+openapi-schema: logs-schema ss_sso_success
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/ss.mdx b/main/docs/fr-ca/tenant-logs/ss.mdx
new file mode 100644
index 0000000000..fcfc483432
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/ss.mdx
@@ -0,0 +1,8 @@
+---
+title: "ss"
+openapi-schema: logs-schema ss
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/ssa.mdx b/main/docs/fr-ca/tenant-logs/ssa.mdx
new file mode 100644
index 0000000000..f715eba897
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/ssa.mdx
@@ -0,0 +1,8 @@
+---
+title: "ssa"
+openapi-schema: logs-schema ssa
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/sscim.mdx b/main/docs/fr-ca/tenant-logs/sscim.mdx
new file mode 100644
index 0000000000..cd5bb39f74
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/sscim.mdx
@@ -0,0 +1,8 @@
+---
+title: "sscim"
+openapi-schema: logs-schema sscim
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/success-on-behalf-of-token-exchange.mdx b/main/docs/fr-ca/tenant-logs/success-on-behalf-of-token-exchange.mdx
new file mode 100644
index 0000000000..dc5ca0bd5e
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/success-on-behalf-of-token-exchange.mdx
@@ -0,0 +1,8 @@
+---
+title: "success_on_behalf_of_token_exchange"
+openapi-schema: logs-schema success_on_behalf_of_token_exchange
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/sui.mdx b/main/docs/fr-ca/tenant-logs/sui.mdx
new file mode 100644
index 0000000000..1931449e95
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/sui.mdx
@@ -0,0 +1,8 @@
+---
+title: "sui"
+openapi-schema: logs-schema sui
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/sv.mdx b/main/docs/fr-ca/tenant-logs/sv.mdx
new file mode 100644
index 0000000000..48923d952b
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/sv.mdx
@@ -0,0 +1,8 @@
+---
+title: "sv"
+openapi-schema: logs-schema sv
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/svr.mdx b/main/docs/fr-ca/tenant-logs/svr.mdx
new file mode 100644
index 0000000000..aaae129b0a
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/svr.mdx
@@ -0,0 +1,8 @@
+---
+title: "svr"
+openapi-schema: logs-schema svr
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/ublkdu.mdx b/main/docs/fr-ca/tenant-logs/ublkdu.mdx
new file mode 100644
index 0000000000..74f56a3dfb
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/ublkdu.mdx
@@ -0,0 +1,8 @@
+---
+title: "ublkdu"
+openapi-schema: logs-schema ublkdu
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/universal-logout-failed.mdx b/main/docs/fr-ca/tenant-logs/universal-logout-failed.mdx
new file mode 100644
index 0000000000..2e0b2cef76
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/universal-logout-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "universal_logout_failed"
+openapi-schema: logs-schema universal_logout_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/universal-logout-succeeded.mdx b/main/docs/fr-ca/tenant-logs/universal-logout-succeeded.mdx
new file mode 100644
index 0000000000..88028bfa57
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/universal-logout-succeeded.mdx
@@ -0,0 +1,8 @@
+---
+title: "universal_logout_succeeded"
+openapi-schema: logs-schema universal_logout_succeeded
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/w.mdx b/main/docs/fr-ca/tenant-logs/w.mdx
new file mode 100644
index 0000000000..1897650298
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/w.mdx
@@ -0,0 +1,8 @@
+---
+title: "w"
+openapi-schema: logs-schema w
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/wn.mdx b/main/docs/fr-ca/tenant-logs/wn.mdx
new file mode 100644
index 0000000000..eed7deaeed
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/wn.mdx
@@ -0,0 +1,8 @@
+---
+title: "wn"
+openapi-schema: logs-schema wn
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/fr-ca/tenant-logs/wum.mdx b/main/docs/fr-ca/tenant-logs/wum.mdx
new file mode 100644
index 0000000000..35c7a69b84
--- /dev/null
+++ b/main/docs/fr-ca/tenant-logs/wum.mdx
@@ -0,0 +1,8 @@
+---
+title: "wum"
+openapi-schema: logs-schema wum
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/_metadata.json b/main/docs/ja-jp/tenant-logs/_metadata.json
new file mode 100644
index 0000000000..aa5045d366
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/_metadata.json
@@ -0,0 +1,3 @@
+{
+ "schemaVersion": "2.131.0"
+}
diff --git a/main/docs/ja-jp/tenant-logs/acls-summary.mdx b/main/docs/ja-jp/tenant-logs/acls-summary.mdx
new file mode 100644
index 0000000000..093d4aea19
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/acls-summary.mdx
@@ -0,0 +1,8 @@
+---
+title: "acls_summary"
+openapi-schema: logs-schema acls_summary
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/actions-execution-failed.mdx b/main/docs/ja-jp/tenant-logs/actions-execution-failed.mdx
new file mode 100644
index 0000000000..1118b69d3d
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/actions-execution-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "actions_execution_failed"
+openapi-schema: logs-schema actions_execution_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/acul-sdk-notice.mdx b/main/docs/ja-jp/tenant-logs/acul-sdk-notice.mdx
new file mode 100644
index 0000000000..3ac9977c6b
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/acul-sdk-notice.mdx
@@ -0,0 +1,8 @@
+---
+title: "acul_sdk_notice"
+openapi-schema: logs-schema acul_sdk_notice
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/api-limit-warning.mdx b/main/docs/ja-jp/tenant-logs/api-limit-warning.mdx
new file mode 100644
index 0000000000..b957187034
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/api-limit-warning.mdx
@@ -0,0 +1,8 @@
+---
+title: "api_limit_warning"
+openapi-schema: logs-schema api_limit_warning
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/api-limit.mdx b/main/docs/ja-jp/tenant-logs/api-limit.mdx
new file mode 100644
index 0000000000..c5b1e00233
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/api-limit.mdx
@@ -0,0 +1,8 @@
+---
+title: "api_limit"
+openapi-schema: logs-schema api_limit
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/appi.mdx b/main/docs/ja-jp/tenant-logs/appi.mdx
new file mode 100644
index 0000000000..aa1889c48e
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/appi.mdx
@@ -0,0 +1,8 @@
+---
+title: "appi"
+openapi-schema: logs-schema appi
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/ciba-exchange-failed.mdx b/main/docs/ja-jp/tenant-logs/ciba-exchange-failed.mdx
new file mode 100644
index 0000000000..6bf353dc43
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/ciba-exchange-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "ciba_exchange_failed"
+openapi-schema: logs-schema ciba_exchange_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/ciba-exchange-succeeded.mdx b/main/docs/ja-jp/tenant-logs/ciba-exchange-succeeded.mdx
new file mode 100644
index 0000000000..00b08144ed
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/ciba-exchange-succeeded.mdx
@@ -0,0 +1,8 @@
+---
+title: "ciba_exchange_succeeded"
+openapi-schema: logs-schema ciba_exchange_succeeded
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/ciba-start-failed.mdx b/main/docs/ja-jp/tenant-logs/ciba-start-failed.mdx
new file mode 100644
index 0000000000..9dba690e8c
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/ciba-start-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "ciba_start_failed"
+openapi-schema: logs-schema ciba_start_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/ciba-start-succeeded.mdx b/main/docs/ja-jp/tenant-logs/ciba-start-succeeded.mdx
new file mode 100644
index 0000000000..518f536d96
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/ciba-start-succeeded.mdx
@@ -0,0 +1,8 @@
+---
+title: "ciba_start_succeeded"
+openapi-schema: logs-schema ciba_start_succeeded
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/cls.mdx b/main/docs/ja-jp/tenant-logs/cls.mdx
new file mode 100644
index 0000000000..b110579073
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/cls.mdx
@@ -0,0 +1,8 @@
+---
+title: "cls"
+openapi-schema: logs-schema cls
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/connected-accounts-connection-failed.mdx b/main/docs/ja-jp/tenant-logs/connected-accounts-connection-failed.mdx
new file mode 100644
index 0000000000..21e2fa6fb0
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/connected-accounts-connection-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "connected_accounts_connection_failed"
+openapi-schema: logs-schema connected_accounts_connection_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/connected-accounts-connection-succeeded.mdx b/main/docs/ja-jp/tenant-logs/connected-accounts-connection-succeeded.mdx
new file mode 100644
index 0000000000..f9bbda95e1
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/connected-accounts-connection-succeeded.mdx
@@ -0,0 +1,8 @@
+---
+title: "connected_accounts_connection_succeeded"
+openapi-schema: logs-schema connected_accounts_connection_succeeded
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/connected-accounts-delete-failed.mdx b/main/docs/ja-jp/tenant-logs/connected-accounts-delete-failed.mdx
new file mode 100644
index 0000000000..0d63b16142
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/connected-accounts-delete-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "connected_accounts_delete_failed"
+openapi-schema: logs-schema connected_accounts_delete_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/connected-accounts-delete-succeeded.mdx b/main/docs/ja-jp/tenant-logs/connected-accounts-delete-succeeded.mdx
new file mode 100644
index 0000000000..89fa24d7fa
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/connected-accounts-delete-succeeded.mdx
@@ -0,0 +1,8 @@
+---
+title: "connected_accounts_delete_succeeded"
+openapi-schema: logs-schema connected_accounts_delete_succeeded
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/cs.mdx b/main/docs/ja-jp/tenant-logs/cs.mdx
new file mode 100644
index 0000000000..0029dea0f9
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/cs.mdx
@@ -0,0 +1,8 @@
+---
+title: "cs"
+openapi-schema: logs-schema cs
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/custom-domain-verification-failed.mdx b/main/docs/ja-jp/tenant-logs/custom-domain-verification-failed.mdx
new file mode 100644
index 0000000000..6224072e65
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/custom-domain-verification-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "custom_domain_verification_failed"
+openapi-schema: logs-schema custom_domain_verification_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/depnote.mdx b/main/docs/ja-jp/tenant-logs/depnote.mdx
new file mode 100644
index 0000000000..2b0e2eec3e
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/depnote.mdx
@@ -0,0 +1,8 @@
+---
+title: "depnote"
+openapi-schema: logs-schema depnote
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/directory-sync-completed.mdx b/main/docs/ja-jp/tenant-logs/directory-sync-completed.mdx
new file mode 100644
index 0000000000..1dd8ea0bd4
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/directory-sync-completed.mdx
@@ -0,0 +1,8 @@
+---
+title: "directory_sync_completed"
+openapi-schema: logs-schema directory_sync_completed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/directory-sync-failed.mdx b/main/docs/ja-jp/tenant-logs/directory-sync-failed.mdx
new file mode 100644
index 0000000000..80ddfbb7b2
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/directory-sync-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "directory_sync_failed"
+openapi-schema: logs-schema directory_sync_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/directory-sync-started.mdx b/main/docs/ja-jp/tenant-logs/directory-sync-started.mdx
new file mode 100644
index 0000000000..b0edd5f915
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/directory-sync-started.mdx
@@ -0,0 +1,8 @@
+---
+title: "directory_sync_started"
+openapi-schema: logs-schema directory_sync_started
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/f.mdx b/main/docs/ja-jp/tenant-logs/f.mdx
new file mode 100644
index 0000000000..c3cba7f88c
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/f.mdx
@@ -0,0 +1,8 @@
+---
+title: "f"
+openapi-schema: logs-schema f
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/failed-on-behalf-of-token-exchange.mdx b/main/docs/ja-jp/tenant-logs/failed-on-behalf-of-token-exchange.mdx
new file mode 100644
index 0000000000..47f623add2
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/failed-on-behalf-of-token-exchange.mdx
@@ -0,0 +1,8 @@
+---
+title: "failed_on_behalf_of_token_exchange"
+openapi-schema: logs-schema failed_on_behalf_of_token_exchange
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/fce.mdx b/main/docs/ja-jp/tenant-logs/fce.mdx
new file mode 100644
index 0000000000..371a206262
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/fce.mdx
@@ -0,0 +1,8 @@
+---
+title: "fce"
+openapi-schema: logs-schema fce
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/fco.mdx b/main/docs/ja-jp/tenant-logs/fco.mdx
new file mode 100644
index 0000000000..fcf9b788f5
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/fco.mdx
@@ -0,0 +1,8 @@
+---
+title: "fco"
+openapi-schema: logs-schema fco
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/fcoa.mdx b/main/docs/ja-jp/tenant-logs/fcoa.mdx
new file mode 100644
index 0000000000..e202413ee8
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/fcoa.mdx
@@ -0,0 +1,8 @@
+---
+title: "fcoa"
+openapi-schema: logs-schema fcoa
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/fcp.mdx b/main/docs/ja-jp/tenant-logs/fcp.mdx
new file mode 100644
index 0000000000..8d3153f488
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/fcp.mdx
@@ -0,0 +1,8 @@
+---
+title: "fcp"
+openapi-schema: logs-schema fcp
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/fcph.mdx b/main/docs/ja-jp/tenant-logs/fcph.mdx
new file mode 100644
index 0000000000..d7169eab1b
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/fcph.mdx
@@ -0,0 +1,8 @@
+---
+title: "fcph"
+openapi-schema: logs-schema fcph
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/fcpn.mdx b/main/docs/ja-jp/tenant-logs/fcpn.mdx
new file mode 100644
index 0000000000..3c8c84f8ee
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/fcpn.mdx
@@ -0,0 +1,8 @@
+---
+title: "fcpn"
+openapi-schema: logs-schema fcpn
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/fcpr.mdx b/main/docs/ja-jp/tenant-logs/fcpr.mdx
new file mode 100644
index 0000000000..d56ff6ba40
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/fcpr.mdx
@@ -0,0 +1,8 @@
+---
+title: "fcpr"
+openapi-schema: logs-schema fcpr
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/fcpro.mdx b/main/docs/ja-jp/tenant-logs/fcpro.mdx
new file mode 100644
index 0000000000..4a2a67d5c6
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/fcpro.mdx
@@ -0,0 +1,8 @@
+---
+title: "fcpro"
+openapi-schema: logs-schema fcpro
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/fcu.mdx b/main/docs/ja-jp/tenant-logs/fcu.mdx
new file mode 100644
index 0000000000..c3b0142713
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/fcu.mdx
@@ -0,0 +1,8 @@
+---
+title: "fcu"
+openapi-schema: logs-schema fcu
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/fd.mdx b/main/docs/ja-jp/tenant-logs/fd.mdx
new file mode 100644
index 0000000000..fd60c01dc6
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/fd.mdx
@@ -0,0 +1,8 @@
+---
+title: "fd"
+openapi-schema: logs-schema fd
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/fdeac.mdx b/main/docs/ja-jp/tenant-logs/fdeac.mdx
new file mode 100644
index 0000000000..959b5d781f
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/fdeac.mdx
@@ -0,0 +1,8 @@
+---
+title: "fdeac"
+openapi-schema: logs-schema fdeac
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/fdeaz.mdx b/main/docs/ja-jp/tenant-logs/fdeaz.mdx
new file mode 100644
index 0000000000..9dbec9d453
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/fdeaz.mdx
@@ -0,0 +1,8 @@
+---
+title: "fdeaz"
+openapi-schema: logs-schema fdeaz
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/fdecc.mdx b/main/docs/ja-jp/tenant-logs/fdecc.mdx
new file mode 100644
index 0000000000..de2f23d901
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/fdecc.mdx
@@ -0,0 +1,8 @@
+---
+title: "fdecc"
+openapi-schema: logs-schema fdecc
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/fdu.mdx b/main/docs/ja-jp/tenant-logs/fdu.mdx
new file mode 100644
index 0000000000..6df42066da
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/fdu.mdx
@@ -0,0 +1,8 @@
+---
+title: "fdu"
+openapi-schema: logs-schema fdu
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/feacft.mdx b/main/docs/ja-jp/tenant-logs/feacft.mdx
new file mode 100644
index 0000000000..cfabcf57c8
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/feacft.mdx
@@ -0,0 +1,8 @@
+---
+title: "feacft"
+openapi-schema: logs-schema feacft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/feccft.mdx b/main/docs/ja-jp/tenant-logs/feccft.mdx
new file mode 100644
index 0000000000..9b23480230
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/feccft.mdx
@@ -0,0 +1,8 @@
+---
+title: "feccft"
+openapi-schema: logs-schema feccft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/fecte.mdx b/main/docs/ja-jp/tenant-logs/fecte.mdx
new file mode 100644
index 0000000000..9af3c52542
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/fecte.mdx
@@ -0,0 +1,8 @@
+---
+title: "fecte"
+openapi-schema: logs-schema fecte
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/fede.mdx b/main/docs/ja-jp/tenant-logs/fede.mdx
new file mode 100644
index 0000000000..faca59e826
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/fede.mdx
@@ -0,0 +1,8 @@
+---
+title: "fede"
+openapi-schema: logs-schema fede
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/federated-logout-failed.mdx b/main/docs/ja-jp/tenant-logs/federated-logout-failed.mdx
new file mode 100644
index 0000000000..599da10d1c
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/federated-logout-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "federated_logout_failed"
+openapi-schema: logs-schema federated_logout_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/fens.mdx b/main/docs/ja-jp/tenant-logs/fens.mdx
new file mode 100644
index 0000000000..30b2692a06
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/fens.mdx
@@ -0,0 +1,8 @@
+---
+title: "fens"
+openapi-schema: logs-schema fens
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/feoobft.mdx b/main/docs/ja-jp/tenant-logs/feoobft.mdx
new file mode 100644
index 0000000000..ca40a8613f
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/feoobft.mdx
@@ -0,0 +1,8 @@
+---
+title: "feoobft"
+openapi-schema: logs-schema feoobft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/feotpft.mdx b/main/docs/ja-jp/tenant-logs/feotpft.mdx
new file mode 100644
index 0000000000..f2adef346d
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/feotpft.mdx
@@ -0,0 +1,8 @@
+---
+title: "feotpft"
+openapi-schema: logs-schema feotpft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/fepft.mdx b/main/docs/ja-jp/tenant-logs/fepft.mdx
new file mode 100644
index 0000000000..9d54c13b37
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/fepft.mdx
@@ -0,0 +1,8 @@
+---
+title: "fepft"
+openapi-schema: logs-schema fepft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/fepotpft.mdx b/main/docs/ja-jp/tenant-logs/fepotpft.mdx
new file mode 100644
index 0000000000..d7217efe2f
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/fepotpft.mdx
@@ -0,0 +1,8 @@
+---
+title: "fepotpft"
+openapi-schema: logs-schema fepotpft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/fercft.mdx b/main/docs/ja-jp/tenant-logs/fercft.mdx
new file mode 100644
index 0000000000..23ef538b76
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/fercft.mdx
@@ -0,0 +1,8 @@
+---
+title: "fercft"
+openapi-schema: logs-schema fercft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/ferrt.mdx b/main/docs/ja-jp/tenant-logs/ferrt.mdx
new file mode 100644
index 0000000000..e1daab0a60
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/ferrt.mdx
@@ -0,0 +1,8 @@
+---
+title: "ferrt"
+openapi-schema: logs-schema ferrt
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/fertft.mdx b/main/docs/ja-jp/tenant-logs/fertft.mdx
new file mode 100644
index 0000000000..0aaf6c48f8
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/fertft.mdx
@@ -0,0 +1,8 @@
+---
+title: "fertft"
+openapi-schema: logs-schema fertft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/feta.mdx b/main/docs/ja-jp/tenant-logs/feta.mdx
new file mode 100644
index 0000000000..a9291eda52
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/feta.mdx
@@ -0,0 +1,8 @@
+---
+title: "feta"
+openapi-schema: logs-schema feta
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/fi.mdx b/main/docs/ja-jp/tenant-logs/fi.mdx
new file mode 100644
index 0000000000..82d81ffbb5
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/fi.mdx
@@ -0,0 +1,8 @@
+---
+title: "fi"
+openapi-schema: logs-schema fi
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/flo.mdx b/main/docs/ja-jp/tenant-logs/flo.mdx
new file mode 100644
index 0000000000..380c25693e
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/flo.mdx
@@ -0,0 +1,8 @@
+---
+title: "flo"
+openapi-schema: logs-schema flo
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/flows-execution-completed.mdx b/main/docs/ja-jp/tenant-logs/flows-execution-completed.mdx
new file mode 100644
index 0000000000..2e2d14a576
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/flows-execution-completed.mdx
@@ -0,0 +1,8 @@
+---
+title: "flows_execution_completed"
+openapi-schema: logs-schema flows_execution_completed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/flows-execution-failed.mdx b/main/docs/ja-jp/tenant-logs/flows-execution-failed.mdx
new file mode 100644
index 0000000000..c26ffda221
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/flows-execution-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "flows_execution_failed"
+openapi-schema: logs-schema flows_execution_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/fn.mdx b/main/docs/ja-jp/tenant-logs/fn.mdx
new file mode 100644
index 0000000000..65d425531a
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/fn.mdx
@@ -0,0 +1,8 @@
+---
+title: "fn"
+openapi-schema: logs-schema fn
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/forms-submission-failed.mdx b/main/docs/ja-jp/tenant-logs/forms-submission-failed.mdx
new file mode 100644
index 0000000000..d1430e8d3c
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/forms-submission-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "forms_submission_failed"
+openapi-schema: logs-schema forms_submission_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/forms-submission-succeeded.mdx b/main/docs/ja-jp/tenant-logs/forms-submission-succeeded.mdx
new file mode 100644
index 0000000000..ed06e7e147
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/forms-submission-succeeded.mdx
@@ -0,0 +1,8 @@
+---
+title: "forms_submission_succeeded"
+openapi-schema: logs-schema forms_submission_succeeded
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/fp.mdx b/main/docs/ja-jp/tenant-logs/fp.mdx
new file mode 100644
index 0000000000..7a390ff18d
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/fp.mdx
@@ -0,0 +1,8 @@
+---
+title: "fp"
+openapi-schema: logs-schema fp
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/fpar.mdx b/main/docs/ja-jp/tenant-logs/fpar.mdx
new file mode 100644
index 0000000000..fc4f4f5d48
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/fpar.mdx
@@ -0,0 +1,8 @@
+---
+title: "fpar"
+openapi-schema: logs-schema fpar
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/fpurh.mdx b/main/docs/ja-jp/tenant-logs/fpurh.mdx
new file mode 100644
index 0000000000..ec6cfbb1ba
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/fpurh.mdx
@@ -0,0 +1,8 @@
+---
+title: "fpurh"
+openapi-schema: logs-schema fpurh
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/fs.mdx b/main/docs/ja-jp/tenant-logs/fs.mdx
new file mode 100644
index 0000000000..5d7a8ccc5e
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/fs.mdx
@@ -0,0 +1,8 @@
+---
+title: "fs"
+openapi-schema: logs-schema fs
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/fsa.mdx b/main/docs/ja-jp/tenant-logs/fsa.mdx
new file mode 100644
index 0000000000..85d76a0d6e
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/fsa.mdx
@@ -0,0 +1,8 @@
+---
+title: "fsa"
+openapi-schema: logs-schema fsa
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/fu.mdx b/main/docs/ja-jp/tenant-logs/fu.mdx
new file mode 100644
index 0000000000..fbb24dbbd1
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/fu.mdx
@@ -0,0 +1,8 @@
+---
+title: "fu"
+openapi-schema: logs-schema fu
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/fui.mdx b/main/docs/ja-jp/tenant-logs/fui.mdx
new file mode 100644
index 0000000000..617702e09c
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/fui.mdx
@@ -0,0 +1,8 @@
+---
+title: "fui"
+openapi-schema: logs-schema fui
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/fv.mdx b/main/docs/ja-jp/tenant-logs/fv.mdx
new file mode 100644
index 0000000000..280c6dcd13
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/fv.mdx
@@ -0,0 +1,8 @@
+---
+title: "fv"
+openapi-schema: logs-schema fv
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/fvr.mdx b/main/docs/ja-jp/tenant-logs/fvr.mdx
new file mode 100644
index 0000000000..256b2aaa00
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/fvr.mdx
@@ -0,0 +1,8 @@
+---
+title: "fvr"
+openapi-schema: logs-schema fvr
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/gd-auth-email-verification.mdx b/main/docs/ja-jp/tenant-logs/gd-auth-email-verification.mdx
new file mode 100644
index 0000000000..e51a9268e3
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/gd-auth-email-verification.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_auth_email_verification"
+openapi-schema: logs-schema gd_auth_email_verification
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/gd-auth-failed.mdx b/main/docs/ja-jp/tenant-logs/gd-auth-failed.mdx
new file mode 100644
index 0000000000..c1cfc3e34e
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/gd-auth-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_auth_failed"
+openapi-schema: logs-schema gd_auth_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/gd-auth-rejected.mdx b/main/docs/ja-jp/tenant-logs/gd-auth-rejected.mdx
new file mode 100644
index 0000000000..90d462b4a8
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/gd-auth-rejected.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_auth_rejected"
+openapi-schema: logs-schema gd_auth_rejected
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/gd-auth-succeed.mdx b/main/docs/ja-jp/tenant-logs/gd-auth-succeed.mdx
new file mode 100644
index 0000000000..e269d0d51f
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/gd-auth-succeed.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_auth_succeed"
+openapi-schema: logs-schema gd_auth_succeed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/gd-enrollment-complete.mdx b/main/docs/ja-jp/tenant-logs/gd-enrollment-complete.mdx
new file mode 100644
index 0000000000..06f570abc8
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/gd-enrollment-complete.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_enrollment_complete"
+openapi-schema: logs-schema gd_enrollment_complete
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/gd-otp-rate-limit-exceed.mdx b/main/docs/ja-jp/tenant-logs/gd-otp-rate-limit-exceed.mdx
new file mode 100644
index 0000000000..b086a7624a
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/gd-otp-rate-limit-exceed.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_otp_rate_limit_exceed"
+openapi-schema: logs-schema gd_otp_rate_limit_exceed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/gd-recovery-failed.mdx b/main/docs/ja-jp/tenant-logs/gd-recovery-failed.mdx
new file mode 100644
index 0000000000..e3cc0eca69
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/gd-recovery-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_recovery_failed"
+openapi-schema: logs-schema gd_recovery_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/gd-recovery-succeed.mdx b/main/docs/ja-jp/tenant-logs/gd-recovery-succeed.mdx
new file mode 100644
index 0000000000..772002bdb8
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/gd-recovery-succeed.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_recovery_succeed"
+openapi-schema: logs-schema gd_recovery_succeed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/gd-send-email-verification.mdx b/main/docs/ja-jp/tenant-logs/gd-send-email-verification.mdx
new file mode 100644
index 0000000000..187545f53d
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/gd-send-email-verification.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_send_email_verification"
+openapi-schema: logs-schema gd_send_email_verification
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/gd-send-email.mdx b/main/docs/ja-jp/tenant-logs/gd-send-email.mdx
new file mode 100644
index 0000000000..e150179892
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/gd-send-email.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_send_email"
+openapi-schema: logs-schema gd_send_email
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/gd-send-pn-failure.mdx b/main/docs/ja-jp/tenant-logs/gd-send-pn-failure.mdx
new file mode 100644
index 0000000000..3b912b9196
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/gd-send-pn-failure.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_send_pn_failure"
+openapi-schema: logs-schema gd_send_pn_failure
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/gd-send-pn.mdx b/main/docs/ja-jp/tenant-logs/gd-send-pn.mdx
new file mode 100644
index 0000000000..afd6bdc89a
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/gd-send-pn.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_send_pn"
+openapi-schema: logs-schema gd_send_pn
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/gd-send-sms-failure.mdx b/main/docs/ja-jp/tenant-logs/gd-send-sms-failure.mdx
new file mode 100644
index 0000000000..ac8857a2d8
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/gd-send-sms-failure.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_send_sms_failure"
+openapi-schema: logs-schema gd_send_sms_failure
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/gd-send-sms.mdx b/main/docs/ja-jp/tenant-logs/gd-send-sms.mdx
new file mode 100644
index 0000000000..3786da58d9
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/gd-send-sms.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_send_sms"
+openapi-schema: logs-schema gd_send_sms
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/gd-send-voice-failure.mdx b/main/docs/ja-jp/tenant-logs/gd-send-voice-failure.mdx
new file mode 100644
index 0000000000..f0ed2a8de6
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/gd-send-voice-failure.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_send_voice_failure"
+openapi-schema: logs-schema gd_send_voice_failure
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/gd-send-voice.mdx b/main/docs/ja-jp/tenant-logs/gd-send-voice.mdx
new file mode 100644
index 0000000000..3114e5927c
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/gd-send-voice.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_send_voice"
+openapi-schema: logs-schema gd_send_voice
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/gd-start-auth.mdx b/main/docs/ja-jp/tenant-logs/gd-start-auth.mdx
new file mode 100644
index 0000000000..cb736e7d2e
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/gd-start-auth.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_start_auth"
+openapi-schema: logs-schema gd_start_auth
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/gd-start-enroll-failed.mdx b/main/docs/ja-jp/tenant-logs/gd-start-enroll-failed.mdx
new file mode 100644
index 0000000000..f2ae5850df
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/gd-start-enroll-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_start_enroll_failed"
+openapi-schema: logs-schema gd_start_enroll_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/gd-start-enroll.mdx b/main/docs/ja-jp/tenant-logs/gd-start-enroll.mdx
new file mode 100644
index 0000000000..44c9f579eb
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/gd-start-enroll.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_start_enroll"
+openapi-schema: logs-schema gd_start_enroll
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/gd-tenant-update.mdx b/main/docs/ja-jp/tenant-logs/gd-tenant-update.mdx
new file mode 100644
index 0000000000..98fa966065
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/gd-tenant-update.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_tenant_update"
+openapi-schema: logs-schema gd_tenant_update
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/gd-unenroll.mdx b/main/docs/ja-jp/tenant-logs/gd-unenroll.mdx
new file mode 100644
index 0000000000..a370502d66
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/gd-unenroll.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_unenroll"
+openapi-schema: logs-schema gd_unenroll
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/gd-update-device-account.mdx b/main/docs/ja-jp/tenant-logs/gd-update-device-account.mdx
new file mode 100644
index 0000000000..a7d9891041
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/gd-update-device-account.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_update_device_account"
+openapi-schema: logs-schema gd_update_device_account
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/gd-webauthn-challenge-failed.mdx b/main/docs/ja-jp/tenant-logs/gd-webauthn-challenge-failed.mdx
new file mode 100644
index 0000000000..c23e6ed06c
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/gd-webauthn-challenge-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_webauthn_challenge_failed"
+openapi-schema: logs-schema gd_webauthn_challenge_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/gd-webauthn-enrollment-failed.mdx b/main/docs/ja-jp/tenant-logs/gd-webauthn-enrollment-failed.mdx
new file mode 100644
index 0000000000..4b88d66d4d
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/gd-webauthn-enrollment-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_webauthn_enrollment_failed"
+openapi-schema: logs-schema gd_webauthn_enrollment_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/idjag-exchange-failed.mdx b/main/docs/ja-jp/tenant-logs/idjag-exchange-failed.mdx
new file mode 100644
index 0000000000..c293757ebb
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/idjag-exchange-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "idjag_exchange_failed"
+openapi-schema: logs-schema idjag_exchange_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/idjag-exchange-succeeded.mdx b/main/docs/ja-jp/tenant-logs/idjag-exchange-succeeded.mdx
new file mode 100644
index 0000000000..68d9c9038b
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/idjag-exchange-succeeded.mdx
@@ -0,0 +1,8 @@
+---
+title: "idjag_exchange_succeeded"
+openapi-schema: logs-schema idjag_exchange_succeeded
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/jwt-bearer-exchange-failed.mdx b/main/docs/ja-jp/tenant-logs/jwt-bearer-exchange-failed.mdx
new file mode 100644
index 0000000000..1aa3b3e2b9
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/jwt-bearer-exchange-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "jwt_bearer_exchange_failed"
+openapi-schema: logs-schema jwt_bearer_exchange_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/kms-key-management-failure.mdx b/main/docs/ja-jp/tenant-logs/kms-key-management-failure.mdx
new file mode 100644
index 0000000000..fd40918e33
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/kms-key-management-failure.mdx
@@ -0,0 +1,8 @@
+---
+title: "kms_key_management_failure"
+openapi-schema: logs-schema kms_key_management_failure
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/kms-key-management-success.mdx b/main/docs/ja-jp/tenant-logs/kms-key-management-success.mdx
new file mode 100644
index 0000000000..513f2ca254
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/kms-key-management-success.mdx
@@ -0,0 +1,8 @@
+---
+title: "kms_key_management_success"
+openapi-schema: logs-schema kms_key_management_success
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/kms-key-state-changed.mdx b/main/docs/ja-jp/tenant-logs/kms-key-state-changed.mdx
new file mode 100644
index 0000000000..5cfe421d0e
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/kms-key-state-changed.mdx
@@ -0,0 +1,8 @@
+---
+title: "kms_key_state_changed"
+openapi-schema: logs-schema kms_key_state_changed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/limit-delegation.mdx b/main/docs/ja-jp/tenant-logs/limit-delegation.mdx
new file mode 100644
index 0000000000..17b075b265
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/limit-delegation.mdx
@@ -0,0 +1,8 @@
+---
+title: "limit_delegation"
+openapi-schema: logs-schema limit_delegation
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/limit-mu.mdx b/main/docs/ja-jp/tenant-logs/limit-mu.mdx
new file mode 100644
index 0000000000..5b498c817d
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/limit-mu.mdx
@@ -0,0 +1,8 @@
+---
+title: "limit_mu"
+openapi-schema: logs-schema limit_mu
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/limit-sul.mdx b/main/docs/ja-jp/tenant-logs/limit-sul.mdx
new file mode 100644
index 0000000000..a654e1dc20
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/limit-sul.mdx
@@ -0,0 +1,8 @@
+---
+title: "limit_sul"
+openapi-schema: logs-schema limit_sul
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/limit-wc.mdx b/main/docs/ja-jp/tenant-logs/limit-wc.mdx
new file mode 100644
index 0000000000..d39359ab21
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/limit-wc.mdx
@@ -0,0 +1,8 @@
+---
+title: "limit_wc"
+openapi-schema: logs-schema limit_wc
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/mfar.mdx b/main/docs/ja-jp/tenant-logs/mfar.mdx
new file mode 100644
index 0000000000..f68d8f6a7f
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/mfar.mdx
@@ -0,0 +1,8 @@
+---
+title: "mfar"
+openapi-schema: logs-schema mfar
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/mgmt-api-read.mdx b/main/docs/ja-jp/tenant-logs/mgmt-api-read.mdx
new file mode 100644
index 0000000000..226da10318
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/mgmt-api-read.mdx
@@ -0,0 +1,8 @@
+---
+title: "mgmt_api_read"
+openapi-schema: logs-schema mgmt_api_read
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/my-account-authentication-method-failed.mdx b/main/docs/ja-jp/tenant-logs/my-account-authentication-method-failed.mdx
new file mode 100644
index 0000000000..fa5e7388ff
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/my-account-authentication-method-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "my_account_authentication_method_failed"
+openapi-schema: logs-schema my_account_authentication_method_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/my-account-authentication-method-succeeded.mdx b/main/docs/ja-jp/tenant-logs/my-account-authentication-method-succeeded.mdx
new file mode 100644
index 0000000000..eedc3a64fd
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/my-account-authentication-method-succeeded.mdx
@@ -0,0 +1,8 @@
+---
+title: "my_account_authentication_method_succeeded"
+openapi-schema: logs-schema my_account_authentication_method_succeeded
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/oidc-backchannel-logout-failed.mdx b/main/docs/ja-jp/tenant-logs/oidc-backchannel-logout-failed.mdx
new file mode 100644
index 0000000000..8b738d1af6
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/oidc-backchannel-logout-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "oidc_backchannel_logout_failed"
+openapi-schema: logs-schema oidc_backchannel_logout_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/oidc-backchannel-logout-succeeded.mdx b/main/docs/ja-jp/tenant-logs/oidc-backchannel-logout-succeeded.mdx
new file mode 100644
index 0000000000..319ff6aa79
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/oidc-backchannel-logout-succeeded.mdx
@@ -0,0 +1,8 @@
+---
+title: "oidc_backchannel_logout_succeeded"
+openapi-schema: logs-schema oidc_backchannel_logout_succeeded
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/organization-member-added.mdx b/main/docs/ja-jp/tenant-logs/organization-member-added.mdx
new file mode 100644
index 0000000000..92ec6c12e0
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/organization-member-added.mdx
@@ -0,0 +1,8 @@
+---
+title: "organization_member_added"
+openapi-schema: logs-schema organization_member_added
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/passkey-challenge-failed.mdx b/main/docs/ja-jp/tenant-logs/passkey-challenge-failed.mdx
new file mode 100644
index 0000000000..a3add7282a
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/passkey-challenge-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "passkey_challenge_failed"
+openapi-schema: logs-schema passkey_challenge_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/passkey-challenge-started.mdx b/main/docs/ja-jp/tenant-logs/passkey-challenge-started.mdx
new file mode 100644
index 0000000000..73169904cf
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/passkey-challenge-started.mdx
@@ -0,0 +1,8 @@
+---
+title: "passkey_challenge_started"
+openapi-schema: logs-schema passkey_challenge_started
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/pla.mdx b/main/docs/ja-jp/tenant-logs/pla.mdx
new file mode 100644
index 0000000000..dcea887320
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/pla.mdx
@@ -0,0 +1,8 @@
+---
+title: "pla"
+openapi-schema: logs-schema pla
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/pwd-leak.mdx b/main/docs/ja-jp/tenant-logs/pwd-leak.mdx
new file mode 100644
index 0000000000..0a6e41c02a
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/pwd-leak.mdx
@@ -0,0 +1,8 @@
+---
+title: "pwd_leak"
+openapi-schema: logs-schema pwd_leak
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/reset-pwd-leak.mdx b/main/docs/ja-jp/tenant-logs/reset-pwd-leak.mdx
new file mode 100644
index 0000000000..94e030f89f
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/reset-pwd-leak.mdx
@@ -0,0 +1,8 @@
+---
+title: "reset_pwd_leak"
+openapi-schema: logs-schema reset_pwd_leak
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/resource-cleanup.mdx b/main/docs/ja-jp/tenant-logs/resource-cleanup.mdx
new file mode 100644
index 0000000000..fc95ffa07f
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/resource-cleanup.mdx
@@ -0,0 +1,8 @@
+---
+title: "resource_cleanup"
+openapi-schema: logs-schema resource_cleanup
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/rich-consents-access-error.mdx b/main/docs/ja-jp/tenant-logs/rich-consents-access-error.mdx
new file mode 100644
index 0000000000..f53e4232f8
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/rich-consents-access-error.mdx
@@ -0,0 +1,8 @@
+---
+title: "rich_consents_access_error"
+openapi-schema: logs-schema rich_consents_access_error
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/s.mdx b/main/docs/ja-jp/tenant-logs/s.mdx
new file mode 100644
index 0000000000..605f6d0d08
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/s.mdx
@@ -0,0 +1,8 @@
+---
+title: "s"
+openapi-schema: logs-schema s
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/sapi.mdx b/main/docs/ja-jp/tenant-logs/sapi.mdx
new file mode 100644
index 0000000000..497a8b2bb3
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/sapi.mdx
@@ -0,0 +1,8 @@
+---
+title: "sapi"
+openapi-schema: logs-schema sapi
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/sce.mdx b/main/docs/ja-jp/tenant-logs/sce.mdx
new file mode 100644
index 0000000000..3a165712cb
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/sce.mdx
@@ -0,0 +1,8 @@
+---
+title: "sce"
+openapi-schema: logs-schema sce
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/scoa.mdx b/main/docs/ja-jp/tenant-logs/scoa.mdx
new file mode 100644
index 0000000000..d273e29cd6
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/scoa.mdx
@@ -0,0 +1,8 @@
+---
+title: "scoa"
+openapi-schema: logs-schema scoa
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/scp.mdx b/main/docs/ja-jp/tenant-logs/scp.mdx
new file mode 100644
index 0000000000..345ade5df9
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/scp.mdx
@@ -0,0 +1,8 @@
+---
+title: "scp"
+openapi-schema: logs-schema scp
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/scpn.mdx b/main/docs/ja-jp/tenant-logs/scpn.mdx
new file mode 100644
index 0000000000..dff793be4c
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/scpn.mdx
@@ -0,0 +1,8 @@
+---
+title: "scpn"
+openapi-schema: logs-schema scpn
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/scpr.mdx b/main/docs/ja-jp/tenant-logs/scpr.mdx
new file mode 100644
index 0000000000..086f62e7c1
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/scpr.mdx
@@ -0,0 +1,8 @@
+---
+title: "scpr"
+openapi-schema: logs-schema scpr
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/scu.mdx b/main/docs/ja-jp/tenant-logs/scu.mdx
new file mode 100644
index 0000000000..37d22a20b7
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/scu.mdx
@@ -0,0 +1,8 @@
+---
+title: "scu"
+openapi-schema: logs-schema scu
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/scv.mdx b/main/docs/ja-jp/tenant-logs/scv.mdx
new file mode 100644
index 0000000000..a02d110359
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/scv.mdx
@@ -0,0 +1,8 @@
+---
+title: "scv"
+openapi-schema: logs-schema scv
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/sd.mdx b/main/docs/ja-jp/tenant-logs/sd.mdx
new file mode 100644
index 0000000000..7e41706031
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/sd.mdx
@@ -0,0 +1,8 @@
+---
+title: "sd"
+openapi-schema: logs-schema sd
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/sdu.mdx b/main/docs/ja-jp/tenant-logs/sdu.mdx
new file mode 100644
index 0000000000..9881eb1bd7
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/sdu.mdx
@@ -0,0 +1,8 @@
+---
+title: "sdu"
+openapi-schema: logs-schema sdu
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/seacft.mdx b/main/docs/ja-jp/tenant-logs/seacft.mdx
new file mode 100644
index 0000000000..73139c2a20
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/seacft.mdx
@@ -0,0 +1,8 @@
+---
+title: "seacft"
+openapi-schema: logs-schema seacft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/seccft.mdx b/main/docs/ja-jp/tenant-logs/seccft.mdx
new file mode 100644
index 0000000000..3f60a864ed
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/seccft.mdx
@@ -0,0 +1,8 @@
+---
+title: "seccft"
+openapi-schema: logs-schema seccft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/secte.mdx b/main/docs/ja-jp/tenant-logs/secte.mdx
new file mode 100644
index 0000000000..995b0b68c4
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/secte.mdx
@@ -0,0 +1,8 @@
+---
+title: "secte"
+openapi-schema: logs-schema secte
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/sede.mdx b/main/docs/ja-jp/tenant-logs/sede.mdx
new file mode 100644
index 0000000000..3312eb9d2b
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/sede.mdx
@@ -0,0 +1,8 @@
+---
+title: "sede"
+openapi-schema: logs-schema sede
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/sens.mdx b/main/docs/ja-jp/tenant-logs/sens.mdx
new file mode 100644
index 0000000000..a6ad7179d6
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/sens.mdx
@@ -0,0 +1,8 @@
+---
+title: "sens"
+openapi-schema: logs-schema sens
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/seoobft.mdx b/main/docs/ja-jp/tenant-logs/seoobft.mdx
new file mode 100644
index 0000000000..5b45b1cbca
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/seoobft.mdx
@@ -0,0 +1,8 @@
+---
+title: "seoobft"
+openapi-schema: logs-schema seoobft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/seotpft.mdx b/main/docs/ja-jp/tenant-logs/seotpft.mdx
new file mode 100644
index 0000000000..77037e5b39
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/seotpft.mdx
@@ -0,0 +1,8 @@
+---
+title: "seotpft"
+openapi-schema: logs-schema seotpft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/sepft.mdx b/main/docs/ja-jp/tenant-logs/sepft.mdx
new file mode 100644
index 0000000000..cbbf4cf464
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/sepft.mdx
@@ -0,0 +1,8 @@
+---
+title: "sepft"
+openapi-schema: logs-schema sepft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/sepkoobft.mdx b/main/docs/ja-jp/tenant-logs/sepkoobft.mdx
new file mode 100644
index 0000000000..881f3e2952
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/sepkoobft.mdx
@@ -0,0 +1,8 @@
+---
+title: "sepkoobft"
+openapi-schema: logs-schema sepkoobft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/sepkotpft.mdx b/main/docs/ja-jp/tenant-logs/sepkotpft.mdx
new file mode 100644
index 0000000000..a406744075
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/sepkotpft.mdx
@@ -0,0 +1,8 @@
+---
+title: "sepkotpft"
+openapi-schema: logs-schema sepkotpft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/sepkrcft.mdx b/main/docs/ja-jp/tenant-logs/sepkrcft.mdx
new file mode 100644
index 0000000000..de2c7c1ba3
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/sepkrcft.mdx
@@ -0,0 +1,8 @@
+---
+title: "sepkrcft"
+openapi-schema: logs-schema sepkrcft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/sercft.mdx b/main/docs/ja-jp/tenant-logs/sercft.mdx
new file mode 100644
index 0000000000..40adba2620
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/sercft.mdx
@@ -0,0 +1,8 @@
+---
+title: "sercft"
+openapi-schema: logs-schema sercft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/sertft.mdx b/main/docs/ja-jp/tenant-logs/sertft.mdx
new file mode 100644
index 0000000000..0b243788d4
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/sertft.mdx
@@ -0,0 +1,8 @@
+---
+title: "sertft"
+openapi-schema: logs-schema sertft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/seta.mdx b/main/docs/ja-jp/tenant-logs/seta.mdx
new file mode 100644
index 0000000000..d074c7ae31
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/seta.mdx
@@ -0,0 +1,8 @@
+---
+title: "seta"
+openapi-schema: logs-schema seta
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/si.mdx b/main/docs/ja-jp/tenant-logs/si.mdx
new file mode 100644
index 0000000000..72c2f09f23
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/si.mdx
@@ -0,0 +1,8 @@
+---
+title: "si"
+openapi-schema: logs-schema si
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/slo.mdx b/main/docs/ja-jp/tenant-logs/slo.mdx
new file mode 100644
index 0000000000..ff4363f456
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/slo.mdx
@@ -0,0 +1,8 @@
+---
+title: "slo"
+openapi-schema: logs-schema slo
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/srrt.mdx b/main/docs/ja-jp/tenant-logs/srrt.mdx
new file mode 100644
index 0000000000..81f076c6fc
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/srrt.mdx
@@ -0,0 +1,8 @@
+---
+title: "srrt"
+openapi-schema: logs-schema srrt
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/ss-sso-failure.mdx b/main/docs/ja-jp/tenant-logs/ss-sso-failure.mdx
new file mode 100644
index 0000000000..1d25d3e806
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/ss-sso-failure.mdx
@@ -0,0 +1,8 @@
+---
+title: "ss_sso_failure"
+openapi-schema: logs-schema ss_sso_failure
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/ss-sso-info.mdx b/main/docs/ja-jp/tenant-logs/ss-sso-info.mdx
new file mode 100644
index 0000000000..4e4229619b
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/ss-sso-info.mdx
@@ -0,0 +1,8 @@
+---
+title: "ss_sso_info"
+openapi-schema: logs-schema ss_sso_info
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/ss-sso-success.mdx b/main/docs/ja-jp/tenant-logs/ss-sso-success.mdx
new file mode 100644
index 0000000000..77e6c9f58e
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/ss-sso-success.mdx
@@ -0,0 +1,8 @@
+---
+title: "ss_sso_success"
+openapi-schema: logs-schema ss_sso_success
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/ss.mdx b/main/docs/ja-jp/tenant-logs/ss.mdx
new file mode 100644
index 0000000000..fcfc483432
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/ss.mdx
@@ -0,0 +1,8 @@
+---
+title: "ss"
+openapi-schema: logs-schema ss
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/ssa.mdx b/main/docs/ja-jp/tenant-logs/ssa.mdx
new file mode 100644
index 0000000000..f715eba897
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/ssa.mdx
@@ -0,0 +1,8 @@
+---
+title: "ssa"
+openapi-schema: logs-schema ssa
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/sscim.mdx b/main/docs/ja-jp/tenant-logs/sscim.mdx
new file mode 100644
index 0000000000..cd5bb39f74
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/sscim.mdx
@@ -0,0 +1,8 @@
+---
+title: "sscim"
+openapi-schema: logs-schema sscim
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/success-on-behalf-of-token-exchange.mdx b/main/docs/ja-jp/tenant-logs/success-on-behalf-of-token-exchange.mdx
new file mode 100644
index 0000000000..dc5ca0bd5e
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/success-on-behalf-of-token-exchange.mdx
@@ -0,0 +1,8 @@
+---
+title: "success_on_behalf_of_token_exchange"
+openapi-schema: logs-schema success_on_behalf_of_token_exchange
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/sui.mdx b/main/docs/ja-jp/tenant-logs/sui.mdx
new file mode 100644
index 0000000000..1931449e95
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/sui.mdx
@@ -0,0 +1,8 @@
+---
+title: "sui"
+openapi-schema: logs-schema sui
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/sv.mdx b/main/docs/ja-jp/tenant-logs/sv.mdx
new file mode 100644
index 0000000000..48923d952b
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/sv.mdx
@@ -0,0 +1,8 @@
+---
+title: "sv"
+openapi-schema: logs-schema sv
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/svr.mdx b/main/docs/ja-jp/tenant-logs/svr.mdx
new file mode 100644
index 0000000000..aaae129b0a
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/svr.mdx
@@ -0,0 +1,8 @@
+---
+title: "svr"
+openapi-schema: logs-schema svr
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/ublkdu.mdx b/main/docs/ja-jp/tenant-logs/ublkdu.mdx
new file mode 100644
index 0000000000..74f56a3dfb
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/ublkdu.mdx
@@ -0,0 +1,8 @@
+---
+title: "ublkdu"
+openapi-schema: logs-schema ublkdu
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/universal-logout-failed.mdx b/main/docs/ja-jp/tenant-logs/universal-logout-failed.mdx
new file mode 100644
index 0000000000..2e0b2cef76
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/universal-logout-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "universal_logout_failed"
+openapi-schema: logs-schema universal_logout_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/universal-logout-succeeded.mdx b/main/docs/ja-jp/tenant-logs/universal-logout-succeeded.mdx
new file mode 100644
index 0000000000..88028bfa57
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/universal-logout-succeeded.mdx
@@ -0,0 +1,8 @@
+---
+title: "universal_logout_succeeded"
+openapi-schema: logs-schema universal_logout_succeeded
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/w.mdx b/main/docs/ja-jp/tenant-logs/w.mdx
new file mode 100644
index 0000000000..1897650298
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/w.mdx
@@ -0,0 +1,8 @@
+---
+title: "w"
+openapi-schema: logs-schema w
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/wn.mdx b/main/docs/ja-jp/tenant-logs/wn.mdx
new file mode 100644
index 0000000000..eed7deaeed
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/wn.mdx
@@ -0,0 +1,8 @@
+---
+title: "wn"
+openapi-schema: logs-schema wn
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/ja-jp/tenant-logs/wum.mdx b/main/docs/ja-jp/tenant-logs/wum.mdx
new file mode 100644
index 0000000000..35c7a69b84
--- /dev/null
+++ b/main/docs/ja-jp/tenant-logs/wum.mdx
@@ -0,0 +1,8 @@
+---
+title: "wum"
+openapi-schema: logs-schema wum
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/oas/tenant-logs/logs-schema.json b/main/docs/oas/tenant-logs/logs-schema.json
index 3abc04d514..3f9058ea45 100644
--- a/main/docs/oas/tenant-logs/logs-schema.json
+++ b/main/docs/oas/tenant-logs/logs-schema.json
@@ -1,11 +1,34872 @@
{
"openapi": "3.1.0",
"info": {
- "title": "Tenant Log Catalog",
- "description": "OpenAPI specification for Auth0 Tenant Log Catalog",
- "version": "0.0.0"
+ "title": "Tenant Logs",
+ "description": "OpenAPI specification for Auth0 Tenant Logs",
+ "version": "1.0.0"
},
"components": {
- "schemas": {}
+ "schemas": {
+ "acls_summary": {
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "end_time": {
+ "format": "date-time",
+ "type": "string"
+ },
+ "start_time": {
+ "format": "date-time",
+ "type": "string"
+ },
+ "stats": {
+ "items": {
+ "properties": {
+ "acl_id": {
+ "type": "string"
+ },
+ "action": {
+ "type": "string"
+ },
+ "description": {
+ "type": "string"
+ },
+ "match": {
+ "properties": {
+ "successes": {
+ "type": "number"
+ }
+ },
+ "required": [
+ "successes"
+ ],
+ "type": "object"
+ },
+ "priority": {
+ "type": "number"
+ },
+ "total_request_count": {
+ "properties": {
+ "successes": {
+ "type": "number"
+ }
+ },
+ "required": [
+ "successes"
+ ],
+ "type": "object"
+ }
+ },
+ "required": [
+ "acl_id",
+ "description",
+ "priority",
+ "action"
+ ],
+ "type": "object"
+ },
+ "type": "array"
+ }
+ },
+ "required": [
+ "start_time",
+ "end_time",
+ "stats"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "acls_summary",
+ "description": "Network ACLs summary",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "description",
+ "details",
+ "environment_name",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "actions_execution_failed": {
+ "description": "Execution of an Action failed",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "action_error": {
+ "properties": {
+ "code": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ },
+ "name": {
+ "type": "string"
+ },
+ "stack": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "message",
+ "code",
+ "stack"
+ ],
+ "type": "object"
+ },
+ "action_id": {
+ "type": "string"
+ },
+ "action_name": {
+ "type": "string"
+ },
+ "binding_id": {
+ "type": "string"
+ },
+ "error_class": {
+ "enum": [
+ "platform_error",
+ "action_timeout",
+ "action_error",
+ "rate_limited"
+ ],
+ "type": "string"
+ },
+ "execution_id": {
+ "type": "string"
+ },
+ "trigger_id": {
+ "type": "string"
+ },
+ "version_id": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "trigger_id",
+ "execution_id",
+ "action_id",
+ "action_name",
+ "version_id",
+ "binding_id",
+ "error_class"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "organization_id": {
+ "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.",
+ "type": "string"
+ },
+ "organization_name": {
+ "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.",
+ "type": "string"
+ },
+ "strategy": {
+ "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.",
+ "examples": [
+ [
+ "auth0",
+ "waad",
+ "oktawic",
+ "google-oauth2"
+ ]
+ ],
+ "type": "string"
+ },
+ "strategy_type": {
+ "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.",
+ "examples": [
+ [
+ "database",
+ "social",
+ "enterprise"
+ ]
+ ],
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "transaction_linking_id": {
+ "description": "Reflects the transaction linking ID provided at the start of the auth flow, if any. Only available when using decoupled authorization flows.",
+ "pattern": "^[A-Za-z0-9-_]{27}$",
+ "type": "string"
+ },
+ "type": {
+ "const": "actions_execution_failed",
+ "description": "Execution of an Action failed",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "strategy",
+ "strategy_type",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "acul_sdk_notice": {
+ "description": "ACUL SDK Notification",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "documentation": {
+ "type": "string"
+ },
+ "id": {
+ "enum": [
+ "acul-sdk-deprecation",
+ "acul-sdk-unsupported",
+ "acul-sdk-missing-version"
+ ],
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ },
+ "request": {
+ "properties": {
+ "path": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "path"
+ ],
+ "type": "object"
+ },
+ "sdk_version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "id",
+ "request",
+ "message",
+ "documentation"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "acul_sdk_notice",
+ "description": "Advanced Customizations for Universal Login (ACUL) SDK event type",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "api_limit": {
+ "description": "The maximum number of requests to the Authentication or Management APIs in given time was reached",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "limit": {
+ "properties": {
+ "bucket": {
+ "type": "string"
+ },
+ "global": {
+ "type": "boolean"
+ },
+ "size": {
+ "type": "number"
+ }
+ },
+ "required": [
+ "size",
+ "bucket",
+ "global"
+ ],
+ "type": "object"
+ },
+ "request": {
+ "properties": {
+ "method": {
+ "type": "string"
+ },
+ "path": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "response": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "limit"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "api_limit",
+ "description": "Rate Limit notice on Authentication or Management API",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "hostname",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "api_limit_warning": {
+ "description": "The limit of requests to the Authentication or Management APIs in given time is about to be reached",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "limit": {
+ "properties": {
+ "bucket": {
+ "type": "string"
+ },
+ "global": {
+ "type": "boolean"
+ },
+ "size": {
+ "type": "number"
+ },
+ "usage": {
+ "type": "number"
+ }
+ },
+ "required": [
+ "size",
+ "bucket",
+ "usage",
+ "global"
+ ],
+ "type": "object"
+ },
+ "request": {
+ "properties": {
+ "method": {
+ "type": "string"
+ },
+ "path": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "method",
+ "path"
+ ],
+ "type": "object"
+ }
+ },
+ "required": [
+ "request",
+ "limit"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "api_limit_warning",
+ "description": "Rate Limit Warning notice on Authentication or Management API",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "hostname",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "appi": {
+ "description": "API Peak Performance Rate is initiated",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "docs": {
+ "type": "string"
+ },
+ "request": {
+ "properties": {
+ "method": {
+ "type": "string"
+ },
+ "path": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "response": {
+ "type": "string"
+ },
+ "total_hours_allocated": {
+ "type": "number"
+ },
+ "total_hours_consumed": {
+ "type": "number"
+ },
+ "total_hours_remaining": {
+ "type": "number"
+ }
+ },
+ "required": [
+ "total_hours_allocated",
+ "total_hours_consumed",
+ "total_hours_remaining",
+ "docs"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "appi",
+ "description": "Notice for API Peak Performance Initiated",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "ciba_exchange_failed": {
+ "description": "Failed CIBA Exchange",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "agent_id": {
+ "description": "Stable identifier for the agent acting as principal in this flow. Present when an Auth0 Agent is acting on behalf of a user or itself.",
+ "type": "string"
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "client_authentication_error": {
+ "type": "string"
+ },
+ "error": {
+ "properties": {
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "message"
+ ],
+ "type": "object"
+ }
+ },
+ "required": [
+ "error"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "mtls_thumbprint_sha256": {
+ "description": "Representation of the client certificate used to authenticate the client as per RFC 8705 section 3.1. Only included in authorization and token exchanges using mtls as a client authentication method.",
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "ciba_exchange_failed",
+ "description": "Failed CIBA Exchange",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "ciba_exchange_succeeded": {
+ "description": "Successful CIBA Exchange",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "agent_id": {
+ "description": "Stable identifier for the agent acting as principal in this flow. Present when an Auth0 Agent is acting on behalf of a user or itself.",
+ "type": "string"
+ },
+ "audience": {
+ "description": "The audience in the JWT associated with the request.",
+ "type": "string"
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "notification_channel": {
+ "type": "string"
+ },
+ "transaction_linking_id": {
+ "description": "Reflects the ID of the consent record linked to this CIBA flow. Can be used at the /rich-consents/:id endpoint to retrieve the consent record.",
+ "pattern": "^cns_[A-Za-z0-9-_]{22}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "mtls_thumbprint_sha256": {
+ "description": "Representation of the client certificate used to authenticate the client as per RFC 8705 section 3.1. Only included in authorization and token exchanges using mtls as a client authentication method.",
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "ciba_exchange_succeeded",
+ "description": "Successful CIBA Exchange",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "audience",
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "ciba_start_failed": {
+ "description": "Failed CIBA Start",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "body": {
+ "properties": {
+ "audience": {
+ "type": "string"
+ },
+ "login_hint": {
+ "type": "string"
+ },
+ "scope": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "client_authentication_error": {
+ "type": "string"
+ },
+ "error": {
+ "properties": {
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "message"
+ ],
+ "type": "object"
+ }
+ },
+ "required": [
+ "error",
+ "body"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "mtls_thumbprint_sha256": {
+ "description": "Representation of the client certificate used to authenticate the client as per RFC 8705 section 3.1. Only included in authorization and token exchanges using mtls as a client authentication method.",
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "ciba_start_failed",
+ "description": "Failed CIBA Start",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "ciba_start_succeeded": {
+ "description": "Successful CIBA Start",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "body": {
+ "properties": {
+ "audience": {
+ "type": "string"
+ },
+ "login_hint": {
+ "type": "string"
+ },
+ "scope": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "notification_channel": {
+ "type": "string"
+ },
+ "transaction_linking_id": {
+ "description": "Reflects the ID of the consent record linked to this CIBA flow. Can be used at the /rich-consents/:id endpoint to retrieve the consent record.",
+ "pattern": "^cns_[A-Za-z0-9-_]{22}$",
+ "type": "string"
+ }
+ },
+ "required": [
+ "body"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "mtls_thumbprint_sha256": {
+ "description": "Representation of the client certificate used to authenticate the client as per RFC 8705 section 3.1. Only included in authorization and token exchanges using mtls as a client authentication method.",
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "ciba_start_succeeded",
+ "description": "Successful CIBA Start",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "cls": {
+ "description": "Passwordless Login Code/Link Sent",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "body": {
+ "properties": {
+ "authParams": {},
+ "client_id": {
+ "type": "string"
+ },
+ "connection": {
+ "type": "string"
+ },
+ "email": {
+ "type": "string"
+ },
+ "send": {
+ "type": "string"
+ },
+ "tenant": {
+ "type": "string"
+ },
+ "transaction": {}
+ },
+ "required": [
+ "client_id",
+ "connection",
+ "email",
+ "tenant"
+ ],
+ "type": "object"
+ },
+ "link": {
+ "type": "string"
+ },
+ "transaction_id": {
+ "description": "Transaction ID to correlate log events that belong to the same authentication transaction.",
+ "type": "string"
+ }
+ },
+ "required": [
+ "body",
+ "link"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "strategy": {
+ "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.",
+ "examples": [
+ [
+ "auth0",
+ "waad",
+ "oktawic",
+ "google-oauth2"
+ ]
+ ],
+ "type": "string"
+ },
+ "strategy_type": {
+ "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.",
+ "examples": [
+ [
+ "database",
+ "social",
+ "enterprise"
+ ]
+ ],
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "cls",
+ "description": "Code or Link Sent for Passwordless Login",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "strategy",
+ "strategy_type",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "connected_accounts_connection_failed": {
+ "description": "User failed to connect a third-party account",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "error": {
+ "properties": {
+ "detail": {
+ "type": "string"
+ },
+ "status": {
+ "type": "number"
+ },
+ "title": {
+ "type": "string"
+ },
+ "type": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "request": {
+ "properties": {
+ "method": {
+ "type": "string"
+ },
+ "path": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ }
+ },
+ "required": [
+ "error"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "connected_accounts_connection_failed",
+ "description": "Failed connected account connection",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "description",
+ "details",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "connected_accounts_connection_succeeded": {
+ "description": "User successfully connected a third-party account",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "connected_account": {
+ "properties": {
+ "id": {
+ "description": "ID of the connected account",
+ "type": "string"
+ },
+ "idp_user_id": {
+ "description": "User id in the upstream provider associated with the connected account",
+ "type": "string"
+ }
+ },
+ "required": [
+ "id"
+ ],
+ "type": "object"
+ },
+ "request": {
+ "properties": {
+ "method": {
+ "type": "string"
+ },
+ "path": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ }
+ },
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "connected_accounts_connection_succeeded",
+ "description": "Successful connected account connection",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "description",
+ "details",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "connected_accounts_delete_failed": {
+ "description": "User failed to delete a connected third-party account",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "connected_account": {
+ "properties": {
+ "id": {
+ "description": "ID of the connected account that failed to delete. Might be undefined or invalid depending on the error",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "error": {
+ "properties": {
+ "detail": {
+ "type": "string"
+ },
+ "status": {
+ "type": "number"
+ },
+ "title": {
+ "type": "string"
+ },
+ "type": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "request": {
+ "properties": {
+ "method": {
+ "type": "string"
+ },
+ "path": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ }
+ },
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "connected_accounts_delete_failed",
+ "description": "Failed connected account delete",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "description",
+ "details",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "connected_accounts_delete_succeeded": {
+ "description": "User successfully deleted a connected third-party account",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "connected_account": {
+ "properties": {
+ "id": {
+ "description": "ID of the connected account deleted.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "request": {
+ "properties": {
+ "method": {
+ "type": "string"
+ },
+ "path": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ }
+ },
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "connected_accounts_delete_succeeded",
+ "description": "Successful connected account delete",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "description",
+ "details",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "cs": {
+ "description": "Passwordless Login Code Sent",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "body": {
+ "properties": {
+ "authParams": {
+ "properties": {
+ "audience": {
+ "type": "string"
+ },
+ "redirect_uri": {
+ "type": "string"
+ },
+ "response_type": {
+ "type": "string"
+ },
+ "scope": {
+ "type": "string"
+ },
+ "state": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "audience",
+ "redirect_uri",
+ "response_type",
+ "scope",
+ "state"
+ ],
+ "type": "object"
+ },
+ "client_id": {
+ "type": "string"
+ },
+ "connection": {
+ "type": "string"
+ },
+ "ip": {
+ "type": "string"
+ },
+ "phone_number": {
+ "type": "string"
+ },
+ "request_language": {
+ "type": "string"
+ },
+ "send": {
+ "type": "string"
+ },
+ "tenant": {
+ "type": "string"
+ },
+ "user-agent": {
+ "type": "string"
+ },
+ "username": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "authParams",
+ "client_id",
+ "connection",
+ "ip",
+ "phone_number",
+ "request_language",
+ "send",
+ "tenant",
+ "user-agent",
+ "username"
+ ],
+ "type": "object"
+ },
+ "transaction_id": {
+ "description": "Transaction ID to correlate log events that belong to the same authentication transaction.",
+ "type": "string"
+ }
+ },
+ "required": [
+ "body"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "strategy": {
+ "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.",
+ "examples": [
+ [
+ "auth0",
+ "waad",
+ "oktawic",
+ "google-oauth2"
+ ]
+ ],
+ "type": "string"
+ },
+ "strategy_type": {
+ "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.",
+ "examples": [
+ [
+ "database",
+ "social",
+ "enterprise"
+ ]
+ ],
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "cs",
+ "description": "Code Sent for Passwordless Login",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "strategy",
+ "strategy_type",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "custom_domain_verification_failed": {
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "created_at": {
+ "type": "string"
+ },
+ "custom_domain_id": {
+ "type": "string"
+ },
+ "domain": {
+ "type": "string"
+ },
+ "error": {
+ "type": "string"
+ },
+ "errorMsg": {
+ "type": "string"
+ },
+ "status": {
+ "type": "string"
+ },
+ "type": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "custom_domain_id",
+ "domain",
+ "status",
+ "type"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "custom_domain_verification_failed",
+ "description": "Custom Domain Verification Failed",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "description",
+ "details",
+ "environment_name",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "depnote": {
+ "description": "Deprecation Notice",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "feature": {
+ "properties": {
+ "description": {
+ "type": "string"
+ },
+ "documentation": {
+ "type": "string"
+ },
+ "id": {
+ "type": "string"
+ },
+ "name": {
+ "type": "string"
+ },
+ "tenant_from_host": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "description",
+ "documentation",
+ "id",
+ "name"
+ ],
+ "type": "object"
+ },
+ "method": {
+ "type": "string"
+ },
+ "path": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "feature"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "depnote",
+ "description": "Deprecation Notice",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "directory_sync_completed": {
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "completed_at": {
+ "format": "date-time",
+ "type": "string"
+ },
+ "created_at": {
+ "format": "date-time",
+ "type": "string"
+ },
+ "scheduled": {
+ "type": "boolean"
+ },
+ "started_at": {
+ "format": "date-time",
+ "type": "string"
+ },
+ "sync_status": {
+ "type": "string"
+ },
+ "synchronization_id": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "synchronization_id",
+ "sync_status",
+ "scheduled",
+ "created_at",
+ "started_at",
+ "completed_at"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "strategy": {
+ "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.",
+ "examples": [
+ [
+ "auth0",
+ "waad",
+ "oktawic",
+ "google-oauth2"
+ ]
+ ],
+ "type": "string"
+ },
+ "strategy_type": {
+ "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.",
+ "examples": [
+ [
+ "database",
+ "social",
+ "enterprise"
+ ]
+ ],
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "directory_sync_completed",
+ "description": "Inbound Directory Sync",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "description",
+ "details",
+ "environment_name",
+ "log_id",
+ "strategy",
+ "strategy_type",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "directory_sync_failed": {
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "created_at": {
+ "format": "date-time",
+ "type": "string"
+ },
+ "error": {
+ "properties": {
+ "message": {
+ "type": "string"
+ },
+ "user_errors": {
+ "items": {
+ "properties": {
+ "identity_user_id": {
+ "type": "string"
+ },
+ "operation": {
+ "type": "string"
+ },
+ "reason": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "identity_user_id",
+ "operation",
+ "reason"
+ ],
+ "type": "object"
+ },
+ "type": "array"
+ },
+ "user_errors_summary": {
+ "additionalProperties": {
+ "type": "number"
+ },
+ "type": "object"
+ },
+ "user_errors_truncated": {
+ "type": "boolean"
+ }
+ },
+ "required": [
+ "message"
+ ],
+ "type": "object"
+ },
+ "scheduled": {
+ "type": "boolean"
+ },
+ "started_at": {
+ "format": "date-time",
+ "type": "string"
+ },
+ "sync_status": {
+ "type": "string"
+ },
+ "synchronization_id": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "synchronization_id",
+ "sync_status",
+ "scheduled",
+ "created_at",
+ "started_at",
+ "error"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "strategy": {
+ "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.",
+ "examples": [
+ [
+ "auth0",
+ "waad",
+ "oktawic",
+ "google-oauth2"
+ ]
+ ],
+ "type": "string"
+ },
+ "strategy_type": {
+ "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.",
+ "examples": [
+ [
+ "database",
+ "social",
+ "enterprise"
+ ]
+ ],
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "directory_sync_failed",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "description",
+ "details",
+ "environment_name",
+ "log_id",
+ "strategy",
+ "strategy_type",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "directory_sync_started": {
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "created_at": {
+ "format": "date-time",
+ "type": "string"
+ },
+ "scheduled": {
+ "type": "boolean"
+ },
+ "started_at": {
+ "format": "date-time",
+ "type": "string"
+ },
+ "synchronization_id": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "synchronization_id",
+ "scheduled",
+ "created_at",
+ "started_at"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "strategy": {
+ "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.",
+ "examples": [
+ [
+ "auth0",
+ "waad",
+ "oktawic",
+ "google-oauth2"
+ ]
+ ],
+ "type": "string"
+ },
+ "strategy_type": {
+ "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.",
+ "examples": [
+ [
+ "database",
+ "social",
+ "enterprise"
+ ]
+ ],
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "directory_sync_started",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "description",
+ "details",
+ "environment_name",
+ "log_id",
+ "strategy",
+ "strategy_type",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "f": {
+ "description": "Failed Login This is only emitted if the error is not covered by the `fp` or `fu` log types",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "channel": {
+ "description": "Whether connection is front or back channel",
+ "type": "string"
+ },
+ "dpop_nonce_used": {
+ "description": "True if a DPoP nonce was used due to an upstream nonce challenge during the DPoP handshake. Only present for DPoP-enabled connections.",
+ "type": "boolean"
+ },
+ "dpop_signing_alg": {
+ "description": "Algorithm used for DPoP proof signing. Only present for DPoP-enabled connections.",
+ "type": "string"
+ },
+ "error": {
+ "properties": {
+ "message": {
+ "type": "string"
+ },
+ "oauthError": {
+ "type": "string"
+ },
+ "payload": {
+ "properties": {
+ "attempt": {
+ "type": "number"
+ },
+ "authorized": {
+ "description": "min-length 1",
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "clientID": {
+ "type": "string"
+ },
+ "code": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ },
+ "name": {
+ "type": "string"
+ },
+ "status": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "attempt",
+ "authorized",
+ "clientID",
+ "code",
+ "message",
+ "name",
+ "status"
+ ],
+ "type": "object"
+ },
+ "type": {
+ "type": "string"
+ },
+ "uri": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "message",
+ "oauthError"
+ ],
+ "type": "object"
+ },
+ "grant_type": {
+ "type": "string"
+ },
+ "id_token_signed_response_algs": {
+ "description": "ID Token signing algorithms supported by the client. Only Example: [\"RS256\",\"ES256\"]",
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "id_token_signing_alg": {
+ "description": "The verification algorithm used to validate the ID token from the upstream OIDC connection. Indicates the signing algorithm (e.g., RS256, ES256) that was used by the Identity Provider to sign the ID token. Only present for OIDC connections.",
+ "type": "string"
+ },
+ "idp_token_type": {
+ "description": "Token type returned by the identity provider. Only present for DPoP-enabled connections.",
+ "type": "string"
+ },
+ "qs": {
+ "type": "object"
+ },
+ "requested_client_id": {
+ "description": "The client_id from the request. The actual client_id will appear in the top level client_id property.",
+ "type": "string"
+ },
+ "riskAssessment": {
+ "properties": {
+ "assessments": {
+ "description": "Risk assessment results keyed by assessor name.",
+ "properties": {
+ "ImpossibleTravel": {
+ "description": "Flags logins from geographically distant locations within a short time window.",
+ "properties": {
+ "code": {
+ "description": "Assessment result code.",
+ "type": "string"
+ },
+ "confidence": {
+ "description": "Confidence level of the assessment.",
+ "type": "string"
+ }
+ },
+ "required": [
+ "code",
+ "confidence"
+ ],
+ "type": "object"
+ },
+ "NewDevice": {
+ "description": "Flags logins from a device not previously seen for the user.",
+ "properties": {
+ "code": {
+ "description": "Assessment result code.",
+ "type": "string"
+ },
+ "confidence": {
+ "description": "Confidence level of the assessment.",
+ "type": "string"
+ },
+ "details": {
+ "properties": {
+ "device": {
+ "description": "Device identifier.",
+ "type": "string"
+ },
+ "useragent": {
+ "description": "User agent string associated with the device.",
+ "type": "string"
+ }
+ },
+ "required": [
+ "device"
+ ],
+ "type": "object"
+ }
+ },
+ "required": [
+ "code",
+ "confidence"
+ ],
+ "type": "object"
+ },
+ "UntrustedIP": {
+ "description": "Flags logins from IPs listed in threat intelligence sources.",
+ "properties": {
+ "code": {
+ "description": "Assessment result code.",
+ "type": "string"
+ },
+ "confidence": {
+ "description": "Confidence level of the assessment.",
+ "type": "string"
+ },
+ "details": {
+ "properties": {
+ "ip": {
+ "description": "IP address that triggered the assessment.",
+ "type": "string"
+ },
+ "matches": {
+ "description": "Threat category matched.",
+ "type": "string"
+ },
+ "source": {
+ "description": "Threat intelligence source.",
+ "type": "string"
+ }
+ },
+ "required": [
+ "ip",
+ "matches",
+ "source"
+ ],
+ "type": "object"
+ }
+ },
+ "required": [
+ "code",
+ "confidence"
+ ],
+ "type": "object"
+ }
+ },
+ "required": [
+ "UntrustedIP"
+ ],
+ "type": "object"
+ },
+ "confidence": {
+ "description": "Overall confidence level of the risk assessment.",
+ "type": "string"
+ },
+ "version": {
+ "description": "Risk assessment engine version.",
+ "type": "string"
+ }
+ },
+ "required": [
+ "assessments",
+ "confidence",
+ "version"
+ ],
+ "type": "object"
+ },
+ "session": {
+ "description": "Details about the session associated with the login",
+ "allOf": [
+ {
+ "properties": {
+ "cookie": {
+ "properties": {
+ "mode": {
+ "enum": [
+ "persistent",
+ "non-persistent"
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "mode"
+ ],
+ "type": "object"
+ },
+ "idp_session_expiry": {
+ "type": "number"
+ }
+ },
+ "required": [
+ "cookie"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "session_id": {
+ "type": "string"
+ },
+ "stats": {
+ "properties": {
+ "loginsCount": {
+ "description": "The number of logins this user has done, if available. Logins done with a valid username and password always increment this count, even if further steps in the process cause the login to fail (MFA, extensibility, etc.) Null values should be treated as missing data and not as 0.",
+ "type": [
+ "number",
+ "null"
+ ]
+ }
+ },
+ "required": [
+ "loginsCount"
+ ],
+ "type": "object"
+ },
+ "token_endpoint_auth_method": {
+ "description": "Token endpoint authentication method",
+ "type": "string"
+ },
+ "token_endpoint_auth_signing_alg": {
+ "description": "Token endpoint authentication signing algorithm. Only available when token_endpoint_auth_method is private_key_jwt.",
+ "type": "string"
+ },
+ "token_endpoint_auth_signing_kid": {
+ "description": "Key ID used to sign client_assertions sent to upstream IdP. Only available when token_endpoint_auth_method is private_key_jwt.",
+ "type": "string"
+ },
+ "transaction_id": {
+ "description": "Transaction ID to correlate log events that belong to the same authentication transaction.",
+ "type": "string"
+ },
+ "triggered_by_session_transfer_token": {
+ "description": "Whether a Session Transfer Token was used for authentication",
+ "type": "boolean"
+ },
+ "upstream_userinfo_fetch": {
+ "description": "Details about the upstream userinfo endpoint fetch. Only populated if the userinfo_endpoint was called for the transaction. Only present for OIDC/Okta connections.",
+ "properties": {
+ "dpop_bound": {
+ "description": "True if the request to the userinfo endpoint was bound with DPoP. Only present and set to true if the request was successfully DPoP-bound.",
+ "type": "boolean"
+ },
+ "status": {
+ "description": "Indicates the outcome of the userinfo endpoint call.",
+ "enum": [
+ "SUCCESS",
+ "FAILURE"
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "status"
+ ],
+ "type": "object"
+ }
+ },
+ "required": [
+ "error"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "organization_id": {
+ "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.",
+ "type": "string"
+ },
+ "organization_name": {
+ "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "scope": {
+ "anyOf": [
+ {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`"
+ },
+ "security_context": {
+ "properties": {
+ "ja3": {
+ "description": "JA3 fingerprint. Could be undefined.",
+ "type": "string"
+ },
+ "ja4": {
+ "description": "JA4 fingerprint. Could be undefined.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "strategy": {
+ "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.",
+ "examples": [
+ [
+ "auth0",
+ "waad",
+ "oktawic",
+ "google-oauth2"
+ ]
+ ],
+ "type": "string"
+ },
+ "strategy_type": {
+ "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.",
+ "examples": [
+ [
+ "database",
+ "social",
+ "enterprise"
+ ]
+ ],
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "f",
+ "description": "Failed Login",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "strategy",
+ "strategy_type",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "failed_on_behalf_of_token_exchange": {
+ "description": "Failed Exchange via On-Behalf-Of Token Exchange",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "agent_id": {
+ "description": "Stable identifier for the agent acting as principal in this flow. Present when an Auth0 Agent has been granted authority via token exchange and is acting on behalf of a user or itself.",
+ "type": "string"
+ },
+ "audience": {
+ "description": "The audience in the JWT associated with the request.",
+ "type": "string"
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "actor": {
+ "description": "Identifies and provides information about the acting party to whom authority has been delegated when an entity is acting on behalf of another. Nested `act` claim represents delegation chains (deepest = original caller).",
+ "properties": {
+ "act": {
+ "anyOf": [
+ {
+ "properties": {
+ "act": {
+ "anyOf": [
+ {
+ "properties": {
+ "act": {
+ "anyOf": [
+ {
+ "properties": {
+ "act": {
+ "anyOf": [
+ {
+ "properties": {
+ "sub": {
+ "type": [
+ "string",
+ "null"
+ ]
+ }
+ },
+ "type": "object"
+ },
+ {
+ "type": "null"
+ }
+ ]
+ },
+ "sub": {
+ "type": [
+ "string",
+ "null"
+ ]
+ }
+ },
+ "type": "object"
+ },
+ {
+ "type": "null"
+ }
+ ]
+ },
+ "sub": {
+ "type": [
+ "string",
+ "null"
+ ]
+ }
+ },
+ "type": "object"
+ },
+ {
+ "type": "null"
+ }
+ ]
+ },
+ "sub": {
+ "type": [
+ "string",
+ "null"
+ ]
+ }
+ },
+ "type": "object"
+ },
+ {
+ "type": "null"
+ }
+ ]
+ },
+ "sub": {
+ "type": [
+ "string",
+ "null"
+ ]
+ }
+ },
+ "type": "object"
+ },
+ "requested_token_type": {
+ "type": "string"
+ },
+ "subject_token_type": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "scope": {
+ "anyOf": [
+ {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`"
+ },
+ "security_context": {
+ "properties": {
+ "ja3": {
+ "description": "JA3 fingerprint. Could be undefined.",
+ "type": "string"
+ },
+ "ja4": {
+ "description": "JA4 fingerprint. Could be undefined.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "failed_on_behalf_of_token_exchange",
+ "description": "Failed Exchange via On-Behalf-Of Token Exchange",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "audience",
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "fce": {
+ "description": "Failed to change user email",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "body": {
+ "properties": {
+ "client_id": {
+ "type": "string"
+ },
+ "connection": {
+ "type": "string"
+ },
+ "email": {
+ "type": "string"
+ },
+ "email_verified": {
+ "type": "boolean"
+ },
+ "newEmail": {
+ "type": "string"
+ },
+ "tenant": {
+ "type": "string"
+ },
+ "user_id": {
+ "type": "string"
+ },
+ "verify": {
+ "type": "boolean"
+ }
+ },
+ "required": [
+ "client_id",
+ "connection",
+ "email",
+ "email_verified",
+ "newEmail",
+ "tenant",
+ "user_id",
+ "verify"
+ ],
+ "type": "object"
+ }
+ },
+ "required": [
+ "body"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "strategy": {
+ "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.",
+ "examples": [
+ [
+ "auth0",
+ "waad",
+ "oktawic",
+ "google-oauth2"
+ ]
+ ],
+ "type": "string"
+ },
+ "strategy_type": {
+ "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.",
+ "examples": [
+ [
+ "database",
+ "social",
+ "enterprise"
+ ]
+ ],
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "fce",
+ "description": "Failed Change Email",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "log_id",
+ "strategy",
+ "strategy_type",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "fco": {
+ "description": "Failed due to CORS. Is the origin in the Allowed Origins list for the specified application?",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "allowedOrigins": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "headers": {
+ "additionalProperties": {
+ "type": "string"
+ },
+ "type": "object"
+ },
+ "host": {
+ "type": "string"
+ },
+ "method": {
+ "type": "string"
+ },
+ "origin": {
+ "type": "string"
+ },
+ "originUrl": {
+ "type": "string"
+ },
+ "originalUrl": {
+ "type": "string"
+ },
+ "session_id": {
+ "type": "string"
+ },
+ "webOrigins": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "xhr": {
+ "type": "boolean"
+ }
+ },
+ "required": [
+ "allowedOrigins",
+ "headers",
+ "host",
+ "method",
+ "origin",
+ "xhr"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "fco",
+ "description": "Failed due to CORS",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "fcoa": {
+ "description": "Failed Cross-Origin Authentication",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "audience": {
+ "description": "The audience in the JWT associated with the request.",
+ "type": "string"
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "actions": {
+ "properties": {
+ "executions": {
+ "description": "List of executions triggered by this auth flow. Executions can be retrieved with https://auth0.com/docs/api/management/v2/actions/get-execution",
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ }
+ },
+ "required": [
+ "executions"
+ ],
+ "type": "object"
+ },
+ "body": {
+ "type": "object"
+ },
+ "connection": {
+ "type": "string"
+ },
+ "error": {
+ "properties": {
+ "message": {
+ "type": "string"
+ },
+ "oauthError": {
+ "type": "string"
+ },
+ "payload": {
+ "properties": {
+ "attempt": {
+ "type": "number"
+ },
+ "authorized": {
+ "description": "min-length 1",
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "clientID": {
+ "type": "string"
+ },
+ "code": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ },
+ "name": {
+ "type": "string"
+ },
+ "status": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "attempt",
+ "authorized",
+ "clientID",
+ "code",
+ "message",
+ "name",
+ "status"
+ ],
+ "type": "object"
+ },
+ "type": {
+ "type": "string"
+ },
+ "uri": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "message",
+ "oauthError"
+ ],
+ "type": "object"
+ },
+ "qs": {
+ "type": "object"
+ },
+ "session": {
+ "description": "Details about the session associated with the login",
+ "allOf": [
+ {
+ "properties": {
+ "cookie": {
+ "properties": {
+ "mode": {
+ "enum": [
+ "persistent",
+ "non-persistent"
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "mode"
+ ],
+ "type": "object"
+ },
+ "idp_session_expiry": {
+ "type": "number"
+ }
+ },
+ "required": [
+ "cookie"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "session_connection": {
+ "type": "string"
+ },
+ "stats": {
+ "properties": {
+ "loginsCount": {
+ "description": "The number of logins this user has done, if available. Logins done with a valid username and password always increment this count, even if further steps in the process cause the login to fail (MFA, extensibility, etc.) Null values should be treated as missing data and not as 0.",
+ "type": [
+ "number",
+ "null"
+ ]
+ }
+ },
+ "required": [
+ "loginsCount"
+ ],
+ "type": "object"
+ },
+ "transaction_id": {
+ "description": "Transaction ID to correlate log events that belong to the same authentication transaction.",
+ "type": "string"
+ }
+ },
+ "required": [
+ "body",
+ "connection",
+ "error"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "scope": {
+ "anyOf": [
+ {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`"
+ },
+ "strategy": {
+ "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.",
+ "examples": [
+ [
+ "auth0",
+ "waad",
+ "oktawic",
+ "google-oauth2"
+ ]
+ ],
+ "type": "string"
+ },
+ "strategy_type": {
+ "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.",
+ "examples": [
+ [
+ "database",
+ "social",
+ "enterprise"
+ ]
+ ],
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "fcoa",
+ "description": "Failed Cross-Origin Authentication",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "audience",
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "strategy",
+ "strategy_type",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "fcp": {
+ "description": "Failed Change Password",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "body": {
+ "properties": {
+ "_csrf": {
+ "type": "string"
+ },
+ "confirmNewPassword": {
+ "type": "string"
+ },
+ "newPassword": {
+ "type": "string"
+ },
+ "ticket": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "confirmNewPassword",
+ "newPassword",
+ "_csrf",
+ "ticket"
+ ],
+ "type": "object"
+ },
+ "description": {
+ "type": "string"
+ },
+ "query": {
+ "properties": {
+ "client_id": {
+ "type": "string"
+ },
+ "connection": {
+ "type": "string"
+ },
+ "email": {
+ "type": "string"
+ },
+ "includeEmailInRedirect": {
+ "type": "boolean"
+ },
+ "markEmailAsVerified": {
+ "type": "boolean"
+ },
+ "newPassword": {
+ "type": "string"
+ },
+ "resultUrl": {
+ "type": "string"
+ },
+ "tenant": {
+ "type": "string"
+ },
+ "user_id": {
+ "type": "string"
+ },
+ "username": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_id",
+ "connection",
+ "email",
+ "includeEmailInRedirect",
+ "markEmailAsVerified",
+ "newPassword",
+ "resultUrl",
+ "tenant",
+ "user_id",
+ "username"
+ ],
+ "type": "object"
+ }
+ },
+ "required": [
+ "body",
+ "description",
+ "query"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "strategy": {
+ "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.",
+ "examples": [
+ [
+ "auth0",
+ "waad",
+ "oktawic",
+ "google-oauth2"
+ ]
+ ],
+ "type": "string"
+ },
+ "strategy_type": {
+ "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.",
+ "examples": [
+ [
+ "database",
+ "social",
+ "enterprise"
+ ]
+ ],
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "fcp",
+ "description": "Failed Change Password",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "strategy",
+ "strategy_type",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "fcph": {
+ "description": "Failed Post Change Password Hook",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "actions": {
+ "properties": {
+ "executions": {
+ "description": "List of executions triggered by this auth flow. Executions can be retrieved with https://auth0.com/docs/api/management/v2/actions/get-execution",
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ }
+ },
+ "required": [
+ "executions"
+ ],
+ "type": "object"
+ }
+ },
+ "required": [
+ "actions"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "strategy": {
+ "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.",
+ "examples": [
+ [
+ "auth0",
+ "waad",
+ "oktawic",
+ "google-oauth2"
+ ]
+ ],
+ "type": "string"
+ },
+ "strategy_type": {
+ "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.",
+ "examples": [
+ [
+ "database",
+ "social",
+ "enterprise"
+ ]
+ ],
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "fcph",
+ "description": "Failed Post Change Password Hook",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "environment_name",
+ "ip",
+ "log_id",
+ "strategy",
+ "strategy_type",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "fcpn": {
+ "description": "Failed Change Phone Number",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "body": {
+ "properties": {
+ "client_id": {
+ "type": "string"
+ },
+ "connection": {
+ "type": "string"
+ },
+ "new_phone_number": {
+ "type": "string"
+ },
+ "old_phone_number": {
+ "type": "string"
+ },
+ "phone_verified": {
+ "type": "string"
+ },
+ "tenant": {
+ "type": "string"
+ },
+ "user_id": {
+ "type": "string"
+ },
+ "verify": {
+ "type": "boolean"
+ }
+ },
+ "required": [
+ "client_id",
+ "connection",
+ "new_phone_number",
+ "old_phone_number",
+ "phone_verified",
+ "tenant",
+ "user_id",
+ "verify"
+ ],
+ "type": "object"
+ }
+ },
+ "required": [
+ "body"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "strategy": {
+ "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.",
+ "examples": [
+ [
+ "auth0",
+ "waad",
+ "oktawic",
+ "google-oauth2"
+ ]
+ ],
+ "type": "string"
+ },
+ "strategy_type": {
+ "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.",
+ "examples": [
+ [
+ "database",
+ "social",
+ "enterprise"
+ ]
+ ],
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "fcpn",
+ "description": "Failed Change Phone Number",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "strategy",
+ "strategy_type",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "fcpr": {
+ "description": "Failed Change Password Request",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "body": {
+ "properties": {
+ "client_id": {
+ "type": "string"
+ },
+ "connection": {
+ "type": "string"
+ },
+ "debug": {
+ "type": "boolean"
+ },
+ "description": {
+ "type": "string"
+ },
+ "email": {
+ "type": "string"
+ },
+ "newPassword": {
+ "type": "string"
+ },
+ "requiredCaptcha": {
+ "type": "boolean"
+ },
+ "tenant": {
+ "type": "string"
+ },
+ "ttl_sec": {
+ "type": "number"
+ },
+ "username": {
+ "type": "string"
+ },
+ "verify": {
+ "type": "boolean"
+ }
+ },
+ "required": [
+ "client_id",
+ "connection",
+ "debug",
+ "verify",
+ "email",
+ "tenant"
+ ],
+ "type": "object"
+ },
+ "transaction_id": {
+ "description": "Transaction ID to correlate log events that belong to the same authentication transaction.",
+ "type": "string"
+ }
+ },
+ "required": [
+ "body"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "strategy": {
+ "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.",
+ "examples": [
+ [
+ "auth0",
+ "waad",
+ "oktawic",
+ "google-oauth2"
+ ]
+ ],
+ "type": "string"
+ },
+ "strategy_type": {
+ "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.",
+ "examples": [
+ [
+ "database",
+ "social",
+ "enterprise"
+ ]
+ ],
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "fcpr",
+ "description": "Failed Change Password Request",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "strategy",
+ "strategy_type",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "fcpro": {
+ "description": "Failed to provision a AD/LDAP connector",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "details": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "details"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "fcpro",
+ "description": "Failed Connector Provisioning",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "fcu": {
+ "description": "Failed to change username",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "body": {
+ "properties": {
+ "client_id": {
+ "type": "string"
+ },
+ "connection": {
+ "type": "string"
+ },
+ "email": {
+ "type": "string"
+ },
+ "newUername": {
+ "type": "string"
+ },
+ "oldUsername": {
+ "type": "string"
+ },
+ "tenant": {
+ "type": "string"
+ },
+ "user_id": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_id",
+ "connection",
+ "email",
+ "newUername",
+ "oldUsername",
+ "tenant",
+ "user_id"
+ ],
+ "type": "object"
+ }
+ },
+ "required": [
+ "body"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "strategy": {
+ "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.",
+ "examples": [
+ [
+ "auth0",
+ "waad",
+ "oktawic",
+ "google-oauth2"
+ ]
+ ],
+ "type": "string"
+ },
+ "strategy_type": {
+ "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.",
+ "examples": [
+ [
+ "database",
+ "social",
+ "enterprise"
+ ]
+ ],
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "fcu",
+ "description": "Failed Change Username",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "strategy",
+ "strategy_type",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "fd": {
+ "description": "Failed to generate delegation token",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "api_type": {
+ "type": "string"
+ },
+ "device": {
+ "type": "string"
+ },
+ "grant_type": {
+ "type": "string"
+ },
+ "scope": {
+ "type": "string"
+ },
+ "target": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "grant_type"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "fd",
+ "description": "Failed Delegation",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "fdeac": {
+ "description": "Failed Device Confirmation - Device Activation Failure",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "audience": {
+ "description": "The audience in the JWT associated with the request.",
+ "type": "string"
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "code": {
+ "type": "string"
+ },
+ "connection": {
+ "type": "string"
+ },
+ "error": {
+ "properties": {
+ "type": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "type"
+ ],
+ "type": "object"
+ },
+ "session_id": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "code",
+ "session_id"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "scope": {
+ "anyOf": [
+ {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`"
+ },
+ "strategy": {
+ "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.",
+ "examples": [
+ [
+ "auth0",
+ "waad",
+ "oktawic",
+ "google-oauth2"
+ ]
+ ],
+ "type": "string"
+ },
+ "strategy_type": {
+ "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.",
+ "examples": [
+ [
+ "database",
+ "social",
+ "enterprise"
+ ]
+ ],
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "fdeac",
+ "description": "Failed Device Confirmation - Device Activation Failure",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "audience",
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "strategy",
+ "strategy_type",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "fdeaz": {
+ "description": "Failed Device Confirmation - Request Failure",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "body": {
+ "properties": {
+ "audience": {
+ "type": "string"
+ },
+ "client_id": {
+ "type": "string"
+ },
+ "scope": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_id",
+ "scope"
+ ],
+ "type": "object"
+ },
+ "error": {
+ "properties": {
+ "message": {
+ "type": "string"
+ },
+ "oauthError": {
+ "type": "string"
+ },
+ "payload": {
+ "properties": {
+ "attempt": {
+ "type": "number"
+ },
+ "authorized": {
+ "description": "min-length 1",
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "clientID": {
+ "type": "string"
+ },
+ "code": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ },
+ "name": {
+ "type": "string"
+ },
+ "status": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "attempt",
+ "authorized",
+ "clientID",
+ "code",
+ "message",
+ "name",
+ "status"
+ ],
+ "type": "object"
+ },
+ "type": {
+ "type": "string"
+ },
+ "uri": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "message",
+ "oauthError"
+ ],
+ "type": "object"
+ },
+ "qs": {
+ "type": "object"
+ }
+ },
+ "required": [
+ "body"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "fdeaz",
+ "description": "Failed Device Confirmation - Request Failure",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "fdecc": {
+ "description": "Failed Device Confirmation - User Canceled",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "session_id": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "session_id"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "fdecc",
+ "description": "Failed Device Confirmation - User Canceled",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "fdu": {
+ "description": "Failed User Deletion",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "body": {
+ "properties": {
+ "connection": {
+ "type": "string"
+ },
+ "tenant": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ }
+ },
+ "required": [
+ "body"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "strategy": {
+ "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.",
+ "examples": [
+ [
+ "auth0",
+ "waad",
+ "oktawic",
+ "google-oauth2"
+ ]
+ ],
+ "type": "string"
+ },
+ "strategy_type": {
+ "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.",
+ "examples": [
+ [
+ "database",
+ "social",
+ "enterprise"
+ ]
+ ],
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "fdu",
+ "description": "Failed User Deletion",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "strategy",
+ "strategy_type",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "feacft": {
+ "description": "Failed to Exchange Authorization Code for Access Token",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "agent_id": {
+ "description": "Stable identifier for the agent acting as principal in this flow. Present when an Auth0 Agent has been granted authority via token exchange and is acting on behalf of a user or itself.",
+ "type": "string"
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP from which we got the request. Note that this does not follow forwarded-for headers unlike the `ip` field which aims at describing the IP of the end user."
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "code": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "requested_client_id": {
+ "description": "The client_id from the request. The actual client_id will appear in the top level client_id property.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "security_context": {
+ "properties": {
+ "ja3": {
+ "description": "JA3 fingerprint. Could be undefined.",
+ "type": "string"
+ },
+ "ja4": {
+ "description": "JA4 fingerprint. Could be undefined.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "transaction_linking_id": {
+ "description": "Reflects the transaction linking ID provided at the start of the auth flow, if any. Only available when using decoupled authorization flows.",
+ "pattern": "^[A-Za-z0-9-_]{27}$",
+ "type": "string"
+ },
+ "type": {
+ "const": "feacft",
+ "description": "Failed Exchange of Authorization Code for Access Token",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "feccft": {
+ "description": "Failed exchange of Access Token for a Client Credentials Grant",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "agent_id": {
+ "description": "Stable identifier for the agent acting as principal in this flow. Present when an Auth0 Agent has been granted authority via token exchange and is acting on behalf of a user or itself.",
+ "type": "string"
+ },
+ "audience": {
+ "description": "The audience in the JWT associated with the request.",
+ "type": "string"
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP from which we got the request. Note that this does not follow forwarded-for headers unlike the `ip` field which aims at describing the IP of the end user."
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "client_authentoication_error": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "organization_id": {
+ "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.",
+ "type": "string"
+ },
+ "organization_name": {
+ "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.",
+ "type": "string"
+ },
+ "scope": {
+ "anyOf": [
+ {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`"
+ },
+ "security_context": {
+ "properties": {
+ "ja3": {
+ "description": "JA3 fingerprint. Could be undefined.",
+ "type": "string"
+ },
+ "ja4": {
+ "description": "JA4 fingerprint. Could be undefined.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "feccft",
+ "description": "Failed Exchange of Access Token for a Client Credentials Grant",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "audience",
+ "client_name",
+ "description",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "fecte": {
+ "description": "Failed Exchange via Custom Token Exchange",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "agent_id": {
+ "description": "Stable identifier for the agent acting as principal in this flow. Present when an Auth0 Agent has been granted authority via token exchange and is acting on behalf of a user or itself.",
+ "type": "string"
+ },
+ "audience": {
+ "description": "The audience in the JWT associated with the request.",
+ "type": "string"
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "actor": {
+ "description": "Identifies and provides information about the acting party to whom authority has been delegated when an entity is acting on behalf of another. Nested `act` claim represents delegation chains (deepest = original caller).",
+ "properties": {
+ "act": {
+ "anyOf": [
+ {
+ "properties": {
+ "act": {
+ "anyOf": [
+ {
+ "properties": {
+ "act": {
+ "anyOf": [
+ {
+ "properties": {
+ "act": {
+ "anyOf": [
+ {
+ "properties": {
+ "sub": {
+ "type": [
+ "string",
+ "null"
+ ]
+ }
+ },
+ "type": "object"
+ },
+ {
+ "type": "null"
+ }
+ ]
+ },
+ "sub": {
+ "type": [
+ "string",
+ "null"
+ ]
+ }
+ },
+ "type": "object"
+ },
+ {
+ "type": "null"
+ }
+ ]
+ },
+ "sub": {
+ "type": [
+ "string",
+ "null"
+ ]
+ }
+ },
+ "type": "object"
+ },
+ {
+ "type": "null"
+ }
+ ]
+ },
+ "sub": {
+ "type": [
+ "string",
+ "null"
+ ]
+ }
+ },
+ "type": "object"
+ },
+ {
+ "type": "null"
+ }
+ ]
+ },
+ "sub": {
+ "type": [
+ "string",
+ "null"
+ ]
+ }
+ },
+ "type": "object"
+ },
+ "subject_token_type": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "subject_token_type"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "scope": {
+ "anyOf": [
+ {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`"
+ },
+ "security_context": {
+ "properties": {
+ "ja3": {
+ "description": "JA3 fingerprint. Could be undefined.",
+ "type": "string"
+ },
+ "ja4": {
+ "description": "JA4 fingerprint. Could be undefined.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "fecte",
+ "description": "Failed Exchange via Custom Token Exchange",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "audience",
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "fede": {
+ "description": "Failed to exchange Device Code for Access Token",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "agent_id": {
+ "description": "Stable identifier for the agent acting as principal in this flow. Present when an Auth0 Agent initiated the device authorization flow and is acting on behalf of a user.",
+ "type": "string"
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP from which we got the request. Note that this does not follow forwarded-for headers unlike the `ip` field which aims at describing the IP of the end user."
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "security_context": {
+ "properties": {
+ "ja3": {
+ "description": "JA3 fingerprint. Could be undefined.",
+ "type": "string"
+ },
+ "ja4": {
+ "description": "JA4 fingerprint. Could be undefined.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "fede",
+ "description": "Failed Exchange of Device Code for Access Token",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "federated_logout_failed": {
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "errors": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ }
+ },
+ "required": [
+ "errors"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "federated_logout_failed",
+ "description": "Failed Federated Logout request",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "fens": {
+ "description": "Failed exchange for Native Social Login",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "audience": {
+ "description": "The audience in the JWT associated with the request.",
+ "type": "string"
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "subject_token_type": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "subject_token_type"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "scope": {
+ "anyOf": [
+ {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`"
+ },
+ "security_context": {
+ "properties": {
+ "ja3": {
+ "description": "JA3 fingerprint. Could be undefined.",
+ "type": "string"
+ },
+ "ja4": {
+ "description": "JA4 fingerprint. Could be undefined.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "fens",
+ "description": "Failed Exchange for Native Social Login",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "audience",
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "feoobft": {
+ "description": "Failed exchange of Password and OOB Challenge for Access Token",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "audience": {
+ "description": "The audience in the JWT associated with the request.",
+ "type": "string"
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP from which we got the request. Note that this does not follow forwarded-for headers unlike the `ip` field which aims at describing the IP of the end user."
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "organization_id": {
+ "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.",
+ "type": "string"
+ },
+ "organization_name": {
+ "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.",
+ "type": "string"
+ },
+ "scope": {
+ "anyOf": [
+ {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`"
+ },
+ "security_context": {
+ "properties": {
+ "ja3": {
+ "description": "JA3 fingerprint. Could be undefined.",
+ "type": "string"
+ },
+ "ja4": {
+ "description": "JA4 fingerprint. Could be undefined.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "feoobft",
+ "description": "Failed Exchange of Password and OOB Challenge for Access Token",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "audience",
+ "client_name",
+ "description",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "feotpft": {
+ "description": "Failed exchange of Password and OTP Challenge for Access Token",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "audience": {
+ "description": "The audience in the JWT associated with the request.",
+ "type": "string"
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP from which we got the request. Note that this does not follow forwarded-for headers unlike the `ip` field which aims at describing the IP of the end user."
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "organization_id": {
+ "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.",
+ "type": "string"
+ },
+ "organization_name": {
+ "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.",
+ "type": "string"
+ },
+ "scope": {
+ "anyOf": [
+ {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`"
+ },
+ "security_context": {
+ "properties": {
+ "ja3": {
+ "description": "JA3 fingerprint. Could be undefined.",
+ "type": "string"
+ },
+ "ja4": {
+ "description": "JA4 fingerprint. Could be undefined.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "feotpft",
+ "description": "Failed Exchange of Password and OTP Challenge for Access Token",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "audience",
+ "client_name",
+ "description",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "fepft": {
+ "description": "Failed exchange of Password for Access Token",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "audience": {
+ "description": "The audience in the JWT associated with the request.",
+ "type": "string"
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP from which we got the request. Note that this does not follow forwarded-for headers unlike the `ip` field which aims at describing the IP of the end user."
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "scope": {
+ "anyOf": [
+ {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`"
+ },
+ "security_context": {
+ "properties": {
+ "ja3": {
+ "description": "JA3 fingerprint. Could be undefined.",
+ "type": "string"
+ },
+ "ja4": {
+ "description": "JA4 fingerprint. Could be undefined.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "fepft",
+ "description": "Failed Exchange of Password for Access Token",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "audience",
+ "client_name",
+ "description",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "fepotpft": {
+ "description": "Failed exchange of Passwordless OTP for Access Token",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "audience": {
+ "description": "The audience in the JWT associated with the request.",
+ "type": "string"
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP from which we got the request. Note that this does not follow forwarded-for headers unlike the `ip` field which aims at describing the IP of the end user."
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "scope": {
+ "anyOf": [
+ {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`"
+ },
+ "security_context": {
+ "properties": {
+ "ja3": {
+ "description": "JA3 fingerprint. Could be undefined.",
+ "type": "string"
+ },
+ "ja4": {
+ "description": "JA4 fingerprint. Could be undefined.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "fepotpft",
+ "description": "Failed Exchange of Passwordless OTP for Access Token",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "audience",
+ "client_name",
+ "description",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "fercft": {
+ "description": "Failed Exchange of Password and MFA Recovery Code for Access Token",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "audience": {
+ "description": "The audience in the JWT associated with the request.",
+ "type": "string"
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP from which we got the request. Note that this does not follow forwarded-for headers unlike the `ip` field which aims at describing the IP of the end user."
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "organization_id": {
+ "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.",
+ "type": "string"
+ },
+ "organization_name": {
+ "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.",
+ "type": "string"
+ },
+ "scope": {
+ "anyOf": [
+ {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`"
+ },
+ "security_context": {
+ "properties": {
+ "ja3": {
+ "description": "JA3 fingerprint. Could be undefined.",
+ "type": "string"
+ },
+ "ja4": {
+ "description": "JA4 fingerprint. Could be undefined.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "fercft",
+ "description": "Failed Exchange of Password and MFA Recovery Code for Access Token",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "audience",
+ "client_name",
+ "description",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "ferrt": {
+ "description": "Failed Exchange of Rotating Refresh Token. This could occur when reuse is detected.",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "audience": {
+ "description": "The audience in the JWT associated with the request.",
+ "type": "string"
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP from which we got the request. Note that this does not follow forwarded-for headers unlike the `ip` field which aims at describing the IP of the end user."
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "familyId": {
+ "type": "string"
+ },
+ "latestCounter": {
+ "type": "number"
+ },
+ "tokenCounter": {
+ "type": "number"
+ }
+ },
+ "required": [
+ "familyId",
+ "latestCounter",
+ "tokenCounter"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "scope": {
+ "anyOf": [
+ {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`"
+ },
+ "security_context": {
+ "properties": {
+ "ja3": {
+ "description": "JA3 fingerprint. Could be undefined.",
+ "type": "string"
+ },
+ "ja4": {
+ "description": "JA4 fingerprint. Could be undefined.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "ferrt",
+ "description": "Failed Exchange of Rotating Refresh Token",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "audience",
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "fertft": {
+ "description": "Failed Exchange of Refresh Token for Access Token. This could occur if the refresh token is revoked or expired.",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "audience": {
+ "description": "The audience in the JWT associated with the request.",
+ "type": "string"
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP from which we got the request. Note that this does not follow forwarded-for headers unlike the `ip` field which aims at describing the IP of the end user."
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "actions": {
+ "properties": {
+ "executions": {
+ "description": "List of executions triggered by this auth flow. Executions can be retrieved with https://auth0.com/docs/api/management/v2/actions/get-execution",
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ }
+ },
+ "required": [
+ "executions"
+ ],
+ "type": "object"
+ },
+ "failure_reason": {
+ "description": "Reason the Online Refresh Token exchange failed.",
+ "enum": [
+ "session_not_found",
+ "grant_revoked",
+ "invalid_token"
+ ],
+ "type": "string"
+ },
+ "policy_used": {
+ "description": "The refresh token policy type that was matched during the token exchange",
+ "allOf": [
+ {
+ "enum": [
+ "mrrt",
+ "refresh_token_user_grant"
+ ],
+ "type": "string"
+ }
+ ]
+ },
+ "refresh_token": {
+ "description": "Details about the refresh token involved in a token exchange or revocation event. Present for both Online Refresh Tokens and regular (offline) refresh tokens.",
+ "properties": {
+ "access": {
+ "description": "Token access type: \"online\" for Online Refresh Tokens, \"offline\" for regular refresh tokens.",
+ "enum": [
+ "online",
+ "offline"
+ ],
+ "type": "string"
+ },
+ "session_id": {
+ "description": "The ID of the session this refresh token is bound to. Not present if the token was invalid and could not be read.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "requested_client_id": {
+ "description": "The client_id from the request. The actual client_id will appear in the top level client_id property.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "scope": {
+ "anyOf": [
+ {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "fertft",
+ "description": "Failed Exchange of Refresh Token for Access Token",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "audience",
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "feta": {
+ "description": "Failed token exchange at Token Vault",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "audit_context": {
+ "description": "Value of the `audit_context` claim echoed from the subject token JWT.",
+ "type": "string"
+ },
+ "enterprise_connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "enterprise_connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "failure_reason": {
+ "description": "Reason the token exchange failed. Emits `unknown` for unclassified failure modes.",
+ "type": "string"
+ },
+ "is_privileged_worker": {
+ "description": "True when the token exchange is performed via the Privileged Worker flow.",
+ "type": "boolean"
+ },
+ "subject_token_type": {
+ "type": "string"
+ },
+ "token_broker": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "subject_token_type",
+ "failure_reason",
+ "is_privileged_worker"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "organization_id": {
+ "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.",
+ "type": "string"
+ },
+ "organization_name": {
+ "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.",
+ "type": "string"
+ },
+ "strategy": {
+ "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.",
+ "examples": [
+ [
+ "auth0",
+ "waad",
+ "oktawic",
+ "google-oauth2"
+ ]
+ ],
+ "type": "string"
+ },
+ "strategy_type": {
+ "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.",
+ "examples": [
+ [
+ "database",
+ "social",
+ "enterprise"
+ ]
+ ],
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "feta",
+ "description": "Failed Exchange of Refresh Token for Token for 3rd party API",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "fi": {
+ "description": "Failed to accept a user invitation. This could happen if the user accepts an invitation using a different email address than provided in the invitation, or due to a system failure while provisioning the invitation.",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "invitation": {
+ "properties": {
+ "client_id": {
+ "type": "string"
+ },
+ "created_at": {
+ "type": "string"
+ },
+ "expires_at": {
+ "type": "string"
+ },
+ "id": {
+ "type": "string"
+ },
+ "invitee": {
+ "properties": {
+ "email": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "email"
+ ],
+ "type": "object"
+ },
+ "inviter": {
+ "properties": {
+ "name": {
+ "type": "string"
+ },
+ "organization_id": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "organization_id"
+ ],
+ "type": "object"
+ },
+ "roles": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "ticket_id": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_id",
+ "created_at",
+ "expires_at",
+ "id",
+ "invitee",
+ "inviter",
+ "roles",
+ "ticket_id"
+ ],
+ "type": "object"
+ }
+ },
+ "required": [
+ "invitation"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "organization_id": {
+ "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.",
+ "type": "string"
+ },
+ "organization_name": {
+ "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.",
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "fi",
+ "description": "failed Invite Accept",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "flo": {
+ "description": "Failed Logout",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "allowed_logout_url": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "initiated_by": {
+ "type": "string"
+ },
+ "protocol": {
+ "type": "string"
+ },
+ "return_to": {
+ "type": "string"
+ },
+ "session_id": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "allowed_logout_url",
+ "return_to"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "flo",
+ "description": "Failed Logout",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "flows_execution_completed": {
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "allOf": [
+ {
+ "properties": {
+ "execution_id": {
+ "type": "string"
+ },
+ "flow_id": {
+ "type": "string"
+ },
+ "state": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "execution_id",
+ "flow_id",
+ "state"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "organization_id": {
+ "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.",
+ "type": "string"
+ },
+ "organization_name": {
+ "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "strategy": {
+ "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.",
+ "examples": [
+ [
+ "auth0",
+ "waad",
+ "oktawic",
+ "google-oauth2"
+ ]
+ ],
+ "type": "string"
+ },
+ "strategy_type": {
+ "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.",
+ "examples": [
+ [
+ "database",
+ "social",
+ "enterprise"
+ ]
+ ],
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "flows_execution_completed",
+ "description": "Flows Execution Completed",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "strategy",
+ "strategy_type",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "flows_execution_failed": {
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "allOf": [
+ {
+ "properties": {
+ "error": {
+ "properties": {
+ "code": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "code",
+ "message"
+ ],
+ "type": "object"
+ },
+ "execution_id": {
+ "type": "string"
+ },
+ "flow_id": {
+ "type": "string"
+ },
+ "state": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "error",
+ "execution_id",
+ "flow_id",
+ "state"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "organization_id": {
+ "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.",
+ "type": "string"
+ },
+ "organization_name": {
+ "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "strategy": {
+ "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.",
+ "examples": [
+ [
+ "auth0",
+ "waad",
+ "oktawic",
+ "google-oauth2"
+ ]
+ ],
+ "type": "string"
+ },
+ "strategy_type": {
+ "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.",
+ "examples": [
+ [
+ "database",
+ "social",
+ "enterprise"
+ ]
+ ],
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "flows_execution_failed",
+ "description": "Flows Execution Failed",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "strategy",
+ "strategy_type",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "fn": {
+ "description": "Failed Notification",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "email_type": {
+ "type": "string"
+ },
+ "error": {
+ "type": "string"
+ },
+ "notification_type": {
+ "type": "string"
+ },
+ "to": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "email_type",
+ "notification_type",
+ "to"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "fn",
+ "description": "Failed Notification",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "forms_submission_failed": {
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "allOf": [
+ {
+ "properties": {
+ "error": {
+ "properties": {
+ "code": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "code",
+ "message"
+ ],
+ "type": "object"
+ },
+ "form_id": {
+ "type": "string"
+ },
+ "state": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "error",
+ "form_id",
+ "state"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "organization_id": {
+ "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.",
+ "type": "string"
+ },
+ "organization_name": {
+ "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "strategy": {
+ "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.",
+ "examples": [
+ [
+ "auth0",
+ "waad",
+ "oktawic",
+ "google-oauth2"
+ ]
+ ],
+ "type": "string"
+ },
+ "strategy_type": {
+ "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.",
+ "examples": [
+ [
+ "database",
+ "social",
+ "enterprise"
+ ]
+ ],
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "forms_submission_failed",
+ "description": "Forms Submission Failed",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "strategy",
+ "strategy_type",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "forms_submission_succeeded": {
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "allOf": [
+ {
+ "properties": {
+ "form_id": {
+ "type": "string"
+ },
+ "state": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "form_id",
+ "state"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "organization_id": {
+ "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.",
+ "type": "string"
+ },
+ "organization_name": {
+ "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "strategy": {
+ "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.",
+ "examples": [
+ [
+ "auth0",
+ "waad",
+ "oktawic",
+ "google-oauth2"
+ ]
+ ],
+ "type": "string"
+ },
+ "strategy_type": {
+ "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.",
+ "examples": [
+ [
+ "database",
+ "social",
+ "enterprise"
+ ]
+ ],
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "forms_submission_succeeded",
+ "description": "Forms Submission Succeeded",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "strategy",
+ "strategy_type",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "fp": {
+ "description": "Failed login due to invalid password",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "consoleOut": {},
+ "error": {
+ "anyOf": [
+ {
+ "properties": {
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "message"
+ ],
+ "type": "object"
+ },
+ {
+ "properties": {
+ "reason": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "reason"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "transaction_id": {
+ "description": "Transaction ID to correlate log events that belong to the same authentication transaction.",
+ "type": "string"
+ }
+ },
+ "required": [
+ "error"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "organization_id": {
+ "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.",
+ "type": "string"
+ },
+ "organization_name": {
+ "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "security_context": {
+ "properties": {
+ "ja3": {
+ "description": "JA3 fingerprint. Could be undefined.",
+ "type": "string"
+ },
+ "ja4": {
+ "description": "JA4 fingerprint. Could be undefined.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "strategy": {
+ "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.",
+ "examples": [
+ [
+ "auth0",
+ "waad",
+ "oktawic",
+ "google-oauth2"
+ ]
+ ],
+ "type": "string"
+ },
+ "strategy_type": {
+ "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.",
+ "examples": [
+ [
+ "database",
+ "social",
+ "enterprise"
+ ]
+ ],
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "fp",
+ "description": "Failed Login - Invalid Password",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "strategy",
+ "strategy_type",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "fpar": {
+ "description": "Failed Push Authorization Request",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "error": {
+ "properties": {
+ "message": {
+ "type": "string"
+ },
+ "oauthError": {
+ "type": "string"
+ },
+ "payload": {
+ "properties": {
+ "attempt": {
+ "type": "number"
+ },
+ "authorized": {
+ "description": "min-length 1",
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "clientID": {
+ "type": "string"
+ },
+ "code": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ },
+ "name": {
+ "type": "string"
+ },
+ "status": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "attempt",
+ "authorized",
+ "clientID",
+ "code",
+ "message",
+ "name",
+ "status"
+ ],
+ "type": "object"
+ },
+ "type": {
+ "type": "string"
+ },
+ "uri": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "message",
+ "oauthError"
+ ],
+ "type": "object"
+ },
+ "qs": {
+ "type": "object"
+ },
+ "riskAssessment": {
+ "properties": {
+ "assessments": {
+ "description": "Risk assessment results keyed by assessor name.",
+ "properties": {
+ "ImpossibleTravel": {
+ "description": "Flags logins from geographically distant locations within a short time window.",
+ "properties": {
+ "code": {
+ "description": "Assessment result code.",
+ "type": "string"
+ },
+ "confidence": {
+ "description": "Confidence level of the assessment.",
+ "type": "string"
+ }
+ },
+ "required": [
+ "code",
+ "confidence"
+ ],
+ "type": "object"
+ },
+ "NewDevice": {
+ "description": "Flags logins from a device not previously seen for the user.",
+ "properties": {
+ "code": {
+ "description": "Assessment result code.",
+ "type": "string"
+ },
+ "confidence": {
+ "description": "Confidence level of the assessment.",
+ "type": "string"
+ },
+ "details": {
+ "properties": {
+ "device": {
+ "description": "Device identifier.",
+ "type": "string"
+ },
+ "useragent": {
+ "description": "User agent string associated with the device.",
+ "type": "string"
+ }
+ },
+ "required": [
+ "device"
+ ],
+ "type": "object"
+ }
+ },
+ "required": [
+ "code",
+ "confidence"
+ ],
+ "type": "object"
+ },
+ "UntrustedIP": {
+ "description": "Flags logins from IPs listed in threat intelligence sources.",
+ "properties": {
+ "code": {
+ "description": "Assessment result code.",
+ "type": "string"
+ },
+ "confidence": {
+ "description": "Confidence level of the assessment.",
+ "type": "string"
+ },
+ "details": {
+ "properties": {
+ "ip": {
+ "description": "IP address that triggered the assessment.",
+ "type": "string"
+ },
+ "matches": {
+ "description": "Threat category matched.",
+ "type": "string"
+ },
+ "source": {
+ "description": "Threat intelligence source.",
+ "type": "string"
+ }
+ },
+ "required": [
+ "ip",
+ "matches",
+ "source"
+ ],
+ "type": "object"
+ }
+ },
+ "required": [
+ "code",
+ "confidence"
+ ],
+ "type": "object"
+ }
+ },
+ "required": [
+ "UntrustedIP"
+ ],
+ "type": "object"
+ },
+ "confidence": {
+ "description": "Overall confidence level of the risk assessment.",
+ "type": "string"
+ },
+ "version": {
+ "description": "Risk assessment engine version.",
+ "type": "string"
+ }
+ },
+ "required": [
+ "assessments",
+ "confidence",
+ "version"
+ ],
+ "type": "object"
+ },
+ "session_id": {
+ "type": "string"
+ },
+ "stats": {
+ "properties": {
+ "loginsCount": {
+ "description": "The number of logins this user has done, if available. Logins done with a valid username and password always increment this count, even if further steps in the process cause the login to fail (MFA, extensibility, etc.) Null values should be treated as missing data and not as 0.",
+ "type": [
+ "number",
+ "null"
+ ]
+ }
+ },
+ "required": [
+ "loginsCount"
+ ],
+ "type": "object"
+ }
+ },
+ "required": [
+ "error"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "organization_id": {
+ "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.",
+ "type": "string"
+ },
+ "organization_name": {
+ "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.",
+ "type": "string"
+ },
+ "scope": {
+ "anyOf": [
+ {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "fpar",
+ "description": "Failed Push Authorization Request",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "fpurh": {
+ "description": "Failed Post User Registration Hook",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "strategy": {
+ "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.",
+ "examples": [
+ [
+ "auth0",
+ "waad",
+ "oktawic",
+ "google-oauth2"
+ ]
+ ],
+ "type": "string"
+ },
+ "strategy_type": {
+ "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.",
+ "examples": [
+ [
+ "database",
+ "social",
+ "enterprise"
+ ]
+ ],
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "fpurh",
+ "description": "Failed Post User Registration Hook",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "environment_name",
+ "ip",
+ "log_id",
+ "strategy",
+ "strategy_type",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "fs": {
+ "description": "Failed Signup",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "grant_type": {
+ "type": "string"
+ },
+ "phone_number": {
+ "type": "string"
+ },
+ "phone_risk_assessment": {
+ "properties": {
+ "country_code": {
+ "type": "number"
+ },
+ "is_valid": {
+ "type": "boolean"
+ },
+ "line_type": {
+ "type": "string"
+ },
+ "risk_level": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "line_type",
+ "risk_level",
+ "country_code",
+ "is_valid"
+ ],
+ "type": "object"
+ },
+ "riskAssessment": {
+ "description": "Risk assessment result for the signup attempt.",
+ "allOf": [
+ {
+ "properties": {
+ "assessments": {
+ "description": "Risk assessment results keyed by assessor name.",
+ "properties": {
+ "ImpossibleTravel": {
+ "description": "Flags logins from geographically distant locations within a short time window.",
+ "properties": {
+ "code": {
+ "description": "Assessment result code.",
+ "type": "string"
+ },
+ "confidence": {
+ "description": "Confidence level of the assessment.",
+ "type": "string"
+ }
+ },
+ "required": [
+ "code",
+ "confidence"
+ ],
+ "type": "object"
+ },
+ "NewDevice": {
+ "description": "Flags logins from a device not previously seen for the user.",
+ "properties": {
+ "code": {
+ "description": "Assessment result code.",
+ "type": "string"
+ },
+ "confidence": {
+ "description": "Confidence level of the assessment.",
+ "type": "string"
+ },
+ "details": {
+ "properties": {
+ "device": {
+ "description": "Device identifier.",
+ "type": "string"
+ },
+ "useragent": {
+ "description": "User agent string associated with the device.",
+ "type": "string"
+ }
+ },
+ "required": [
+ "device"
+ ],
+ "type": "object"
+ }
+ },
+ "required": [
+ "code",
+ "confidence"
+ ],
+ "type": "object"
+ },
+ "UntrustedIP": {
+ "description": "Flags logins from IPs listed in threat intelligence sources.",
+ "properties": {
+ "code": {
+ "description": "Assessment result code.",
+ "type": "string"
+ },
+ "confidence": {
+ "description": "Confidence level of the assessment.",
+ "type": "string"
+ },
+ "details": {
+ "properties": {
+ "ip": {
+ "description": "IP address that triggered the assessment.",
+ "type": "string"
+ },
+ "matches": {
+ "description": "Threat category matched.",
+ "type": "string"
+ },
+ "source": {
+ "description": "Threat intelligence source.",
+ "type": "string"
+ }
+ },
+ "required": [
+ "ip",
+ "matches",
+ "source"
+ ],
+ "type": "object"
+ }
+ },
+ "required": [
+ "code",
+ "confidence"
+ ],
+ "type": "object"
+ }
+ },
+ "required": [
+ "UntrustedIP"
+ ],
+ "type": "object"
+ },
+ "confidence": {
+ "description": "Overall confidence level of the risk assessment.",
+ "type": "string"
+ },
+ "version": {
+ "description": "Risk assessment engine version.",
+ "type": "string"
+ }
+ },
+ "required": [
+ "assessments",
+ "confidence",
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "session": {
+ "description": "Details about the session associated with the login",
+ "allOf": [
+ {
+ "properties": {
+ "cookie": {
+ "properties": {
+ "mode": {
+ "enum": [
+ "persistent",
+ "non-persistent"
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "mode"
+ ],
+ "type": "object"
+ },
+ "idp_session_expiry": {
+ "type": "number"
+ }
+ },
+ "required": [
+ "cookie"
+ ],
+ "type": "object"
+ }
+ ]
+ }
+ },
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "security_context": {
+ "properties": {
+ "ja3": {
+ "description": "JA3 fingerprint. Could be undefined.",
+ "type": "string"
+ },
+ "ja4": {
+ "description": "JA4 fingerprint. Could be undefined.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "strategy": {
+ "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.",
+ "examples": [
+ [
+ "auth0",
+ "waad",
+ "oktawic",
+ "google-oauth2"
+ ]
+ ],
+ "type": "string"
+ },
+ "strategy_type": {
+ "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.",
+ "examples": [
+ [
+ "database",
+ "social",
+ "enterprise"
+ ]
+ ],
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "fs",
+ "description": "Failed Signup",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "environment_name",
+ "ip",
+ "log_id",
+ "strategy",
+ "strategy_type",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "fsa": {
+ "description": "Failed Silent Auth",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "audience": {
+ "description": "The audience in the JWT associated with the request.",
+ "type": "string"
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "session": {
+ "description": "Details about the session associated with the login",
+ "allOf": [
+ {
+ "properties": {
+ "cookie": {
+ "properties": {
+ "mode": {
+ "enum": [
+ "persistent",
+ "non-persistent"
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "mode"
+ ],
+ "type": "object"
+ },
+ "idp_session_expiry": {
+ "type": "number"
+ }
+ },
+ "required": [
+ "cookie"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "triggered_by_session_transfer_token": {
+ "description": "Whether a Session Transfer Token was used for authentication",
+ "type": "boolean"
+ }
+ },
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "organization_id": {
+ "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.",
+ "type": "string"
+ },
+ "organization_name": {
+ "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.",
+ "type": "string"
+ },
+ "scope": {
+ "anyOf": [
+ {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "fsa",
+ "description": "Failed Silent Auth",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "audience",
+ "client_name",
+ "description",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "fu": {
+ "description": "Failed login due to invalid username",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "error": {
+ "properties": {
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "message"
+ ],
+ "type": "object"
+ },
+ "transaction_id": {
+ "description": "Transaction ID to correlate log events that belong to the same authentication transaction.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "organization_id": {
+ "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.",
+ "type": "string"
+ },
+ "organization_name": {
+ "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "security_context": {
+ "properties": {
+ "ja3": {
+ "description": "JA3 fingerprint. Could be undefined.",
+ "type": "string"
+ },
+ "ja4": {
+ "description": "JA4 fingerprint. Could be undefined.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "strategy": {
+ "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.",
+ "examples": [
+ [
+ "auth0",
+ "waad",
+ "oktawic",
+ "google-oauth2"
+ ]
+ ],
+ "type": "string"
+ },
+ "strategy_type": {
+ "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.",
+ "examples": [
+ [
+ "database",
+ "social",
+ "enterprise"
+ ]
+ ],
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "fu",
+ "description": "Failed Login - Invalid username",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "strategy",
+ "strategy_type",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "fui": {
+ "description": "Failed to import users",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "connection": {
+ "type": "string"
+ },
+ "tenant": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "tenant",
+ "connection"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "organization_id": {
+ "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.",
+ "type": "string"
+ },
+ "organization_name": {
+ "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.",
+ "type": "string"
+ },
+ "strategy": {
+ "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.",
+ "examples": [
+ [
+ "auth0",
+ "waad",
+ "oktawic",
+ "google-oauth2"
+ ]
+ ],
+ "type": "string"
+ },
+ "strategy_type": {
+ "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.",
+ "examples": [
+ [
+ "database",
+ "social",
+ "enterprise"
+ ]
+ ],
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "fui",
+ "description": "Failed Users Import",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "strategy",
+ "strategy_type",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "fv": {
+ "description": "Failed to send verification email",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "body": {
+ "type": "object"
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "body": {
+ "properties": {
+ "tenant": {
+ "type": "string"
+ },
+ "ticket": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "tenant",
+ "ticket"
+ ],
+ "type": "object"
+ },
+ "email": {
+ "type": "string"
+ },
+ "query": {
+ "properties": {
+ "client_id": {
+ "type": "string"
+ },
+ "connection": {
+ "type": "string"
+ },
+ "email": {
+ "type": "string"
+ },
+ "idp_user_id": {
+ "type": "string"
+ },
+ "includeEmailInRedirect": {
+ "type": "string"
+ },
+ "resultUrl": {
+ "type": "string"
+ },
+ "tenant": {
+ "type": "string"
+ },
+ "user_id": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_id",
+ "connection",
+ "email",
+ "idp_user_id",
+ "includeEmailInRedirect",
+ "resultUrl",
+ "tenant",
+ "user_id"
+ ],
+ "type": "object"
+ },
+ "title": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "query"
+ ],
+ "type": "object"
+ },
+ "email": {
+ "type": "string"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "query": {
+ "type": "object"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "strategy": {
+ "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.",
+ "examples": [
+ [
+ "auth0",
+ "waad",
+ "oktawic",
+ "google-oauth2"
+ ]
+ ],
+ "type": "string"
+ },
+ "strategy_type": {
+ "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.",
+ "examples": [
+ [
+ "database",
+ "social",
+ "enterprise"
+ ]
+ ],
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "title": {
+ "type": "string"
+ },
+ "type": {
+ "const": "fv",
+ "description": "Failed Verification Email",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "body",
+ "client_name",
+ "description",
+ "details",
+ "email",
+ "environment_name",
+ "ip",
+ "log_id",
+ "query",
+ "strategy",
+ "strategy_type",
+ "tenant_name",
+ "title",
+ "type"
+ ],
+ "type": "object"
+ },
+ "fvr": {
+ "description": "Failed to proces verification email request",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "body": {
+ "properties": {
+ "client_id": {
+ "type": "string"
+ },
+ "connection": {
+ "type": "string"
+ },
+ "email": {
+ "type": "string"
+ },
+ "idp_user_id": {
+ "type": [
+ "string",
+ "number"
+ ]
+ },
+ "includeEmailInRedirect": {
+ "type": "boolean"
+ },
+ "job_id": {
+ "type": "string"
+ },
+ "provider": {
+ "type": "string"
+ },
+ "resultUrl": {
+ "type": "string"
+ },
+ "template": {
+ "properties": {
+ "type": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "type"
+ ],
+ "type": "object"
+ },
+ "tenant": {
+ "type": "string"
+ },
+ "to": {
+ "type": "string"
+ },
+ "ttl_sec": {
+ "type": "number"
+ },
+ "user_id": {
+ "type": "string"
+ },
+ "verificationUrl": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ }
+ },
+ "required": [
+ "body"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "strategy": {
+ "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.",
+ "examples": [
+ [
+ "auth0",
+ "waad",
+ "oktawic",
+ "google-oauth2"
+ ]
+ ],
+ "type": "string"
+ },
+ "strategy_type": {
+ "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.",
+ "examples": [
+ [
+ "database",
+ "social",
+ "enterprise"
+ ]
+ ],
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "fvr",
+ "description": "Failed Verification Email Request",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "strategy",
+ "strategy_type",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "gd_auth_email_verification": {
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "allOf": [
+ {
+ "properties": {
+ "authenticator": {
+ "properties": {
+ "id": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "phone_number": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "type": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "id",
+ "type"
+ ],
+ "type": "object"
+ },
+ "device_id": {
+ "type": "string"
+ },
+ "enrollment": {
+ "properties": {
+ "_id": {
+ "type": "string"
+ },
+ "identifier": {
+ "type": "string"
+ },
+ "name": {
+ "type": "string"
+ },
+ "phone_number": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "tenant": {
+ "type": "string"
+ },
+ "user_id": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "_id",
+ "tenant",
+ "user_id"
+ ],
+ "type": "object"
+ },
+ "failure_details": {
+ "properties": {
+ "errorCode": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "errorCode",
+ "message"
+ ],
+ "type": "object"
+ },
+ "first_factor": {
+ "type": "boolean"
+ },
+ "provider_error": {
+ "properties": {
+ "errorCode": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "errorCode",
+ "message"
+ ],
+ "type": "object"
+ },
+ "remember_browser": {
+ "description": "This is a boolean value indicating whether the browser/device is remembered to bypass MFA challenges within the configured duration.",
+ "type": "boolean"
+ },
+ "request": {
+ "type": "object"
+ },
+ "response": {
+ "type": "object"
+ },
+ "session_id": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ }
+ ]
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "gd_auth_email_verification",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "gd_auth_failed": {
+ "description": "Multi-factor authentication failed. This could happen due to a wrong code entered for SMS/Voice/Email/TOTP factors, or a system failure.",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "authenticator": {
+ "properties": {
+ "id": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "phone_number": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "type": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "id",
+ "type"
+ ],
+ "type": "object"
+ },
+ "device_id": {
+ "type": "string"
+ },
+ "enrollment": {
+ "properties": {
+ "_id": {
+ "type": "string"
+ },
+ "identifier": {
+ "type": "string"
+ },
+ "name": {
+ "type": "string"
+ },
+ "phone_number": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "tenant": {
+ "type": "string"
+ },
+ "user_id": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "_id",
+ "tenant",
+ "user_id"
+ ],
+ "type": "object"
+ },
+ "failure_details": {
+ "properties": {
+ "errorCode": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "errorCode",
+ "message"
+ ],
+ "type": "object"
+ },
+ "first_factor": {
+ "type": "boolean"
+ },
+ "provider_error": {
+ "properties": {
+ "errorCode": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "errorCode",
+ "message"
+ ],
+ "type": "object"
+ },
+ "remember_browser": {
+ "description": "This is a boolean value indicating whether the browser/device is remembered to bypass MFA challenges within the configured duration.",
+ "type": "boolean"
+ },
+ "request": {
+ "properties": {
+ "auth": {
+ "properties": {
+ "scopes": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "strategy": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "scopes",
+ "strategy"
+ ],
+ "type": "object"
+ },
+ "body": {
+ "properties": {
+ "code": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "code"
+ ],
+ "type": "object"
+ },
+ "ip": {
+ "type": "string"
+ },
+ "method": {
+ "type": "string"
+ },
+ "path": {
+ "type": "string"
+ },
+ "query": {
+ "type": "string"
+ },
+ "userAgent": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "auth",
+ "body",
+ "ip",
+ "method",
+ "path",
+ "query",
+ "userAgent"
+ ],
+ "type": "object"
+ },
+ "response": {
+ "type": "object"
+ },
+ "session_id": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "request",
+ "response"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "gd_auth_failed",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "gd_auth_rejected": {
+ "description": "User rejected a multi-factor authentication request via push-notification",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "allOf": [
+ {
+ "properties": {
+ "authenticator": {
+ "properties": {
+ "id": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "phone_number": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "type": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "id",
+ "type"
+ ],
+ "type": "object"
+ },
+ "device_id": {
+ "type": "string"
+ },
+ "enrollment": {
+ "properties": {
+ "_id": {
+ "type": "string"
+ },
+ "identifier": {
+ "type": "string"
+ },
+ "name": {
+ "type": "string"
+ },
+ "phone_number": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "tenant": {
+ "type": "string"
+ },
+ "user_id": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "_id",
+ "tenant",
+ "user_id"
+ ],
+ "type": "object"
+ },
+ "failure_details": {
+ "properties": {
+ "errorCode": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "errorCode",
+ "message"
+ ],
+ "type": "object"
+ },
+ "first_factor": {
+ "type": "boolean"
+ },
+ "provider_error": {
+ "properties": {
+ "errorCode": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "errorCode",
+ "message"
+ ],
+ "type": "object"
+ },
+ "remember_browser": {
+ "description": "This is a boolean value indicating whether the browser/device is remembered to bypass MFA challenges within the configured duration.",
+ "type": "boolean"
+ },
+ "request": {
+ "type": "object"
+ },
+ "response": {
+ "type": "object"
+ },
+ "session_id": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ }
+ ]
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "gd_auth_rejected",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "gd_auth_succeed": {
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "allOf": [
+ {
+ "properties": {
+ "authenticator": {
+ "properties": {
+ "id": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "phone_number": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "type": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "id",
+ "type"
+ ],
+ "type": "object"
+ },
+ "device_id": {
+ "type": "string"
+ },
+ "enrollment": {
+ "properties": {
+ "_id": {
+ "type": "string"
+ },
+ "identifier": {
+ "type": "string"
+ },
+ "name": {
+ "type": "string"
+ },
+ "phone_number": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "tenant": {
+ "type": "string"
+ },
+ "user_id": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "_id",
+ "tenant",
+ "user_id"
+ ],
+ "type": "object"
+ },
+ "failure_details": {
+ "properties": {
+ "errorCode": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "errorCode",
+ "message"
+ ],
+ "type": "object"
+ },
+ "first_factor": {
+ "type": "boolean"
+ },
+ "provider_error": {
+ "properties": {
+ "errorCode": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "errorCode",
+ "message"
+ ],
+ "type": "object"
+ },
+ "remember_browser": {
+ "description": "This is a boolean value indicating whether the browser/device is remembered to bypass MFA challenges within the configured duration.",
+ "type": "boolean"
+ },
+ "request": {
+ "type": "object"
+ },
+ "response": {
+ "type": "object"
+ },
+ "session_id": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ }
+ ]
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "gd_auth_succeed",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "gd_enrollment_complete": {
+ "description": "A first time MFA user has successfully enrolled using one of the factors",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "allOf": [
+ {
+ "properties": {
+ "authenticator": {
+ "properties": {
+ "id": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "phone_number": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "type": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "id",
+ "type"
+ ],
+ "type": "object"
+ },
+ "device_id": {
+ "type": "string"
+ },
+ "enrollment": {
+ "properties": {
+ "_id": {
+ "type": "string"
+ },
+ "identifier": {
+ "type": "string"
+ },
+ "name": {
+ "type": "string"
+ },
+ "phone_number": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "tenant": {
+ "type": "string"
+ },
+ "user_id": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "_id",
+ "tenant",
+ "user_id"
+ ],
+ "type": "object"
+ },
+ "failure_details": {
+ "properties": {
+ "errorCode": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "errorCode",
+ "message"
+ ],
+ "type": "object"
+ },
+ "first_factor": {
+ "type": "boolean"
+ },
+ "provider_error": {
+ "properties": {
+ "errorCode": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "errorCode",
+ "message"
+ ],
+ "type": "object"
+ },
+ "remember_browser": {
+ "description": "This is a boolean value indicating whether the browser/device is remembered to bypass MFA challenges within the configured duration.",
+ "type": "boolean"
+ },
+ "request": {
+ "type": "object"
+ },
+ "response": {
+ "type": "object"
+ },
+ "session_id": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ }
+ ]
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "gd_enrollment_complete",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "gd_otp_rate_limit_exceed": {
+ "description": "A user, during enrollment or authentication, enters an incorrect code more than the maximum allowed number of times. Ex: A user enrolling in SMS enters the 6-digit code wrong more than 10 times in a row.",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "allOf": [
+ {
+ "properties": {
+ "authenticator": {
+ "properties": {
+ "id": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "phone_number": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "type": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "id",
+ "type"
+ ],
+ "type": "object"
+ },
+ "device_id": {
+ "type": "string"
+ },
+ "enrollment": {
+ "properties": {
+ "_id": {
+ "type": "string"
+ },
+ "identifier": {
+ "type": "string"
+ },
+ "name": {
+ "type": "string"
+ },
+ "phone_number": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "tenant": {
+ "type": "string"
+ },
+ "user_id": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "_id",
+ "tenant",
+ "user_id"
+ ],
+ "type": "object"
+ },
+ "failure_details": {
+ "properties": {
+ "errorCode": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "errorCode",
+ "message"
+ ],
+ "type": "object"
+ },
+ "first_factor": {
+ "type": "boolean"
+ },
+ "provider_error": {
+ "properties": {
+ "errorCode": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "errorCode",
+ "message"
+ ],
+ "type": "object"
+ },
+ "remember_browser": {
+ "description": "This is a boolean value indicating whether the browser/device is remembered to bypass MFA challenges within the configured duration.",
+ "type": "boolean"
+ },
+ "request": {
+ "type": "object"
+ },
+ "response": {
+ "type": "object"
+ },
+ "session_id": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ }
+ ]
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "gd_otp_rate_limit_exceed",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "gd_recovery_failed": {
+ "description": "A user entered a wrong Recovery Code when attempting to authenticate",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "allOf": [
+ {
+ "properties": {
+ "authenticator": {
+ "properties": {
+ "id": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "phone_number": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "type": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "id",
+ "type"
+ ],
+ "type": "object"
+ },
+ "device_id": {
+ "type": "string"
+ },
+ "enrollment": {
+ "properties": {
+ "_id": {
+ "type": "string"
+ },
+ "identifier": {
+ "type": "string"
+ },
+ "name": {
+ "type": "string"
+ },
+ "phone_number": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "tenant": {
+ "type": "string"
+ },
+ "user_id": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "_id",
+ "tenant",
+ "user_id"
+ ],
+ "type": "object"
+ },
+ "failure_details": {
+ "properties": {
+ "errorCode": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "errorCode",
+ "message"
+ ],
+ "type": "object"
+ },
+ "first_factor": {
+ "type": "boolean"
+ },
+ "provider_error": {
+ "properties": {
+ "errorCode": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "errorCode",
+ "message"
+ ],
+ "type": "object"
+ },
+ "remember_browser": {
+ "description": "This is a boolean value indicating whether the browser/device is remembered to bypass MFA challenges within the configured duration.",
+ "type": "boolean"
+ },
+ "request": {
+ "type": "object"
+ },
+ "response": {
+ "type": "object"
+ },
+ "session_id": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ }
+ ]
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "gd_recovery_failed",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "gd_recovery_succeed": {
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "allOf": [
+ {
+ "properties": {
+ "authenticator": {
+ "properties": {
+ "id": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "phone_number": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "type": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "id",
+ "type"
+ ],
+ "type": "object"
+ },
+ "device_id": {
+ "type": "string"
+ },
+ "enrollment": {
+ "properties": {
+ "_id": {
+ "type": "string"
+ },
+ "identifier": {
+ "type": "string"
+ },
+ "name": {
+ "type": "string"
+ },
+ "phone_number": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "tenant": {
+ "type": "string"
+ },
+ "user_id": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "_id",
+ "tenant",
+ "user_id"
+ ],
+ "type": "object"
+ },
+ "failure_details": {
+ "properties": {
+ "errorCode": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "errorCode",
+ "message"
+ ],
+ "type": "object"
+ },
+ "first_factor": {
+ "type": "boolean"
+ },
+ "provider_error": {
+ "properties": {
+ "errorCode": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "errorCode",
+ "message"
+ ],
+ "type": "object"
+ },
+ "remember_browser": {
+ "description": "This is a boolean value indicating whether the browser/device is remembered to bypass MFA challenges within the configured duration.",
+ "type": "boolean"
+ },
+ "request": {
+ "type": "object"
+ },
+ "response": {
+ "type": "object"
+ },
+ "session_id": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ }
+ ]
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "gd_recovery_succeed",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "gd_send_email": {
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "allOf": [
+ {
+ "properties": {
+ "authenticator": {
+ "properties": {
+ "id": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "phone_number": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "type": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "id",
+ "type"
+ ],
+ "type": "object"
+ },
+ "device_id": {
+ "type": "string"
+ },
+ "enrollment": {
+ "properties": {
+ "_id": {
+ "type": "string"
+ },
+ "identifier": {
+ "type": "string"
+ },
+ "name": {
+ "type": "string"
+ },
+ "phone_number": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "tenant": {
+ "type": "string"
+ },
+ "user_id": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "_id",
+ "tenant",
+ "user_id"
+ ],
+ "type": "object"
+ },
+ "failure_details": {
+ "properties": {
+ "errorCode": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "errorCode",
+ "message"
+ ],
+ "type": "object"
+ },
+ "first_factor": {
+ "type": "boolean"
+ },
+ "provider_error": {
+ "properties": {
+ "errorCode": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "errorCode",
+ "message"
+ ],
+ "type": "object"
+ },
+ "remember_browser": {
+ "description": "This is a boolean value indicating whether the browser/device is remembered to bypass MFA challenges within the configured duration.",
+ "type": "boolean"
+ },
+ "request": {
+ "type": "object"
+ },
+ "response": {
+ "type": "object"
+ },
+ "session_id": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ }
+ ]
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "gd_send_email",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "gd_send_email_verification": {
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "allOf": [
+ {
+ "properties": {
+ "authenticator": {
+ "properties": {
+ "id": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "phone_number": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "type": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "id",
+ "type"
+ ],
+ "type": "object"
+ },
+ "device_id": {
+ "type": "string"
+ },
+ "enrollment": {
+ "properties": {
+ "_id": {
+ "type": "string"
+ },
+ "identifier": {
+ "type": "string"
+ },
+ "name": {
+ "type": "string"
+ },
+ "phone_number": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "tenant": {
+ "type": "string"
+ },
+ "user_id": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "_id",
+ "tenant",
+ "user_id"
+ ],
+ "type": "object"
+ },
+ "failure_details": {
+ "properties": {
+ "errorCode": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "errorCode",
+ "message"
+ ],
+ "type": "object"
+ },
+ "first_factor": {
+ "type": "boolean"
+ },
+ "provider_error": {
+ "properties": {
+ "errorCode": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "errorCode",
+ "message"
+ ],
+ "type": "object"
+ },
+ "remember_browser": {
+ "description": "This is a boolean value indicating whether the browser/device is remembered to bypass MFA challenges within the configured duration.",
+ "type": "boolean"
+ },
+ "request": {
+ "type": "object"
+ },
+ "response": {
+ "type": "object"
+ },
+ "session_id": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ }
+ ]
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "gd_send_email_verification",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "gd_send_pn": {
+ "description": "Push notification for MFA sent successfully sent",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "allOf": [
+ {
+ "properties": {
+ "authenticator": {
+ "properties": {
+ "id": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "phone_number": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "type": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "id",
+ "type"
+ ],
+ "type": "object"
+ },
+ "device_id": {
+ "type": "string"
+ },
+ "enrollment": {
+ "properties": {
+ "_id": {
+ "type": "string"
+ },
+ "identifier": {
+ "type": "string"
+ },
+ "name": {
+ "type": "string"
+ },
+ "phone_number": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "tenant": {
+ "type": "string"
+ },
+ "user_id": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "_id",
+ "tenant",
+ "user_id"
+ ],
+ "type": "object"
+ },
+ "failure_details": {
+ "properties": {
+ "errorCode": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "errorCode",
+ "message"
+ ],
+ "type": "object"
+ },
+ "first_factor": {
+ "type": "boolean"
+ },
+ "provider_error": {
+ "properties": {
+ "errorCode": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "errorCode",
+ "message"
+ ],
+ "type": "object"
+ },
+ "remember_browser": {
+ "description": "This is a boolean value indicating whether the browser/device is remembered to bypass MFA challenges within the configured duration.",
+ "type": "boolean"
+ },
+ "request": {
+ "type": "object"
+ },
+ "response": {
+ "type": "object"
+ },
+ "session_id": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ }
+ ]
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "gd_send_pn",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "gd_send_pn_failure": {
+ "description": "Push notification for MFA failed",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "allOf": [
+ {
+ "properties": {
+ "authenticator": {
+ "properties": {
+ "id": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "phone_number": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "type": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "id",
+ "type"
+ ],
+ "type": "object"
+ },
+ "device_id": {
+ "type": "string"
+ },
+ "enrollment": {
+ "properties": {
+ "_id": {
+ "type": "string"
+ },
+ "identifier": {
+ "type": "string"
+ },
+ "name": {
+ "type": "string"
+ },
+ "phone_number": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "tenant": {
+ "type": "string"
+ },
+ "user_id": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "_id",
+ "tenant",
+ "user_id"
+ ],
+ "type": "object"
+ },
+ "failure_details": {
+ "properties": {
+ "errorCode": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "errorCode",
+ "message"
+ ],
+ "type": "object"
+ },
+ "first_factor": {
+ "type": "boolean"
+ },
+ "provider_error": {
+ "properties": {
+ "errorCode": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "errorCode",
+ "message"
+ ],
+ "type": "object"
+ },
+ "remember_browser": {
+ "description": "This is a boolean value indicating whether the browser/device is remembered to bypass MFA challenges within the configured duration.",
+ "type": "boolean"
+ },
+ "request": {
+ "type": "object"
+ },
+ "response": {
+ "type": "object"
+ },
+ "session_id": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ }
+ ]
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "gd_send_pn_failure",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "gd_send_sms": {
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "allOf": [
+ {
+ "properties": {
+ "authenticator": {
+ "properties": {
+ "id": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "phone_number": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "type": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "id",
+ "type"
+ ],
+ "type": "object"
+ },
+ "device_id": {
+ "type": "string"
+ },
+ "enrollment": {
+ "properties": {
+ "_id": {
+ "type": "string"
+ },
+ "identifier": {
+ "type": "string"
+ },
+ "name": {
+ "type": "string"
+ },
+ "phone_number": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "tenant": {
+ "type": "string"
+ },
+ "user_id": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "_id",
+ "tenant",
+ "user_id"
+ ],
+ "type": "object"
+ },
+ "failure_details": {
+ "properties": {
+ "errorCode": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "errorCode",
+ "message"
+ ],
+ "type": "object"
+ },
+ "first_factor": {
+ "type": "boolean"
+ },
+ "provider_error": {
+ "properties": {
+ "errorCode": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "errorCode",
+ "message"
+ ],
+ "type": "object"
+ },
+ "remember_browser": {
+ "description": "This is a boolean value indicating whether the browser/device is remembered to bypass MFA challenges within the configured duration.",
+ "type": "boolean"
+ },
+ "request": {
+ "type": "object"
+ },
+ "response": {
+ "type": "object"
+ },
+ "session_id": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ }
+ ]
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "gd_send_sms",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "gd_send_sms_failure": {
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "allOf": [
+ {
+ "properties": {
+ "authenticator": {
+ "properties": {
+ "id": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "phone_number": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "type": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "id",
+ "type"
+ ],
+ "type": "object"
+ },
+ "device_id": {
+ "type": "string"
+ },
+ "enrollment": {
+ "properties": {
+ "_id": {
+ "type": "string"
+ },
+ "identifier": {
+ "type": "string"
+ },
+ "name": {
+ "type": "string"
+ },
+ "phone_number": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "tenant": {
+ "type": "string"
+ },
+ "user_id": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "_id",
+ "tenant",
+ "user_id"
+ ],
+ "type": "object"
+ },
+ "failure_details": {
+ "properties": {
+ "errorCode": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "errorCode",
+ "message"
+ ],
+ "type": "object"
+ },
+ "first_factor": {
+ "type": "boolean"
+ },
+ "provider_error": {
+ "properties": {
+ "errorCode": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "errorCode",
+ "message"
+ ],
+ "type": "object"
+ },
+ "remember_browser": {
+ "description": "This is a boolean value indicating whether the browser/device is remembered to bypass MFA challenges within the configured duration.",
+ "type": "boolean"
+ },
+ "request": {
+ "type": "object"
+ },
+ "response": {
+ "type": "object"
+ },
+ "session_id": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ }
+ ]
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "gd_send_sms_failure",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "gd_send_voice": {
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "allOf": [
+ {
+ "properties": {
+ "authenticator": {
+ "properties": {
+ "id": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "phone_number": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "type": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "id",
+ "type"
+ ],
+ "type": "object"
+ },
+ "device_id": {
+ "type": "string"
+ },
+ "enrollment": {
+ "properties": {
+ "_id": {
+ "type": "string"
+ },
+ "identifier": {
+ "type": "string"
+ },
+ "name": {
+ "type": "string"
+ },
+ "phone_number": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "tenant": {
+ "type": "string"
+ },
+ "user_id": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "_id",
+ "tenant",
+ "user_id"
+ ],
+ "type": "object"
+ },
+ "failure_details": {
+ "properties": {
+ "errorCode": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "errorCode",
+ "message"
+ ],
+ "type": "object"
+ },
+ "first_factor": {
+ "type": "boolean"
+ },
+ "provider_error": {
+ "properties": {
+ "errorCode": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "errorCode",
+ "message"
+ ],
+ "type": "object"
+ },
+ "remember_browser": {
+ "description": "This is a boolean value indicating whether the browser/device is remembered to bypass MFA challenges within the configured duration.",
+ "type": "boolean"
+ },
+ "request": {
+ "type": "object"
+ },
+ "response": {
+ "type": "object"
+ },
+ "session_id": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ }
+ ]
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "gd_send_voice",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "gd_send_voice_failure": {
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "allOf": [
+ {
+ "properties": {
+ "authenticator": {
+ "properties": {
+ "id": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "phone_number": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "type": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "id",
+ "type"
+ ],
+ "type": "object"
+ },
+ "device_id": {
+ "type": "string"
+ },
+ "enrollment": {
+ "properties": {
+ "_id": {
+ "type": "string"
+ },
+ "identifier": {
+ "type": "string"
+ },
+ "name": {
+ "type": "string"
+ },
+ "phone_number": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "tenant": {
+ "type": "string"
+ },
+ "user_id": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "_id",
+ "tenant",
+ "user_id"
+ ],
+ "type": "object"
+ },
+ "failure_details": {
+ "properties": {
+ "errorCode": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "errorCode",
+ "message"
+ ],
+ "type": "object"
+ },
+ "first_factor": {
+ "type": "boolean"
+ },
+ "provider_error": {
+ "properties": {
+ "errorCode": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "errorCode",
+ "message"
+ ],
+ "type": "object"
+ },
+ "remember_browser": {
+ "description": "This is a boolean value indicating whether the browser/device is remembered to bypass MFA challenges within the configured duration.",
+ "type": "boolean"
+ },
+ "request": {
+ "type": "object"
+ },
+ "response": {
+ "type": "object"
+ },
+ "session_id": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ }
+ ]
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "gd_send_voice_failure",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "gd_start_auth": {
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "allOf": [
+ {
+ "properties": {
+ "authenticator": {
+ "properties": {
+ "id": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "phone_number": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "type": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "id",
+ "type"
+ ],
+ "type": "object"
+ },
+ "device_id": {
+ "type": "string"
+ },
+ "enrollment": {
+ "properties": {
+ "_id": {
+ "type": "string"
+ },
+ "identifier": {
+ "type": "string"
+ },
+ "name": {
+ "type": "string"
+ },
+ "phone_number": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "tenant": {
+ "type": "string"
+ },
+ "user_id": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "_id",
+ "tenant",
+ "user_id"
+ ],
+ "type": "object"
+ },
+ "failure_details": {
+ "properties": {
+ "errorCode": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "errorCode",
+ "message"
+ ],
+ "type": "object"
+ },
+ "first_factor": {
+ "type": "boolean"
+ },
+ "provider_error": {
+ "properties": {
+ "errorCode": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "errorCode",
+ "message"
+ ],
+ "type": "object"
+ },
+ "remember_browser": {
+ "description": "This is a boolean value indicating whether the browser/device is remembered to bypass MFA challenges within the configured duration.",
+ "type": "boolean"
+ },
+ "request": {
+ "type": "object"
+ },
+ "response": {
+ "type": "object"
+ },
+ "session_id": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ }
+ ]
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "gd_start_auth",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "gd_start_enroll": {
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "allOf": [
+ {
+ "properties": {
+ "authenticator": {
+ "properties": {
+ "id": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "phone_number": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "type": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "id",
+ "type"
+ ],
+ "type": "object"
+ },
+ "device_id": {
+ "type": "string"
+ },
+ "enrollment": {
+ "properties": {
+ "_id": {
+ "type": "string"
+ },
+ "identifier": {
+ "type": "string"
+ },
+ "name": {
+ "type": "string"
+ },
+ "phone_number": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "tenant": {
+ "type": "string"
+ },
+ "user_id": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "_id",
+ "tenant",
+ "user_id"
+ ],
+ "type": "object"
+ },
+ "failure_details": {
+ "properties": {
+ "errorCode": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "errorCode",
+ "message"
+ ],
+ "type": "object"
+ },
+ "first_factor": {
+ "type": "boolean"
+ },
+ "provider_error": {
+ "properties": {
+ "errorCode": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "errorCode",
+ "message"
+ ],
+ "type": "object"
+ },
+ "remember_browser": {
+ "description": "This is a boolean value indicating whether the browser/device is remembered to bypass MFA challenges within the configured duration.",
+ "type": "boolean"
+ },
+ "request": {
+ "type": "object"
+ },
+ "response": {
+ "type": "object"
+ },
+ "session_id": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ }
+ ]
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "gd_start_enroll",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "gd_start_enroll_failed": {
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "allOf": [
+ {
+ "properties": {
+ "authenticator": {
+ "properties": {
+ "id": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "phone_number": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "type": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "id",
+ "type"
+ ],
+ "type": "object"
+ },
+ "device_id": {
+ "type": "string"
+ },
+ "enrollment": {
+ "properties": {
+ "_id": {
+ "type": "string"
+ },
+ "identifier": {
+ "type": "string"
+ },
+ "name": {
+ "type": "string"
+ },
+ "phone_number": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "tenant": {
+ "type": "string"
+ },
+ "user_id": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "_id",
+ "tenant",
+ "user_id"
+ ],
+ "type": "object"
+ },
+ "failure_details": {
+ "properties": {
+ "errorCode": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "errorCode",
+ "message"
+ ],
+ "type": "object"
+ },
+ "first_factor": {
+ "type": "boolean"
+ },
+ "provider_error": {
+ "properties": {
+ "errorCode": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "errorCode",
+ "message"
+ ],
+ "type": "object"
+ },
+ "remember_browser": {
+ "description": "This is a boolean value indicating whether the browser/device is remembered to bypass MFA challenges within the configured duration.",
+ "type": "boolean"
+ },
+ "request": {
+ "type": "object"
+ },
+ "response": {
+ "type": "object"
+ },
+ "session_id": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ }
+ ]
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "gd_start_enroll_failed",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "gd_tenant_update": {
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "allOf": [
+ {
+ "properties": {
+ "authenticator": {
+ "properties": {
+ "id": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "phone_number": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "type": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "id",
+ "type"
+ ],
+ "type": "object"
+ },
+ "device_id": {
+ "type": "string"
+ },
+ "enrollment": {
+ "properties": {
+ "_id": {
+ "type": "string"
+ },
+ "identifier": {
+ "type": "string"
+ },
+ "name": {
+ "type": "string"
+ },
+ "phone_number": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "tenant": {
+ "type": "string"
+ },
+ "user_id": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "_id",
+ "tenant",
+ "user_id"
+ ],
+ "type": "object"
+ },
+ "failure_details": {
+ "properties": {
+ "errorCode": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "errorCode",
+ "message"
+ ],
+ "type": "object"
+ },
+ "first_factor": {
+ "type": "boolean"
+ },
+ "provider_error": {
+ "properties": {
+ "errorCode": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "errorCode",
+ "message"
+ ],
+ "type": "object"
+ },
+ "remember_browser": {
+ "description": "This is a boolean value indicating whether the browser/device is remembered to bypass MFA challenges within the configured duration.",
+ "type": "boolean"
+ },
+ "request": {
+ "type": "object"
+ },
+ "response": {
+ "type": "object"
+ },
+ "session_id": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ }
+ ]
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "gd_tenant_update",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "gd_unenroll": {
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "allOf": [
+ {
+ "properties": {
+ "authenticator": {
+ "properties": {
+ "id": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "phone_number": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "type": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "id",
+ "type"
+ ],
+ "type": "object"
+ },
+ "device_id": {
+ "type": "string"
+ },
+ "enrollment": {
+ "properties": {
+ "_id": {
+ "type": "string"
+ },
+ "identifier": {
+ "type": "string"
+ },
+ "name": {
+ "type": "string"
+ },
+ "phone_number": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "tenant": {
+ "type": "string"
+ },
+ "user_id": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "_id",
+ "tenant",
+ "user_id"
+ ],
+ "type": "object"
+ },
+ "failure_details": {
+ "properties": {
+ "errorCode": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "errorCode",
+ "message"
+ ],
+ "type": "object"
+ },
+ "first_factor": {
+ "type": "boolean"
+ },
+ "provider_error": {
+ "properties": {
+ "errorCode": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "errorCode",
+ "message"
+ ],
+ "type": "object"
+ },
+ "remember_browser": {
+ "description": "This is a boolean value indicating whether the browser/device is remembered to bypass MFA challenges within the configured duration.",
+ "type": "boolean"
+ },
+ "request": {
+ "type": "object"
+ },
+ "response": {
+ "type": "object"
+ },
+ "session_id": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ }
+ ]
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "gd_unenroll",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "gd_update_device_account": {
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "allOf": [
+ {
+ "properties": {
+ "authenticator": {
+ "properties": {
+ "id": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "phone_number": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "type": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "id",
+ "type"
+ ],
+ "type": "object"
+ },
+ "device_id": {
+ "type": "string"
+ },
+ "enrollment": {
+ "properties": {
+ "_id": {
+ "type": "string"
+ },
+ "identifier": {
+ "type": "string"
+ },
+ "name": {
+ "type": "string"
+ },
+ "phone_number": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "tenant": {
+ "type": "string"
+ },
+ "user_id": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "_id",
+ "tenant",
+ "user_id"
+ ],
+ "type": "object"
+ },
+ "failure_details": {
+ "properties": {
+ "errorCode": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "errorCode",
+ "message"
+ ],
+ "type": "object"
+ },
+ "first_factor": {
+ "type": "boolean"
+ },
+ "provider_error": {
+ "properties": {
+ "errorCode": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "errorCode",
+ "message"
+ ],
+ "type": "object"
+ },
+ "remember_browser": {
+ "description": "This is a boolean value indicating whether the browser/device is remembered to bypass MFA challenges within the configured duration.",
+ "type": "boolean"
+ },
+ "request": {
+ "type": "object"
+ },
+ "response": {
+ "type": "object"
+ },
+ "session_id": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ }
+ ]
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "gd_update_device_account",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "gd_webauthn_challenge_failed": {
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "allOf": [
+ {
+ "properties": {
+ "authenticator": {
+ "properties": {
+ "id": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "phone_number": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "type": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "id",
+ "type"
+ ],
+ "type": "object"
+ },
+ "device_id": {
+ "type": "string"
+ },
+ "enrollment": {
+ "properties": {
+ "_id": {
+ "type": "string"
+ },
+ "identifier": {
+ "type": "string"
+ },
+ "name": {
+ "type": "string"
+ },
+ "phone_number": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "tenant": {
+ "type": "string"
+ },
+ "user_id": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "_id",
+ "tenant",
+ "user_id"
+ ],
+ "type": "object"
+ },
+ "failure_details": {
+ "properties": {
+ "errorCode": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "errorCode",
+ "message"
+ ],
+ "type": "object"
+ },
+ "first_factor": {
+ "type": "boolean"
+ },
+ "provider_error": {
+ "properties": {
+ "errorCode": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "errorCode",
+ "message"
+ ],
+ "type": "object"
+ },
+ "remember_browser": {
+ "description": "This is a boolean value indicating whether the browser/device is remembered to bypass MFA challenges within the configured duration.",
+ "type": "boolean"
+ },
+ "request": {
+ "type": "object"
+ },
+ "response": {
+ "type": "object"
+ },
+ "session_id": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ }
+ ]
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "gd_webauthn_challenge_failed",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "gd_webauthn_enrollment_failed": {
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "allOf": [
+ {
+ "properties": {
+ "authenticator": {
+ "properties": {
+ "id": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "phone_number": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "type": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "id",
+ "type"
+ ],
+ "type": "object"
+ },
+ "device_id": {
+ "type": "string"
+ },
+ "enrollment": {
+ "properties": {
+ "_id": {
+ "type": "string"
+ },
+ "identifier": {
+ "type": "string"
+ },
+ "name": {
+ "type": "string"
+ },
+ "phone_number": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "tenant": {
+ "type": "string"
+ },
+ "user_id": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "_id",
+ "tenant",
+ "user_id"
+ ],
+ "type": "object"
+ },
+ "failure_details": {
+ "properties": {
+ "errorCode": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "errorCode",
+ "message"
+ ],
+ "type": "object"
+ },
+ "first_factor": {
+ "type": "boolean"
+ },
+ "provider_error": {
+ "properties": {
+ "errorCode": {
+ "type": "string"
+ },
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "errorCode",
+ "message"
+ ],
+ "type": "object"
+ },
+ "remember_browser": {
+ "description": "This is a boolean value indicating whether the browser/device is remembered to bypass MFA challenges within the configured duration.",
+ "type": "boolean"
+ },
+ "request": {
+ "type": "object"
+ },
+ "response": {
+ "type": "object"
+ },
+ "session_id": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ }
+ ]
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "gd_webauthn_enrollment_failed",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "idjag_exchange_failed": {
+ "description": "Failed Exchange of Identity Assertion Authorization Grant JWT for Access Token",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "audience": {
+ "description": "The audience in the JWT associated with the request.",
+ "type": "string"
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP from which we got the request. Note that this does not follow forwarded-for headers unlike the `ip` field which aims at describing the IP of the end user."
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "organization_id": {
+ "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.",
+ "type": "string"
+ },
+ "organization_name": {
+ "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.",
+ "type": "string"
+ },
+ "scope": {
+ "anyOf": [
+ {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`"
+ },
+ "security_context": {
+ "properties": {
+ "ja3": {
+ "description": "JA3 fingerprint. Could be undefined.",
+ "type": "string"
+ },
+ "ja4": {
+ "description": "JA4 fingerprint. Could be undefined.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "idjag_exchange_failed",
+ "description": "Failed Exchange of Identity Assertion Authorization Grant JWT for Access Token",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "audience",
+ "client_name",
+ "description",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "idjag_exchange_succeeded": {
+ "description": "Successful Exchange of Identity Assertion Authorization Grant JWT for Access Token",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "audience": {
+ "description": "The audience in the JWT associated with the request.",
+ "type": "string"
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP from which we got the request. Note that this does not follow forwarded-for headers unlike the `ip` field which aims at describing the IP of the end user."
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "access_token_jti": {
+ "type": "string"
+ },
+ "actions": {
+ "properties": {
+ "executions": {
+ "description": "List of executions triggered by this auth flow. Executions can be retrieved with https://auth0.com/docs/api/management/v2/actions/get-execution",
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ }
+ },
+ "required": [
+ "executions"
+ ],
+ "type": "object"
+ }
+ },
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "mtls_thumbprint_sha256": {
+ "description": "Representation of the client certificate used to authenticate the client as per RFC 8705 section 3.1. Only included in authorization and token exchanges using mtls as a client authentication method.",
+ "type": "string"
+ },
+ "organization_id": {
+ "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.",
+ "type": "string"
+ },
+ "organization_name": {
+ "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.",
+ "type": "string"
+ },
+ "scope": {
+ "anyOf": [
+ {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`"
+ },
+ "security_context": {
+ "properties": {
+ "ja3": {
+ "description": "JA3 fingerprint. Could be undefined.",
+ "type": "string"
+ },
+ "ja4": {
+ "description": "JA4 fingerprint. Could be undefined.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "idjag_exchange_succeeded",
+ "description": "Successful Exchange of Identity Assertion Authorization Grant JWT for Access Token",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "audience",
+ "client_name",
+ "description",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "jwt_bearer_exchange_failed": {
+ "description": "Failed Exchange of JWT Bearer Assertion for Access Token",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "audience": {
+ "description": "The audience in the JWT associated with the request.",
+ "type": "string"
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP from which we got the request. Note that this does not follow forwarded-for headers unlike the `ip` field which aims at describing the IP of the end user."
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "organization_id": {
+ "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.",
+ "type": "string"
+ },
+ "organization_name": {
+ "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.",
+ "type": "string"
+ },
+ "scope": {
+ "anyOf": [
+ {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`"
+ },
+ "security_context": {
+ "properties": {
+ "ja3": {
+ "description": "JA3 fingerprint. Could be undefined.",
+ "type": "string"
+ },
+ "ja4": {
+ "description": "JA4 fingerprint. Could be undefined.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "jwt_bearer_exchange_failed",
+ "description": "Failed Exchange of JWT Bearer Assertion for Access Token",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "audience",
+ "client_name",
+ "description",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "kms_key_management_failure": {
+ "description": "Failed KMS API operation",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "kms_key_management_failure",
+ "description": "Failed KMS API operation",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "description",
+ "environment_name",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "kms_key_management_success": {
+ "description": "Successful KMS API operation",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "id": {
+ "type": "string"
+ },
+ "state": {
+ "type": "string"
+ },
+ "type": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "kms_key_management_success",
+ "description": "Successful KMS API operation",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "description",
+ "environment_name",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "kms_key_state_changed": {
+ "description": "KMS key state change",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "id": {
+ "type": "string"
+ },
+ "state": {
+ "type": "string"
+ },
+ "type": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "id",
+ "type",
+ "state"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "kms_key_state_changed",
+ "description": "KMS key state change",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "description",
+ "details",
+ "environment_name",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "limit_delegation": {
+ "description": "A user is temporarily prevented from logging in because of too many delegation requests",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "limit_delegation",
+ "description": "Blocked Account - Too many Delegation requests",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "description",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "limit_mu": {
+ "description": "An IP address is blocked because it attempted too many failed logins without a successful login. Or an IP address is blocked because it attempted too many sign-ups, whether successful or failed.",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "flow": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "security_context": {
+ "properties": {
+ "ja3": {
+ "description": "JA3 fingerprint. Could be undefined.",
+ "type": "string"
+ },
+ "ja4": {
+ "description": "JA4 fingerprint. Could be undefined.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "limit_mu",
+ "description": "Blocked Account - Too many attempts or signups",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "limit_sul": {
+ "description": "A user is temporarily prevented from logging in because they reached the maximum logins per time period from the same IP address",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "security_context": {
+ "properties": {
+ "ja3": {
+ "description": "JA3 fingerprint. Could be undefined.",
+ "type": "string"
+ },
+ "ja4": {
+ "description": "JA4 fingerprint. Could be undefined.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "limit_sul",
+ "description": "Blocked Account - Logins per IP",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "limit_wc": {
+ "description": "An IP address is blocked because it reached the maximum failed login attempts into a single account.",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "security_context": {
+ "properties": {
+ "ja3": {
+ "description": "JA3 fingerprint. Could be undefined.",
+ "type": "string"
+ },
+ "ja4": {
+ "description": "JA4 fingerprint. Could be undefined.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "limit_wc",
+ "description": "Blocked Account - Failed Logins",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "mfar": {
+ "description": "A user has been prompted for multi-factor authentication (MFA). When using Adaptive MFA, Auth0 includes details about the risk assessment",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP from which we got the request. Note that this does not follow forwarded-for headers unlike the `ip` field which aims at describing the IP of the end user."
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "assessments": {
+ "properties": {
+ "ImpossibleTravel": {
+ "properties": {
+ "code": {
+ "type": "string"
+ },
+ "confidence": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "code",
+ "confidence"
+ ],
+ "type": "object"
+ },
+ "UntrustedIP": {
+ "properties": {
+ "code": {
+ "type": "string"
+ },
+ "confidence": {
+ "type": "string"
+ },
+ "details": {
+ "properties": {
+ "ip": {
+ "type": "string"
+ },
+ "matches": {
+ "type": "string"
+ },
+ "source": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "ip",
+ "matches",
+ "source"
+ ],
+ "type": "object"
+ }
+ },
+ "required": [
+ "code",
+ "confidence",
+ "details"
+ ],
+ "type": "object"
+ }
+ },
+ "type": "object"
+ },
+ "confidence": {
+ "type": "string"
+ },
+ "grant_type": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "confidence",
+ "version"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "organization_id": {
+ "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.",
+ "type": "string"
+ },
+ "organization_name": {
+ "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.",
+ "type": "string"
+ },
+ "strategy": {
+ "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.",
+ "examples": [
+ [
+ "auth0",
+ "waad",
+ "oktawic",
+ "google-oauth2"
+ ]
+ ],
+ "type": "string"
+ },
+ "strategy_type": {
+ "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.",
+ "examples": [
+ [
+ "database",
+ "social",
+ "enterprise"
+ ]
+ ],
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "mfar",
+ "description": "MFA Required",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "strategy",
+ "strategy_type",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "mgmt_api_read": {
+ "description": "Successful GET request on the management API. This event will only be emitted if a secret is returned.",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "accessedSecrets": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "request": {
+ "properties": {
+ "auth": {
+ "properties": {
+ "credentials": {
+ "anyOf": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "null"
+ },
+ {
+ "properties": {
+ "jti": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ }
+ ]
+ },
+ "strategy": {
+ "type": "string"
+ },
+ "user": {
+ "anyOf": [
+ {
+ "type": "string"
+ },
+ {
+ "properties": {
+ "email": {
+ "type": "string"
+ },
+ "name": {
+ "type": "string"
+ },
+ "user_id": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "email",
+ "name"
+ ],
+ "type": "object"
+ }
+ ]
+ }
+ },
+ "required": [
+ "credentials",
+ "strategy",
+ "user"
+ ],
+ "type": "object"
+ },
+ "channel": {
+ "type": "string"
+ },
+ "ip": {
+ "type": "string"
+ },
+ "method": {
+ "type": "string"
+ },
+ "path": {
+ "type": "string"
+ },
+ "query": {
+ "type": "object"
+ },
+ "userAgent": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "auth",
+ "channel",
+ "ip",
+ "method",
+ "path",
+ "query",
+ "userAgent"
+ ],
+ "type": "object"
+ },
+ "response": {
+ "properties": {
+ "body": {
+ "anyOf": [
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ]
+ },
+ "statusCode": {
+ "type": "number"
+ }
+ },
+ "required": [
+ "statusCode",
+ "body"
+ ],
+ "type": "object"
+ }
+ },
+ "required": [
+ "accessedSecrets",
+ "request",
+ "response"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "mgmt_api_read",
+ "description": "Management API Read Operation",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "my_account_authentication_method_failed": {
+ "description": "Failed authentication method operation in My Account API",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "authentication_method": {
+ "type": "string"
+ },
+ "authentication_method_id": {
+ "type": "string"
+ },
+ "error": {
+ "properties": {
+ "detail": {
+ "type": "string"
+ },
+ "status": {
+ "type": "number"
+ },
+ "title": {
+ "type": "string"
+ },
+ "type": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "operation": {
+ "type": "string"
+ },
+ "request": {
+ "properties": {
+ "method": {
+ "type": "string"
+ },
+ "path": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "session_id": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "operation"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "my_account_authentication_method_failed",
+ "description": "Failed authentication method operation in My Account API",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "description",
+ "details",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "my_account_authentication_method_succeeded": {
+ "description": "Successful authentication method operation in My Account API",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "authentication_method": {
+ "type": "string"
+ },
+ "authentication_method_id": {
+ "type": "string"
+ },
+ "operation": {
+ "type": "string"
+ },
+ "request": {
+ "properties": {
+ "method": {
+ "type": "string"
+ },
+ "path": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "session_id": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "operation"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "my_account_authentication_method_succeeded",
+ "description": "Successful authentication method operation in My Account API",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "description",
+ "details",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "oidc_backchannel_logout_failed": {
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "errors": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "initiator": {
+ "type": "string"
+ },
+ "request": {
+ "properties": {
+ "backchannel_logout_uri": {
+ "type": "string"
+ },
+ "method": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "method",
+ "backchannel_logout_uri"
+ ],
+ "type": "object"
+ },
+ "response": {
+ "properties": {
+ "statusCode": {
+ "type": "number"
+ }
+ },
+ "required": [
+ "statusCode"
+ ],
+ "type": "object"
+ },
+ "session_metadata": {
+ "additionalProperties": {
+ "type": "string"
+ },
+ "type": "object"
+ }
+ },
+ "required": [
+ "request",
+ "response",
+ "initiator"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "oidc_backchannel_logout_failed",
+ "description": "Failed OIDC Back-Channel Logout request",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "oidc_backchannel_logout_succeeded": {
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "errors": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "initiator": {
+ "type": "string"
+ },
+ "request": {
+ "properties": {
+ "backchannel_logout_uri": {
+ "type": "string"
+ },
+ "method": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "method",
+ "backchannel_logout_uri"
+ ],
+ "type": "object"
+ },
+ "response": {
+ "properties": {
+ "statusCode": {
+ "type": "number"
+ }
+ },
+ "required": [
+ "statusCode"
+ ],
+ "type": "object"
+ },
+ "session_metadata": {
+ "additionalProperties": {
+ "type": "string"
+ },
+ "type": "object"
+ }
+ },
+ "required": [
+ "request",
+ "response",
+ "initiator"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "oidc_backchannel_logout_succeeded",
+ "description": "Successful OIDC Back-Channel Logout request",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "organization_member_added": {
+ "description": "Organization Member Added Operation",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "reason": {
+ "enum": [
+ "invitation",
+ "auto_membership"
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "reason"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "organization_id": {
+ "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.",
+ "type": "string"
+ },
+ "organization_name": {
+ "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.",
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "organization_member_added",
+ "description": "Organization Member Added Operation *",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "passkey_challenge_failed": {
+ "description": "A native passkey challenge failed",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "error": {
+ "properties": {
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "message"
+ ],
+ "type": "object"
+ },
+ "purpose": {
+ "description": "Purpose of the challenge. Possible values: \"register\" or \"login\"",
+ "enum": [
+ "register",
+ "login"
+ ],
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "organization_id": {
+ "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.",
+ "type": "string"
+ },
+ "organization_name": {
+ "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "passkey_challenge_failed",
+ "description": "A native passkey challenge failed",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "passkey_challenge_started": {
+ "description": "A native passkey challenge was successfully initiated",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "actions": {
+ "properties": {
+ "executions": {
+ "description": "List of executions triggered by this auth flow. Executions can be retrieved with https://auth0.com/docs/api/management/v2/actions/get-execution",
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ }
+ },
+ "required": [
+ "executions"
+ ],
+ "type": "object"
+ },
+ "completedAt": {
+ "type": "number"
+ },
+ "elapsedTime": {
+ "type": [
+ "number",
+ "null"
+ ]
+ },
+ "initiatedAt": {
+ "type": "number"
+ },
+ "prompts": {
+ "items": {
+ "properties": {
+ "coi": {
+ "type": "string"
+ },
+ "completedAt": {
+ "type": "number"
+ },
+ "connection": {
+ "type": "string"
+ },
+ "connection_id": {
+ "type": "string"
+ },
+ "cov": {
+ "type": "string"
+ },
+ "elapsedTime": {
+ "type": [
+ "number",
+ "null"
+ ]
+ },
+ "flow": {
+ "type": "string"
+ },
+ "grantInfo": {
+ "properties": {
+ "audience": {
+ "type": "string"
+ },
+ "expiration": {
+ "type": "string"
+ },
+ "id": {
+ "type": "string"
+ },
+ "scope": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "identity": {
+ "type": [
+ "string",
+ "number"
+ ]
+ },
+ "initiatedAt": {
+ "type": "number"
+ },
+ "name": {
+ "type": "string"
+ },
+ "passwordless_amr": {
+ "type": "string"
+ },
+ "performed_acr": {
+ "anyOf": [
+ {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "type": "null"
+ }
+ ]
+ },
+ "performed_amr": {
+ "anyOf": [
+ {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "type": "null"
+ }
+ ]
+ },
+ "provider": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "requiredCaptcha": {
+ "type": "boolean"
+ },
+ "session": {
+ "type": "boolean"
+ },
+ "session_id": {
+ "type": "string"
+ },
+ "stats": {
+ "properties": {
+ "loginsCount": {
+ "description": "The number of logins this user has done, if available. Logins done with a valid username and password always increment this count, even if further steps in the process cause the login to fail (MFA, extensibility, etc.) Null values should be treated as missing data and not as 0.",
+ "type": [
+ "number",
+ "null"
+ ]
+ }
+ },
+ "required": [
+ "loginsCount"
+ ],
+ "type": "object"
+ },
+ "strategy": {
+ "type": "string"
+ },
+ "timers": {
+ "properties": {
+ "rules": {
+ "type": "number"
+ }
+ },
+ "type": "object"
+ },
+ "url": {
+ "type": "string"
+ },
+ "user_id": {
+ "type": "string"
+ },
+ "user_name": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "requiredCaptcha",
+ "session_id"
+ ],
+ "type": "object"
+ },
+ "type": "array"
+ },
+ "purpose": {
+ "description": "Purpose of the challenge. Possible values: \"register\" or \"login\"",
+ "enum": [
+ "register",
+ "login"
+ ],
+ "type": "string"
+ },
+ "riskAssessment": {
+ "properties": {
+ "assessments": {
+ "description": "Risk assessment results keyed by assessor name.",
+ "properties": {
+ "ImpossibleTravel": {
+ "description": "Flags logins from geographically distant locations within a short time window.",
+ "properties": {
+ "code": {
+ "description": "Assessment result code.",
+ "type": "string"
+ },
+ "confidence": {
+ "description": "Confidence level of the assessment.",
+ "type": "string"
+ }
+ },
+ "required": [
+ "code",
+ "confidence"
+ ],
+ "type": "object"
+ },
+ "NewDevice": {
+ "description": "Flags logins from a device not previously seen for the user.",
+ "properties": {
+ "code": {
+ "description": "Assessment result code.",
+ "type": "string"
+ },
+ "confidence": {
+ "description": "Confidence level of the assessment.",
+ "type": "string"
+ },
+ "details": {
+ "properties": {
+ "device": {
+ "description": "Device identifier.",
+ "type": "string"
+ },
+ "useragent": {
+ "description": "User agent string associated with the device.",
+ "type": "string"
+ }
+ },
+ "required": [
+ "device"
+ ],
+ "type": "object"
+ }
+ },
+ "required": [
+ "code",
+ "confidence"
+ ],
+ "type": "object"
+ },
+ "UntrustedIP": {
+ "description": "Flags logins from IPs listed in threat intelligence sources.",
+ "properties": {
+ "code": {
+ "description": "Assessment result code.",
+ "type": "string"
+ },
+ "confidence": {
+ "description": "Confidence level of the assessment.",
+ "type": "string"
+ },
+ "details": {
+ "properties": {
+ "ip": {
+ "description": "IP address that triggered the assessment.",
+ "type": "string"
+ },
+ "matches": {
+ "description": "Threat category matched.",
+ "type": "string"
+ },
+ "source": {
+ "description": "Threat intelligence source.",
+ "type": "string"
+ }
+ },
+ "required": [
+ "ip",
+ "matches",
+ "source"
+ ],
+ "type": "object"
+ }
+ },
+ "required": [
+ "code",
+ "confidence"
+ ],
+ "type": "object"
+ }
+ },
+ "required": [
+ "UntrustedIP"
+ ],
+ "type": "object"
+ },
+ "confidence": {
+ "description": "Overall confidence level of the risk assessment.",
+ "type": "string"
+ },
+ "version": {
+ "description": "Risk assessment engine version.",
+ "type": "string"
+ }
+ },
+ "required": [
+ "assessments",
+ "confidence",
+ "version"
+ ],
+ "type": "object"
+ },
+ "session": {
+ "properties": {
+ "cookie": {
+ "properties": {
+ "mode": {
+ "enum": [
+ "persistent",
+ "non-persistent"
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "mode"
+ ],
+ "type": "object"
+ },
+ "idp_session_expiry": {
+ "type": "number"
+ }
+ },
+ "required": [
+ "cookie"
+ ],
+ "type": "object"
+ },
+ "session_id": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "organization_id": {
+ "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.",
+ "type": "string"
+ },
+ "organization_name": {
+ "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "passkey_challenge_started",
+ "description": "A native passkey challenge was successfully initiated",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "pla": {
+ "description": "Generated before a login and helps in monitoring the behavior of bot detection without having to enable it.",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "ipOnAllowlist": {
+ "type": "boolean"
+ },
+ "requiresVerification": {
+ "type": "boolean"
+ },
+ "requiresVerificationForSignupFlow": {
+ "type": "boolean"
+ },
+ "session_id": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "ipOnAllowlist",
+ "requiresVerification",
+ "session_id"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "pla",
+ "description": "Pre-Login Assessment",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "pwd_leak": {
+ "description": "Someone behind the IP address ip attempted to login with a leaked password",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "security_context": {
+ "properties": {
+ "ja3": {
+ "description": "JA3 fingerprint. Could be undefined.",
+ "type": "string"
+ },
+ "ja4": {
+ "description": "JA4 fingerprint. Could be undefined.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "pwd_leak",
+ "description": "Breached Password - Login",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "reset_pwd_leak": {
+ "description": "Someone behind the IP address ip attempted to reset with a leaked password",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "security_context": {
+ "properties": {
+ "ja3": {
+ "description": "JA3 fingerprint. Could be undefined.",
+ "type": "string"
+ },
+ "ja4": {
+ "description": "JA4 fingerprint. Could be undefined.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "reset_pwd_leak",
+ "description": "Breached Password - Reset",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "resource_cleanup": {
+ "description": "Emitted when resources exceeding defined limits were removed. Normally related to refresh tokens",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "endCount": {
+ "type": "number"
+ },
+ "removedCount": {
+ "type": "number"
+ },
+ "resource": {
+ "type": "string"
+ },
+ "start": {
+ "type": "number"
+ }
+ },
+ "required": [
+ "start",
+ "removedCount",
+ "endCount"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "resource_cleanup",
+ "description": "Refresh Token Excess Warning",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "rich_consents_access_error": {
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "error": {
+ "properties": {
+ "message": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "message"
+ ],
+ "type": "object"
+ },
+ "requestedRichConsentId": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "error",
+ "requestedRichConsentId"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "rich_consents_access_error",
+ "description": "Failed get rich consent record request",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "description",
+ "details",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "s": {
+ "description": "Successful Login",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "actions": {
+ "properties": {
+ "executions": {
+ "description": "List of executions triggered by this auth flow. Executions can be retrieved with https://auth0.com/docs/api/management/v2/actions/get-execution",
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ }
+ },
+ "required": [
+ "executions"
+ ],
+ "type": "object"
+ },
+ "channel": {
+ "description": "Whether connection is front or back channel",
+ "type": "string"
+ },
+ "completedAt": {
+ "type": "number"
+ },
+ "dpop_nonce_used": {
+ "description": "True if a DPoP nonce was used due to an upstream nonce challenge during the DPoP handshake. Only present for DPoP-enabled connections.",
+ "type": "boolean"
+ },
+ "dpop_signing_alg": {
+ "description": "Algorithm used for DPoP proof signing. Only present for DPoP-enabled connections.",
+ "type": "string"
+ },
+ "elapsedTime": {
+ "type": [
+ "number",
+ "null"
+ ]
+ },
+ "id_token_signing_alg": {
+ "description": "The verification algorithm used to validate the ID token from the upstream OIDC connection. Indicates the signing algorithm (e.g., RS256, ES256) that was used by the Identity Provider to sign the ID token. Only present for OIDC connections.",
+ "type": "string"
+ },
+ "idp_token_type": {
+ "description": "Token type returned by the identity provider. Only present for DPoP-enabled connections.",
+ "type": "string"
+ },
+ "initiatedAt": {
+ "type": "number"
+ },
+ "prompts": {
+ "items": {
+ "properties": {
+ "coi": {
+ "type": "string"
+ },
+ "completedAt": {
+ "type": "number"
+ },
+ "connection": {
+ "type": "string"
+ },
+ "connection_id": {
+ "type": "string"
+ },
+ "cov": {
+ "type": "string"
+ },
+ "elapsedTime": {
+ "type": [
+ "number",
+ "null"
+ ]
+ },
+ "flow": {
+ "type": "string"
+ },
+ "grantInfo": {
+ "properties": {
+ "audience": {
+ "type": "string"
+ },
+ "expiration": {
+ "type": "string"
+ },
+ "id": {
+ "type": "string"
+ },
+ "scope": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "identity": {
+ "type": [
+ "string",
+ "number"
+ ]
+ },
+ "initiatedAt": {
+ "type": "number"
+ },
+ "name": {
+ "type": "string"
+ },
+ "passwordless_amr": {
+ "type": "string"
+ },
+ "performed_acr": {
+ "anyOf": [
+ {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "type": "null"
+ }
+ ]
+ },
+ "performed_amr": {
+ "anyOf": [
+ {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "type": "null"
+ }
+ ]
+ },
+ "provider": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "requiredCaptcha": {
+ "type": "boolean"
+ },
+ "session": {
+ "type": "boolean"
+ },
+ "session_id": {
+ "type": "string"
+ },
+ "stats": {
+ "properties": {
+ "loginsCount": {
+ "description": "The number of logins this user has done, if available. Logins done with a valid username and password always increment this count, even if further steps in the process cause the login to fail (MFA, extensibility, etc.) Null values should be treated as missing data and not as 0.",
+ "type": [
+ "number",
+ "null"
+ ]
+ }
+ },
+ "required": [
+ "loginsCount"
+ ],
+ "type": "object"
+ },
+ "strategy": {
+ "type": "string"
+ },
+ "timers": {
+ "properties": {
+ "rules": {
+ "type": "number"
+ }
+ },
+ "type": "object"
+ },
+ "url": {
+ "type": "string"
+ },
+ "user_id": {
+ "type": "string"
+ },
+ "user_name": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "requiredCaptcha",
+ "session_id"
+ ],
+ "type": "object"
+ },
+ "type": "array"
+ },
+ "requested_client_id": {
+ "description": "The client_id from the request. The actual client_id will appear in the top level client_id property.",
+ "type": "string"
+ },
+ "riskAssessment": {
+ "properties": {
+ "assessments": {
+ "description": "Risk assessment results keyed by assessor name.",
+ "properties": {
+ "ImpossibleTravel": {
+ "description": "Flags logins from geographically distant locations within a short time window.",
+ "properties": {
+ "code": {
+ "description": "Assessment result code.",
+ "type": "string"
+ },
+ "confidence": {
+ "description": "Confidence level of the assessment.",
+ "type": "string"
+ }
+ },
+ "required": [
+ "code",
+ "confidence"
+ ],
+ "type": "object"
+ },
+ "NewDevice": {
+ "description": "Flags logins from a device not previously seen for the user.",
+ "properties": {
+ "code": {
+ "description": "Assessment result code.",
+ "type": "string"
+ },
+ "confidence": {
+ "description": "Confidence level of the assessment.",
+ "type": "string"
+ },
+ "details": {
+ "properties": {
+ "device": {
+ "description": "Device identifier.",
+ "type": "string"
+ },
+ "useragent": {
+ "description": "User agent string associated with the device.",
+ "type": "string"
+ }
+ },
+ "required": [
+ "device"
+ ],
+ "type": "object"
+ }
+ },
+ "required": [
+ "code",
+ "confidence"
+ ],
+ "type": "object"
+ },
+ "UntrustedIP": {
+ "description": "Flags logins from IPs listed in threat intelligence sources.",
+ "properties": {
+ "code": {
+ "description": "Assessment result code.",
+ "type": "string"
+ },
+ "confidence": {
+ "description": "Confidence level of the assessment.",
+ "type": "string"
+ },
+ "details": {
+ "properties": {
+ "ip": {
+ "description": "IP address that triggered the assessment.",
+ "type": "string"
+ },
+ "matches": {
+ "description": "Threat category matched.",
+ "type": "string"
+ },
+ "source": {
+ "description": "Threat intelligence source.",
+ "type": "string"
+ }
+ },
+ "required": [
+ "ip",
+ "matches",
+ "source"
+ ],
+ "type": "object"
+ }
+ },
+ "required": [
+ "code",
+ "confidence"
+ ],
+ "type": "object"
+ }
+ },
+ "required": [
+ "UntrustedIP"
+ ],
+ "type": "object"
+ },
+ "confidence": {
+ "description": "Overall confidence level of the risk assessment.",
+ "type": "string"
+ },
+ "version": {
+ "description": "Risk assessment engine version.",
+ "type": "string"
+ }
+ },
+ "required": [
+ "assessments",
+ "confidence",
+ "version"
+ ],
+ "type": "object"
+ },
+ "saml_certificate_thumbprint": {
+ "description": "SHA-1 thumbprint of the certificate used to validate the SAML assertion signature from the upstream identity provider. Only present for SAML/SAMLp connections.",
+ "type": "string"
+ },
+ "session": {
+ "properties": {
+ "cookie": {
+ "properties": {
+ "mode": {
+ "enum": [
+ "persistent",
+ "non-persistent"
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "mode"
+ ],
+ "type": "object"
+ },
+ "idp_session_expiry": {
+ "type": "number"
+ }
+ },
+ "required": [
+ "cookie"
+ ],
+ "type": "object"
+ },
+ "session_id": {
+ "type": "string"
+ },
+ "token_endpoint_auth_method": {
+ "description": "Token endpoint authentication method",
+ "type": "string"
+ },
+ "token_endpoint_auth_signing_alg": {
+ "description": "Token endpoint authentication signing algorithm. Only available when token_endpoint_auth_method is private_key_jwt.",
+ "type": "string"
+ },
+ "token_endpoint_auth_signing_kid": {
+ "description": "Key ID used to sign client_assertions sent to upstream IdP. Only available when token_endpoint_auth_method is private_key_jwt.",
+ "type": "string"
+ },
+ "transaction_id": {
+ "description": "Transaction ID to correlate log events that belong to the same authentication transaction.",
+ "type": "string"
+ },
+ "triggered_by_session_transfer_token": {
+ "description": "Whether a Session Transfer Token was used for authentication",
+ "type": "boolean"
+ },
+ "upstream_userinfo_fetch": {
+ "description": "Details about the upstream userinfo endpoint fetch. Only populated if the userinfo_endpoint was called for the transaction. Only present for OIDC/Okta connections.",
+ "properties": {
+ "dpop_bound": {
+ "description": "True if the request to the userinfo endpoint was bound with DPoP. Only present and set to true if the request was successfully DPoP-bound.",
+ "type": "boolean"
+ },
+ "status": {
+ "description": "Indicates the outcome of the userinfo endpoint call.",
+ "enum": [
+ "SUCCESS",
+ "FAILURE"
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "status"
+ ],
+ "type": "object"
+ }
+ },
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "organization_id": {
+ "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.",
+ "type": "string"
+ },
+ "organization_name": {
+ "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "security_context": {
+ "properties": {
+ "ja3": {
+ "description": "JA3 fingerprint. Could be undefined.",
+ "type": "string"
+ },
+ "ja4": {
+ "description": "JA4 fingerprint. Could be undefined.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "strategy": {
+ "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.",
+ "examples": [
+ [
+ "auth0",
+ "waad",
+ "oktawic",
+ "google-oauth2"
+ ]
+ ],
+ "type": "string"
+ },
+ "strategy_type": {
+ "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.",
+ "examples": [
+ [
+ "database",
+ "social",
+ "enterprise"
+ ]
+ ],
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "s",
+ "description": "Successful Login",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "strategy",
+ "strategy_type",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "sapi": {
+ "description": "Successful API Operation Only emitted by the Management API on POST, DELETE, PATCH, and PUT",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "accessedSecrets": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "request": {
+ "type": "object"
+ },
+ "response": {
+ "type": "object"
+ }
+ },
+ "required": [
+ "request",
+ "response"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "sapi",
+ "description": "Successful API Operation",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user executing the action, when available. For machine to machine auth flows, this field may contain an empty string.",
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "sce": {
+ "description": "Successful Change Email",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "body": {
+ "properties": {
+ "client_id": {
+ "type": "string"
+ },
+ "connection": {
+ "type": "string"
+ },
+ "email": {
+ "type": "string"
+ },
+ "email_verified": {
+ "type": "string"
+ },
+ "newEmail": {
+ "type": "string"
+ },
+ "tenant": {
+ "type": "string"
+ },
+ "user_id": {
+ "type": "string"
+ },
+ "verify": {
+ "type": "boolean"
+ }
+ },
+ "required": [
+ "client_id",
+ "connection",
+ "email",
+ "email_verified",
+ "newEmail",
+ "user_id",
+ "tenant",
+ "verify"
+ ],
+ "type": "object"
+ }
+ },
+ "required": [
+ "body"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "strategy": {
+ "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.",
+ "examples": [
+ [
+ "auth0",
+ "waad",
+ "oktawic",
+ "google-oauth2"
+ ]
+ ],
+ "type": "string"
+ },
+ "strategy_type": {
+ "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.",
+ "examples": [
+ [
+ "database",
+ "social",
+ "enterprise"
+ ]
+ ],
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "sce",
+ "description": "Successful Change Email",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "strategy",
+ "strategy_type",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "scoa": {
+ "description": "Successful Cross-Origin Authentication",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "actions": {
+ "properties": {
+ "executions": {
+ "description": "List of executions triggered by this auth flow. Executions can be retrieved with https://auth0.com/docs/api/management/v2/actions/get-execution",
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ }
+ },
+ "required": [
+ "executions"
+ ],
+ "type": "object"
+ },
+ "completedAt": {
+ "type": "number"
+ },
+ "elapsedTime": {
+ "type": [
+ "number",
+ "null"
+ ]
+ },
+ "initiatedAt": {
+ "type": "number"
+ },
+ "prompts": {
+ "items": {
+ "properties": {
+ "coi": {
+ "type": "string"
+ },
+ "completedAt": {
+ "type": "number"
+ },
+ "connection": {
+ "type": "string"
+ },
+ "connection_id": {
+ "type": "string"
+ },
+ "cov": {
+ "type": "string"
+ },
+ "elapsedTime": {
+ "type": [
+ "number",
+ "null"
+ ]
+ },
+ "flow": {
+ "type": "string"
+ },
+ "grantInfo": {
+ "properties": {
+ "audience": {
+ "type": "string"
+ },
+ "expiration": {
+ "type": "string"
+ },
+ "id": {
+ "type": "string"
+ },
+ "scope": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "identity": {
+ "type": [
+ "string",
+ "number"
+ ]
+ },
+ "initiatedAt": {
+ "type": "number"
+ },
+ "name": {
+ "type": "string"
+ },
+ "passwordless_amr": {
+ "type": "string"
+ },
+ "performed_acr": {
+ "anyOf": [
+ {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "type": "null"
+ }
+ ]
+ },
+ "performed_amr": {
+ "anyOf": [
+ {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "type": "null"
+ }
+ ]
+ },
+ "provider": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "requiredCaptcha": {
+ "type": "boolean"
+ },
+ "session": {
+ "type": "boolean"
+ },
+ "session_id": {
+ "type": "string"
+ },
+ "stats": {
+ "properties": {
+ "loginsCount": {
+ "description": "The number of logins this user has done, if available. Logins done with a valid username and password always increment this count, even if further steps in the process cause the login to fail (MFA, extensibility, etc.) Null values should be treated as missing data and not as 0.",
+ "type": [
+ "number",
+ "null"
+ ]
+ }
+ },
+ "required": [
+ "loginsCount"
+ ],
+ "type": "object"
+ },
+ "strategy": {
+ "type": "string"
+ },
+ "timers": {
+ "properties": {
+ "rules": {
+ "type": "number"
+ }
+ },
+ "type": "object"
+ },
+ "url": {
+ "type": "string"
+ },
+ "user_id": {
+ "type": "string"
+ },
+ "user_name": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "requiredCaptcha",
+ "session_id"
+ ],
+ "type": "object"
+ },
+ "type": "array"
+ },
+ "riskAssessment": {
+ "properties": {
+ "assessments": {
+ "description": "Risk assessment results keyed by assessor name.",
+ "properties": {
+ "ImpossibleTravel": {
+ "description": "Flags logins from geographically distant locations within a short time window.",
+ "properties": {
+ "code": {
+ "description": "Assessment result code.",
+ "type": "string"
+ },
+ "confidence": {
+ "description": "Confidence level of the assessment.",
+ "type": "string"
+ }
+ },
+ "required": [
+ "code",
+ "confidence"
+ ],
+ "type": "object"
+ },
+ "NewDevice": {
+ "description": "Flags logins from a device not previously seen for the user.",
+ "properties": {
+ "code": {
+ "description": "Assessment result code.",
+ "type": "string"
+ },
+ "confidence": {
+ "description": "Confidence level of the assessment.",
+ "type": "string"
+ },
+ "details": {
+ "properties": {
+ "device": {
+ "description": "Device identifier.",
+ "type": "string"
+ },
+ "useragent": {
+ "description": "User agent string associated with the device.",
+ "type": "string"
+ }
+ },
+ "required": [
+ "device"
+ ],
+ "type": "object"
+ }
+ },
+ "required": [
+ "code",
+ "confidence"
+ ],
+ "type": "object"
+ },
+ "UntrustedIP": {
+ "description": "Flags logins from IPs listed in threat intelligence sources.",
+ "properties": {
+ "code": {
+ "description": "Assessment result code.",
+ "type": "string"
+ },
+ "confidence": {
+ "description": "Confidence level of the assessment.",
+ "type": "string"
+ },
+ "details": {
+ "properties": {
+ "ip": {
+ "description": "IP address that triggered the assessment.",
+ "type": "string"
+ },
+ "matches": {
+ "description": "Threat category matched.",
+ "type": "string"
+ },
+ "source": {
+ "description": "Threat intelligence source.",
+ "type": "string"
+ }
+ },
+ "required": [
+ "ip",
+ "matches",
+ "source"
+ ],
+ "type": "object"
+ }
+ },
+ "required": [
+ "code",
+ "confidence"
+ ],
+ "type": "object"
+ }
+ },
+ "required": [
+ "UntrustedIP"
+ ],
+ "type": "object"
+ },
+ "confidence": {
+ "description": "Overall confidence level of the risk assessment.",
+ "type": "string"
+ },
+ "version": {
+ "description": "Risk assessment engine version.",
+ "type": "string"
+ }
+ },
+ "required": [
+ "assessments",
+ "confidence",
+ "version"
+ ],
+ "type": "object"
+ },
+ "session": {
+ "properties": {
+ "cookie": {
+ "properties": {
+ "mode": {
+ "enum": [
+ "persistent",
+ "non-persistent"
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "mode"
+ ],
+ "type": "object"
+ },
+ "idp_session_expiry": {
+ "type": "number"
+ }
+ },
+ "required": [
+ "cookie"
+ ],
+ "type": "object"
+ },
+ "session_id": {
+ "type": "string"
+ },
+ "transaction_id": {
+ "description": "Transaction ID to correlate log events that belong to the same authentication transaction.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "strategy": {
+ "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.",
+ "examples": [
+ [
+ "auth0",
+ "waad",
+ "oktawic",
+ "google-oauth2"
+ ]
+ ],
+ "type": "string"
+ },
+ "strategy_type": {
+ "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.",
+ "examples": [
+ [
+ "database",
+ "social",
+ "enterprise"
+ ]
+ ],
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "scoa",
+ "description": "Successful Cross-Origin Authentication",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "strategy",
+ "strategy_type",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "scp": {
+ "description": "Successful Change Password",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "body": {
+ "type": "object"
+ },
+ "email": {
+ "type": "string"
+ },
+ "query": {
+ "type": "object"
+ },
+ "title": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "body"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "strategy": {
+ "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.",
+ "examples": [
+ [
+ "auth0",
+ "waad",
+ "oktawic",
+ "google-oauth2"
+ ]
+ ],
+ "type": "string"
+ },
+ "strategy_type": {
+ "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.",
+ "examples": [
+ [
+ "database",
+ "social",
+ "enterprise"
+ ]
+ ],
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "scp",
+ "description": "Successful Change Password",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "strategy",
+ "strategy_type",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "scpn": {
+ "description": "Successful Change Phone Number",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "body": {
+ "properties": {
+ "client_id": {
+ "type": "string"
+ },
+ "connection": {
+ "type": "string"
+ },
+ "new_phone_number": {
+ "type": "string"
+ },
+ "old_phone_number": {
+ "type": "string"
+ },
+ "phone_verified": {
+ "type": "boolean"
+ },
+ "tenant": {
+ "type": "string"
+ },
+ "user_id": {
+ "type": "string"
+ },
+ "verify": {
+ "type": "boolean"
+ }
+ },
+ "type": "object"
+ }
+ },
+ "required": [
+ "body"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "strategy": {
+ "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.",
+ "examples": [
+ [
+ "auth0",
+ "waad",
+ "oktawic",
+ "google-oauth2"
+ ]
+ ],
+ "type": "string"
+ },
+ "strategy_type": {
+ "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.",
+ "examples": [
+ [
+ "database",
+ "social",
+ "enterprise"
+ ]
+ ],
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "scpn",
+ "description": "Successful Change Phone Number",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "strategy",
+ "strategy_type",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "scpr": {
+ "description": "Successful Change Password Request",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "body": {
+ "properties": {
+ "client_id": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "connection": {
+ "type": "string"
+ },
+ "debug": {
+ "type": "boolean"
+ },
+ "email": {
+ "type": "string"
+ },
+ "includeEmailInRedirect": {
+ "type": "boolean"
+ },
+ "markEmailAsVerified": {
+ "type": "boolean"
+ },
+ "newPassword": {
+ "type": "string"
+ },
+ "requiredCaptcha": {
+ "type": "boolean"
+ },
+ "resultUrl": {
+ "type": "string"
+ },
+ "tenant": {
+ "type": "string"
+ },
+ "ttl_sec": {
+ "type": "string"
+ },
+ "username": {
+ "type": "string"
+ },
+ "verify": {
+ "type": "boolean"
+ }
+ },
+ "type": "object"
+ },
+ "resetUrl": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "body"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "strategy": {
+ "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.",
+ "examples": [
+ [
+ "auth0",
+ "waad",
+ "oktawic",
+ "google-oauth2"
+ ]
+ ],
+ "type": "string"
+ },
+ "strategy_type": {
+ "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.",
+ "examples": [
+ [
+ "database",
+ "social",
+ "enterprise"
+ ]
+ ],
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "scpr",
+ "description": "Successful Change Password Request",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "strategy",
+ "strategy_type",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "scu": {
+ "description": "Successful Change Username",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "body": {
+ "properties": {
+ "clientId": {
+ "type": "string"
+ },
+ "connection": {
+ "type": "string"
+ },
+ "email": {
+ "type": "string"
+ },
+ "newUsername": {
+ "type": "string"
+ },
+ "oldUsername": {
+ "type": "string"
+ },
+ "tenant": {
+ "type": "string"
+ },
+ "user_id": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "newUsername",
+ "oldUsername"
+ ],
+ "type": "object"
+ }
+ },
+ "required": [
+ "body"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "strategy": {
+ "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.",
+ "examples": [
+ [
+ "auth0",
+ "waad",
+ "oktawic",
+ "google-oauth2"
+ ]
+ ],
+ "type": "string"
+ },
+ "strategy_type": {
+ "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.",
+ "examples": [
+ [
+ "database",
+ "social",
+ "enterprise"
+ ]
+ ],
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "scu",
+ "description": "Successful Change Username",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "strategy",
+ "strategy_type",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "scv": {
+ "description": "Successful Credential Validation.",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "allOf": [
+ {
+ "properties": {
+ "actions": {
+ "properties": {
+ "executions": {
+ "description": "List of executions triggered by this auth flow. Executions can be retrieved with https://auth0.com/docs/api/management/v2/actions/get-execution",
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ }
+ },
+ "required": [
+ "executions"
+ ],
+ "type": "object"
+ },
+ "completedAt": {
+ "type": "number"
+ },
+ "elapsedTime": {
+ "type": [
+ "number",
+ "null"
+ ]
+ },
+ "initiatedAt": {
+ "type": "number"
+ },
+ "prompts": {
+ "items": {
+ "properties": {
+ "coi": {
+ "type": "string"
+ },
+ "completedAt": {
+ "type": "number"
+ },
+ "connection": {
+ "type": "string"
+ },
+ "connection_id": {
+ "type": "string"
+ },
+ "cov": {
+ "type": "string"
+ },
+ "elapsedTime": {
+ "type": [
+ "number",
+ "null"
+ ]
+ },
+ "flow": {
+ "type": "string"
+ },
+ "grantInfo": {
+ "properties": {
+ "audience": {
+ "type": "string"
+ },
+ "expiration": {
+ "type": "string"
+ },
+ "id": {
+ "type": "string"
+ },
+ "scope": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "identity": {
+ "type": [
+ "string",
+ "number"
+ ]
+ },
+ "initiatedAt": {
+ "type": "number"
+ },
+ "name": {
+ "type": "string"
+ },
+ "passwordless_amr": {
+ "type": "string"
+ },
+ "performed_acr": {
+ "anyOf": [
+ {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "type": "null"
+ }
+ ]
+ },
+ "performed_amr": {
+ "anyOf": [
+ {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "type": "null"
+ }
+ ]
+ },
+ "provider": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "requiredCaptcha": {
+ "type": "boolean"
+ },
+ "session": {
+ "type": "boolean"
+ },
+ "session_id": {
+ "type": "string"
+ },
+ "stats": {
+ "properties": {
+ "loginsCount": {
+ "description": "The number of logins this user has done, if available. Logins done with a valid username and password always increment this count, even if further steps in the process cause the login to fail (MFA, extensibility, etc.) Null values should be treated as missing data and not as 0.",
+ "type": [
+ "number",
+ "null"
+ ]
+ }
+ },
+ "required": [
+ "loginsCount"
+ ],
+ "type": "object"
+ },
+ "strategy": {
+ "type": "string"
+ },
+ "timers": {
+ "properties": {
+ "rules": {
+ "type": "number"
+ }
+ },
+ "type": "object"
+ },
+ "url": {
+ "type": "string"
+ },
+ "user_id": {
+ "type": "string"
+ },
+ "user_name": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "requiredCaptcha",
+ "session_id"
+ ],
+ "type": "object"
+ },
+ "type": "array"
+ },
+ "riskAssessment": {
+ "properties": {
+ "assessments": {
+ "description": "Risk assessment results keyed by assessor name.",
+ "properties": {
+ "ImpossibleTravel": {
+ "description": "Flags logins from geographically distant locations within a short time window.",
+ "properties": {
+ "code": {
+ "description": "Assessment result code.",
+ "type": "string"
+ },
+ "confidence": {
+ "description": "Confidence level of the assessment.",
+ "type": "string"
+ }
+ },
+ "required": [
+ "code",
+ "confidence"
+ ],
+ "type": "object"
+ },
+ "NewDevice": {
+ "description": "Flags logins from a device not previously seen for the user.",
+ "properties": {
+ "code": {
+ "description": "Assessment result code.",
+ "type": "string"
+ },
+ "confidence": {
+ "description": "Confidence level of the assessment.",
+ "type": "string"
+ },
+ "details": {
+ "properties": {
+ "device": {
+ "description": "Device identifier.",
+ "type": "string"
+ },
+ "useragent": {
+ "description": "User agent string associated with the device.",
+ "type": "string"
+ }
+ },
+ "required": [
+ "device"
+ ],
+ "type": "object"
+ }
+ },
+ "required": [
+ "code",
+ "confidence"
+ ],
+ "type": "object"
+ },
+ "UntrustedIP": {
+ "description": "Flags logins from IPs listed in threat intelligence sources.",
+ "properties": {
+ "code": {
+ "description": "Assessment result code.",
+ "type": "string"
+ },
+ "confidence": {
+ "description": "Confidence level of the assessment.",
+ "type": "string"
+ },
+ "details": {
+ "properties": {
+ "ip": {
+ "description": "IP address that triggered the assessment.",
+ "type": "string"
+ },
+ "matches": {
+ "description": "Threat category matched.",
+ "type": "string"
+ },
+ "source": {
+ "description": "Threat intelligence source.",
+ "type": "string"
+ }
+ },
+ "required": [
+ "ip",
+ "matches",
+ "source"
+ ],
+ "type": "object"
+ }
+ },
+ "required": [
+ "code",
+ "confidence"
+ ],
+ "type": "object"
+ }
+ },
+ "required": [
+ "UntrustedIP"
+ ],
+ "type": "object"
+ },
+ "confidence": {
+ "description": "Overall confidence level of the risk assessment.",
+ "type": "string"
+ },
+ "version": {
+ "description": "Risk assessment engine version.",
+ "type": "string"
+ }
+ },
+ "required": [
+ "assessments",
+ "confidence",
+ "version"
+ ],
+ "type": "object"
+ },
+ "session": {
+ "properties": {
+ "cookie": {
+ "properties": {
+ "mode": {
+ "enum": [
+ "persistent",
+ "non-persistent"
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "mode"
+ ],
+ "type": "object"
+ },
+ "idp_session_expiry": {
+ "type": "number"
+ }
+ },
+ "required": [
+ "cookie"
+ ],
+ "type": "object"
+ },
+ "session_id": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ }
+ ]
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "organization_id": {
+ "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.",
+ "type": "string"
+ },
+ "organization_name": {
+ "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "strategy": {
+ "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.",
+ "examples": [
+ [
+ "auth0",
+ "waad",
+ "oktawic",
+ "google-oauth2"
+ ]
+ ],
+ "type": "string"
+ },
+ "strategy_type": {
+ "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.",
+ "examples": [
+ [
+ "database",
+ "social",
+ "enterprise"
+ ]
+ ],
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "scv",
+ "description": "Successful Credential Validation",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "strategy",
+ "strategy_type",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "sd": {
+ "description": "Successful Delegation",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "api_type": {
+ "type": "string"
+ },
+ "device": {
+ "type": "string"
+ },
+ "grant_type": {
+ "type": "string"
+ },
+ "scope": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "target": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "sd",
+ "description": "Successful Delegation",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "sdu": {
+ "description": "Successful User Deletion",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "body": {
+ "properties": {
+ "connection": {
+ "type": "string"
+ },
+ "tenant": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ }
+ },
+ "required": [
+ "body"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "strategy": {
+ "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.",
+ "examples": [
+ [
+ "auth0",
+ "waad",
+ "oktawic",
+ "google-oauth2"
+ ]
+ ],
+ "type": "string"
+ },
+ "strategy_type": {
+ "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.",
+ "examples": [
+ [
+ "database",
+ "social",
+ "enterprise"
+ ]
+ ],
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "sdu",
+ "description": "Successful User Deletion",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "strategy",
+ "strategy_type",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "seacft": {
+ "description": "Successful Exchange of Authorization Code for Access Token",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "agent_id": {
+ "description": "Stable identifier for the agent acting as principal in this flow. Present when an Auth0 Agent has been granted authority via token exchange and is acting on behalf of a user or itself.",
+ "type": "string"
+ },
+ "audience": {
+ "description": "The audience in the JWT associated with the request.",
+ "type": "string"
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP from which we got the request. Note that this does not follow forwarded-for headers unlike the `ip` field which aims at describing the IP of the end user."
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "access_token_jti": {
+ "type": "string"
+ },
+ "code": {
+ "type": "string"
+ },
+ "refresh_token": {
+ "description": "Details about the refresh token involved in a token exchange or revocation event. Present for both Online Refresh Tokens and regular (offline) refresh tokens.",
+ "properties": {
+ "access": {
+ "description": "Token access type: \"online\" for Online Refresh Tokens, \"offline\" for regular refresh tokens.",
+ "enum": [
+ "online",
+ "offline"
+ ],
+ "type": "string"
+ },
+ "session_id": {
+ "description": "The ID of the session this refresh token is bound to. Not present if the token was invalid and could not be read.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "requested_client_id": {
+ "description": "The client_id from the request. The actual client_id will appear in the top level client_id property.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "mtls_thumbprint_sha256": {
+ "description": "Representation of the client certificate used to authenticate the client as per RFC 8705 section 3.1. Only included in authorization and token exchanges using mtls as a client authentication method.",
+ "type": "string"
+ },
+ "organization_id": {
+ "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.",
+ "type": "string"
+ },
+ "organization_name": {
+ "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "security_context": {
+ "properties": {
+ "ja3": {
+ "description": "JA3 fingerprint. Could be undefined.",
+ "type": "string"
+ },
+ "ja4": {
+ "description": "JA4 fingerprint. Could be undefined.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "transaction_linking_id": {
+ "description": "Reflects the transaction linking ID provided at the start of the auth flow, if any. Only available when using decoupled authorization flows.",
+ "pattern": "^[A-Za-z0-9-_]{27}$",
+ "type": "string"
+ },
+ "type": {
+ "const": "seacft",
+ "description": "Successful Exchange of Authorization Code for Access Token",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "audience",
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "seccft": {
+ "description": "Successful Exchange of Access Token for a Client Credentials Grant",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "agent_id": {
+ "description": "Stable identifier for the agent acting as principal in this flow. Present when an Auth0 Agent has been granted authority via token exchange and is acting on behalf of a user or itself.",
+ "type": "string"
+ },
+ "audience": {
+ "description": "The audience in the JWT associated with the request.",
+ "type": "string"
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP from which we got the request. Note that this does not follow forwarded-for headers unlike the `ip` field which aims at describing the IP of the end user."
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "access_token_jti": {
+ "type": "string"
+ },
+ "actions": {
+ "properties": {
+ "executions": {
+ "description": "List of executions triggered by this auth flow. Executions can be retrieved with https://auth0.com/docs/api/management/v2/actions/get-execution",
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ }
+ },
+ "required": [
+ "executions"
+ ],
+ "type": "object"
+ }
+ },
+ "required": [
+ "actions"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "mtls_thumbprint_sha256": {
+ "description": "Representation of the client certificate used to authenticate the client as per RFC 8705 section 3.1. Only included in authorization and token exchanges using mtls as a client authentication method.",
+ "type": "string"
+ },
+ "organization_id": {
+ "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.",
+ "type": "string"
+ },
+ "organization_name": {
+ "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.",
+ "type": "string"
+ },
+ "scope": {
+ "anyOf": [
+ {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`"
+ },
+ "security_context": {
+ "properties": {
+ "ja3": {
+ "description": "JA3 fingerprint. Could be undefined.",
+ "type": "string"
+ },
+ "ja4": {
+ "description": "JA4 fingerprint. Could be undefined.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "seccft",
+ "description": "Successful Exchange of Access Token for a Client Credentials Grant",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "audience",
+ "client_name",
+ "description",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "secte": {
+ "description": "Successful Exchange via Custom Token Exchange",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "agent_id": {
+ "description": "Stable identifier for the agent acting as principal in this flow. Present when an Auth0 Agent has been granted authority via token exchange and is acting on behalf of a user or itself.",
+ "type": "string"
+ },
+ "audience": {
+ "description": "The audience in the JWT associated with the request.",
+ "type": "string"
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "access_token_jti": {
+ "type": "string"
+ },
+ "actor": {
+ "description": "Identifies and provides information about the acting party to whom authority has been delegated when an entity is acting on behalf of another. Nested `act` claim represents delegation chains (deepest = original caller).",
+ "properties": {
+ "act": {
+ "anyOf": [
+ {
+ "properties": {
+ "act": {
+ "anyOf": [
+ {
+ "properties": {
+ "act": {
+ "anyOf": [
+ {
+ "properties": {
+ "act": {
+ "anyOf": [
+ {
+ "properties": {
+ "sub": {
+ "type": [
+ "string",
+ "null"
+ ]
+ }
+ },
+ "type": "object"
+ },
+ {
+ "type": "null"
+ }
+ ]
+ },
+ "sub": {
+ "type": [
+ "string",
+ "null"
+ ]
+ }
+ },
+ "type": "object"
+ },
+ {
+ "type": "null"
+ }
+ ]
+ },
+ "sub": {
+ "type": [
+ "string",
+ "null"
+ ]
+ }
+ },
+ "type": "object"
+ },
+ {
+ "type": "null"
+ }
+ ]
+ },
+ "sub": {
+ "type": [
+ "string",
+ "null"
+ ]
+ }
+ },
+ "type": "object"
+ },
+ {
+ "type": "null"
+ }
+ ]
+ },
+ "sub": {
+ "type": [
+ "string",
+ "null"
+ ]
+ }
+ },
+ "type": "object"
+ },
+ "subject_token_type": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "subject_token_type"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "organization_id": {
+ "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.",
+ "type": "string"
+ },
+ "organization_name": {
+ "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.",
+ "type": "string"
+ },
+ "scope": {
+ "anyOf": [
+ {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`"
+ },
+ "security_context": {
+ "properties": {
+ "ja3": {
+ "description": "JA3 fingerprint. Could be undefined.",
+ "type": "string"
+ },
+ "ja4": {
+ "description": "JA4 fingerprint. Could be undefined.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "secte",
+ "description": "Successful Exchange via Custom Token Exchange",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "audience",
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "sede": {
+ "description": "Successful Exchange of Device Code for Access Token",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "agent_id": {
+ "description": "Stable identifier for the agent acting as principal in this flow. Present when an Auth0 Agent initiated the device authorization flow and is acting on behalf of a user.",
+ "type": "string"
+ },
+ "audience": {
+ "description": "The audience in the JWT associated with the request.",
+ "type": "string"
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP from which we got the request. Note that this does not follow forwarded-for headers unlike the `ip` field which aims at describing the IP of the end user."
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "access_token_jti": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "mtls_thumbprint_sha256": {
+ "description": "Representation of the client certificate used to authenticate the client as per RFC 8705 section 3.1. Only included in authorization and token exchanges using mtls as a client authentication method.",
+ "type": "string"
+ },
+ "scope": {
+ "anyOf": [
+ {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`"
+ },
+ "security_context": {
+ "properties": {
+ "ja3": {
+ "description": "JA3 fingerprint. Could be undefined.",
+ "type": "string"
+ },
+ "ja4": {
+ "description": "JA4 fingerprint. Could be undefined.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "sede",
+ "description": "Successful Exchange of Device Code for Access Token",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "audience",
+ "client_name",
+ "description",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "sens": {
+ "description": "Successful Exchange - Native Social Login",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "audience": {
+ "description": "The audience in the JWT associated with the request.",
+ "type": "string"
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "access_token_jti": {
+ "type": "string"
+ },
+ "subject_token_type": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "scope": {
+ "anyOf": [
+ {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`"
+ },
+ "security_context": {
+ "properties": {
+ "ja3": {
+ "description": "JA3 fingerprint. Could be undefined.",
+ "type": "string"
+ },
+ "ja4": {
+ "description": "JA4 fingerprint. Could be undefined.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "sens",
+ "description": "Successful Exchange Native Login",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "audience",
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "seoobft": {
+ "description": "Successful Exchange of Password and OOB Challenge for Access Token",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "audience": {
+ "description": "The audience in the JWT associated with the request.",
+ "type": "string"
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP from which we got the request. Note that this does not follow forwarded-for headers unlike the `ip` field which aims at describing the IP of the end user."
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "actions": {
+ "properties": {
+ "executions": {
+ "description": "List of executions triggered by this auth flow. Executions can be retrieved with https://auth0.com/docs/api/management/v2/actions/get-execution",
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ }
+ },
+ "required": [
+ "executions"
+ ],
+ "type": "object"
+ }
+ },
+ "required": [
+ "actions"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "scope": {
+ "anyOf": [
+ {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`"
+ },
+ "security_context": {
+ "properties": {
+ "ja3": {
+ "description": "JA3 fingerprint. Could be undefined.",
+ "type": "string"
+ },
+ "ja4": {
+ "description": "JA4 fingerprint. Could be undefined.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "seoobft",
+ "description": "Successful Exchange of Password and OOB Challenge for Access Token",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "audience",
+ "client_name",
+ "description",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "seotpft": {
+ "description": "Successful Exchange of Password and OTP Challenge for Access Token",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "audience": {
+ "description": "The audience in the JWT associated with the request.",
+ "type": "string"
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP from which we got the request. Note that this does not follow forwarded-for headers unlike the `ip` field which aims at describing the IP of the end user."
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "scope": {
+ "anyOf": [
+ {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`"
+ },
+ "security_context": {
+ "properties": {
+ "ja3": {
+ "description": "JA3 fingerprint. Could be undefined.",
+ "type": "string"
+ },
+ "ja4": {
+ "description": "JA4 fingerprint. Could be undefined.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "seotpft",
+ "description": "Successful Exchange of Password and OTP Challenge for Access Token",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "audience",
+ "client_name",
+ "description",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "sepft": {
+ "description": "Successful Exchange of Password for Access Token",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "audience": {
+ "description": "The audience in the JWT associated with the request.",
+ "type": "string"
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP from which we got the request. Note that this does not follow forwarded-for headers unlike the `ip` field which aims at describing the IP of the end user."
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "access_token_jti": {
+ "type": "string"
+ },
+ "actions": {
+ "properties": {
+ "executions": {
+ "description": "List of executions triggered by this auth flow. Executions can be retrieved with https://auth0.com/docs/api/management/v2/actions/get-execution",
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ }
+ },
+ "required": [
+ "executions"
+ ],
+ "type": "object"
+ }
+ },
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "mtls_thumbprint_sha256": {
+ "description": "Representation of the client certificate used to authenticate the client as per RFC 8705 section 3.1. Only included in authorization and token exchanges using mtls as a client authentication method.",
+ "type": "string"
+ },
+ "scope": {
+ "anyOf": [
+ {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`"
+ },
+ "security_context": {
+ "properties": {
+ "ja3": {
+ "description": "JA3 fingerprint. Could be undefined.",
+ "type": "string"
+ },
+ "ja4": {
+ "description": "JA4 fingerprint. Could be undefined.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "sepft",
+ "description": "Successful Exchange of Password for Access Token",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "audience",
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "sepkoobft": {
+ "description": "Successful Exchange of Passkey and OOB Challenge for Access Token",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "audience": {
+ "description": "The audience in the JWT associated with the request.",
+ "type": "string"
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP from which we got the request. Note that this does not follow forwarded-for headers unlike the `ip` field which aims at describing the IP of the end user."
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "organization_id": {
+ "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.",
+ "type": "string"
+ },
+ "organization_name": {
+ "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.",
+ "type": "string"
+ },
+ "scope": {
+ "anyOf": [
+ {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`"
+ },
+ "security_context": {
+ "properties": {
+ "ja3": {
+ "description": "JA3 fingerprint. Could be undefined.",
+ "type": "string"
+ },
+ "ja4": {
+ "description": "JA4 fingerprint. Could be undefined.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "sepkoobft",
+ "description": "Successful Exchange of Passkey and OOB Challenge for Access Token",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "audience",
+ "client_name",
+ "description",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "sepkotpft": {
+ "description": "Successful Exchange of Passkey and OTP Challenge for Access Token",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "audience": {
+ "description": "The audience in the JWT associated with the request.",
+ "type": "string"
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP from which we got the request. Note that this does not follow forwarded-for headers unlike the `ip` field which aims at describing the IP of the end user."
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "organization_id": {
+ "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.",
+ "type": "string"
+ },
+ "organization_name": {
+ "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.",
+ "type": "string"
+ },
+ "scope": {
+ "anyOf": [
+ {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`"
+ },
+ "security_context": {
+ "properties": {
+ "ja3": {
+ "description": "JA3 fingerprint. Could be undefined.",
+ "type": "string"
+ },
+ "ja4": {
+ "description": "JA4 fingerprint. Could be undefined.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "sepkotpft",
+ "description": "Successful Exchange of Passkey and OTP Challenge for Access Token",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "audience",
+ "client_name",
+ "description",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "sepkrcft": {
+ "description": "Successful Exchange of Passkey and MFA Recovery Code for Access Token",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "audience": {
+ "description": "The audience in the JWT associated with the request.",
+ "type": "string"
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP from which we got the request. Note that this does not follow forwarded-for headers unlike the `ip` field which aims at describing the IP of the end user."
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "organization_id": {
+ "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.",
+ "type": "string"
+ },
+ "organization_name": {
+ "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.",
+ "type": "string"
+ },
+ "scope": {
+ "anyOf": [
+ {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`"
+ },
+ "security_context": {
+ "properties": {
+ "ja3": {
+ "description": "JA3 fingerprint. Could be undefined.",
+ "type": "string"
+ },
+ "ja4": {
+ "description": "JA4 fingerprint. Could be undefined.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "sepkrcft",
+ "description": "Successful Exchange of Passkey and MFA Recovery Code for Access Token",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "audience",
+ "client_name",
+ "description",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "sercft": {
+ "description": "Successful Exchange of Password and MFA Recovery Codeode for Access Token",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "audience": {
+ "description": "The audience in the JWT associated with the request.",
+ "type": "string"
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP from which we got the request. Note that this does not follow forwarded-for headers unlike the `ip` field which aims at describing the IP of the end user."
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "scope": {
+ "anyOf": [
+ {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`"
+ },
+ "security_context": {
+ "properties": {
+ "ja3": {
+ "description": "JA3 fingerprint. Could be undefined.",
+ "type": "string"
+ },
+ "ja4": {
+ "description": "JA4 fingerprint. Could be undefined.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "sercft",
+ "description": "Successful Exchange of Password and MFA Recovery Code for Access Token",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "audience",
+ "client_name",
+ "description",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "sertft": {
+ "description": "Successful Exchange of Refresh Token for Access Token",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "audience": {
+ "description": "The audience in the JWT associated with the request.",
+ "type": "string"
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP from which we got the request. Note that this does not follow forwarded-for headers unlike the `ip` field which aims at describing the IP of the end user."
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "access_token_jti": {
+ "type": "string"
+ },
+ "actions": {
+ "properties": {
+ "executions": {
+ "description": "List of executions triggered by this auth flow. Executions can be retrieved with https://auth0.com/docs/api/management/v2/actions/get-execution",
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ }
+ },
+ "required": [
+ "executions"
+ ],
+ "type": "object"
+ },
+ "familyId": {
+ "type": "string"
+ },
+ "policy_used": {
+ "description": "The refresh token policy type that was matched during the token exchange",
+ "allOf": [
+ {
+ "enum": [
+ "mrrt",
+ "refresh_token_user_grant"
+ ],
+ "type": "string"
+ }
+ ]
+ },
+ "refresh_token": {
+ "description": "Details about the refresh token involved in a token exchange or revocation event. Present for both Online Refresh Tokens and regular (offline) refresh tokens.",
+ "properties": {
+ "access": {
+ "description": "Token access type: \"online\" for Online Refresh Tokens, \"offline\" for regular refresh tokens.",
+ "enum": [
+ "online",
+ "offline"
+ ],
+ "type": "string"
+ },
+ "session_id": {
+ "description": "The ID of the session this refresh token is bound to. Not present if the token was invalid and could not be read.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "requested_audience": {
+ "description": "The audience requested during refresh token exchange, distinct from root-level audience which represents the issued audience",
+ "type": "string"
+ },
+ "requested_client_id": {
+ "description": "The client_id from the request. The actual client_id will appear in the top level client_id property.",
+ "type": "string"
+ },
+ "requested_scope": {
+ "description": "The scope requested during refresh token exchange, distinct from root-level scope which represents the issued scope",
+ "type": "string"
+ },
+ "tokenCounter": {
+ "type": "number"
+ }
+ },
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "mtls_thumbprint_sha256": {
+ "description": "Representation of the client certificate used to authenticate the client as per RFC 8705 section 3.1. Only included in authorization and token exchanges using mtls as a client authentication method.",
+ "type": "string"
+ },
+ "organization_id": {
+ "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.",
+ "type": "string"
+ },
+ "organization_name": {
+ "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.",
+ "type": "string"
+ },
+ "scope": {
+ "anyOf": [
+ {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "sertft",
+ "description": "Successful Exchange of Refresh Token for Access Token",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "audience",
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "seta": {
+ "description": "Successful token exchange at Token Vault",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "audit_context": {
+ "description": "Value of the `audit_context` claim echoed from the subject token JWT.",
+ "type": "string"
+ },
+ "enterprise_connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "enterprise_connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "expires_at": {
+ "type": "string"
+ },
+ "is_privileged_worker": {
+ "description": "True when the token exchange is performed via the Privileged Worker flow.",
+ "type": "boolean"
+ },
+ "issued_token_type": {
+ "type": "string"
+ },
+ "scope": {
+ "type": "string"
+ },
+ "subject_token_type": {
+ "type": "string"
+ },
+ "token_broker": {
+ "type": "string"
+ },
+ "token_thumbprint": {
+ "description": "SHA256 hash of the 3rd party access token that was returned.",
+ "type": "string"
+ }
+ },
+ "required": [
+ "subject_token_type",
+ "issued_token_type",
+ "scope",
+ "expires_at",
+ "is_privileged_worker",
+ "token_thumbprint"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "organization_id": {
+ "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.",
+ "type": "string"
+ },
+ "organization_name": {
+ "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.",
+ "type": "string"
+ },
+ "strategy": {
+ "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.",
+ "examples": [
+ [
+ "auth0",
+ "waad",
+ "oktawic",
+ "google-oauth2"
+ ]
+ ],
+ "type": "string"
+ },
+ "strategy_type": {
+ "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.",
+ "examples": [
+ [
+ "database",
+ "social",
+ "enterprise"
+ ]
+ ],
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "seta",
+ "description": "Successful Exchange of Refresh Token for Token for 3rd party API",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "identity_user_id",
+ "ip",
+ "log_id",
+ "strategy",
+ "strategy_type",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "si": {
+ "description": "Successfully accepted a user invitation",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "invitation": {
+ "properties": {
+ "client_id": {
+ "type": "string"
+ },
+ "created_at": {
+ "type": "string"
+ },
+ "expires_at": {
+ "type": "string"
+ },
+ "id": {
+ "type": "string"
+ },
+ "invitee": {
+ "properties": {
+ "email": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "email"
+ ],
+ "type": "object"
+ },
+ "inviter": {
+ "properties": {
+ "name": {
+ "type": "string"
+ },
+ "organization_id": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "roles": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "ticket_id": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ }
+ },
+ "required": [
+ "invitation"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "organization_id": {
+ "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.",
+ "type": "string"
+ },
+ "organization_name": {
+ "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.",
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "si",
+ "description": "Successful Invite Accept",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "slo": {
+ "description": "Successful Logout",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "allowed_logout_url": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "initiated_by": {
+ "type": "string"
+ },
+ "protocol": {
+ "type": "string"
+ },
+ "return_to": {
+ "type": "string"
+ },
+ "session_id": {
+ "type": "string"
+ },
+ "session_metadata": {
+ "additionalProperties": {
+ "type": "string"
+ },
+ "type": "object"
+ }
+ },
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "slo",
+ "description": "Successful Logout",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "srrt": {
+ "description": "Successfully revoked a refresh token",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "audience": {
+ "type": "string"
+ },
+ "credential_id": {
+ "type": "string"
+ },
+ "grant_id": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "host": {
+ "type": "string"
+ },
+ "method": {
+ "type": "string"
+ },
+ "organization_id": {
+ "type": "string"
+ },
+ "origin": {
+ "type": "string"
+ },
+ "originUrl": {
+ "type": "string"
+ },
+ "originalUrl": {
+ "type": "string"
+ },
+ "refresh_token": {
+ "description": "Details about the refresh token involved in a token exchange or revocation event. Present for both Online Refresh Tokens and regular (offline) refresh tokens.",
+ "properties": {
+ "access": {
+ "description": "Token access type: \"online\" for Online Refresh Tokens, \"offline\" for regular refresh tokens.",
+ "enum": [
+ "online",
+ "offline"
+ ],
+ "type": "string"
+ },
+ "session_id": {
+ "description": "The ID of the session this refresh token is bound to. Not present if the token was invalid and could not be read.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "session_id": {
+ "type": "string"
+ },
+ "xhr": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "credential_id"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "srrt",
+ "description": "Successful Refresh Token Revocation",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "ss": {
+ "description": "Successful Signup",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "actions": {
+ "properties": {
+ "executions": {
+ "description": "List of executions triggered by this auth flow. Executions can be retrieved with https://auth0.com/docs/api/management/v2/actions/get-execution",
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ }
+ },
+ "required": [
+ "executions"
+ ],
+ "type": "object"
+ },
+ "body": {
+ "properties": {
+ "app_metadata": {
+ "type": "object"
+ },
+ "blocked": {
+ "type": "boolean"
+ },
+ "client_id": {
+ "type": "string"
+ },
+ "connection": {
+ "type": "string"
+ },
+ "email": {
+ "type": "string"
+ },
+ "email_verified": {
+ "type": "boolean"
+ },
+ "family_name": {
+ "type": "string"
+ },
+ "given_name": {
+ "type": "string"
+ },
+ "ip": {
+ "type": "string"
+ },
+ "name": {
+ "type": "string"
+ },
+ "nickname": {
+ "type": "string"
+ },
+ "organization": {
+ "properties": {
+ "branding": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "display_name": {
+ "type": "string"
+ },
+ "id": {
+ "type": "string"
+ },
+ "metadata": {
+ "anyOf": [
+ {},
+ {
+ "type": "null"
+ }
+ ]
+ },
+ "name": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "password": {
+ "type": "string"
+ },
+ "phone_number": {
+ "type": "string"
+ },
+ "phone_verified": {
+ "type": "boolean"
+ },
+ "picture": {
+ "type": "string"
+ },
+ "request_language": {
+ "type": "string"
+ },
+ "tenant": {
+ "type": "string"
+ },
+ "transaction": {
+ "properties": {
+ "acr_values": {
+ "anyOf": [
+ {
+ "type": "string"
+ },
+ {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ }
+ ]
+ },
+ "id": {
+ "type": "string"
+ },
+ "locale": {
+ "type": "string"
+ },
+ "login_hint": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "prompt": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "protocol": {
+ "type": "string"
+ },
+ "redirect_uri": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "requested_scopes": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "response_mode": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "response_type": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "state": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "ui_locales": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ }
+ },
+ "type": "object"
+ },
+ "user-agent": {
+ "type": "string"
+ },
+ "user_id": {
+ "type": "string"
+ },
+ "user_metadata": {
+ "anyOf": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "object"
+ }
+ ]
+ },
+ "username": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "completedAt": {
+ "type": "number"
+ },
+ "elapsedTime": {
+ "type": [
+ "number",
+ "null"
+ ]
+ },
+ "initiatedAt": {
+ "type": "number"
+ },
+ "prompts": {
+ "items": {
+ "properties": {
+ "coi": {
+ "type": "string"
+ },
+ "completedAt": {
+ "type": "number"
+ },
+ "connection": {
+ "type": "string"
+ },
+ "connection_id": {
+ "type": "string"
+ },
+ "cov": {
+ "type": "string"
+ },
+ "elapsedTime": {
+ "type": [
+ "number",
+ "null"
+ ]
+ },
+ "flow": {
+ "type": "string"
+ },
+ "grantInfo": {
+ "properties": {
+ "audience": {
+ "type": "string"
+ },
+ "expiration": {
+ "type": "string"
+ },
+ "id": {
+ "type": "string"
+ },
+ "scope": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "identity": {
+ "type": [
+ "string",
+ "number"
+ ]
+ },
+ "initiatedAt": {
+ "type": "number"
+ },
+ "name": {
+ "type": "string"
+ },
+ "passwordless_amr": {
+ "type": "string"
+ },
+ "performed_acr": {
+ "anyOf": [
+ {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "type": "null"
+ }
+ ]
+ },
+ "performed_amr": {
+ "anyOf": [
+ {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "type": "null"
+ }
+ ]
+ },
+ "provider": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "requiredCaptcha": {
+ "type": "boolean"
+ },
+ "session": {
+ "type": "boolean"
+ },
+ "session_id": {
+ "type": "string"
+ },
+ "stats": {
+ "properties": {
+ "loginsCount": {
+ "description": "The number of logins this user has done, if available. Logins done with a valid username and password always increment this count, even if further steps in the process cause the login to fail (MFA, extensibility, etc.) Null values should be treated as missing data and not as 0.",
+ "type": [
+ "number",
+ "null"
+ ]
+ }
+ },
+ "required": [
+ "loginsCount"
+ ],
+ "type": "object"
+ },
+ "strategy": {
+ "type": "string"
+ },
+ "timers": {
+ "properties": {
+ "rules": {
+ "type": "number"
+ }
+ },
+ "type": "object"
+ },
+ "url": {
+ "type": "string"
+ },
+ "user_id": {
+ "type": "string"
+ },
+ "user_name": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "requiredCaptcha",
+ "session_id"
+ ],
+ "type": "object"
+ },
+ "type": "array"
+ },
+ "riskAssessment": {
+ "properties": {
+ "assessments": {
+ "description": "Risk assessment results keyed by assessor name.",
+ "properties": {
+ "ImpossibleTravel": {
+ "description": "Flags logins from geographically distant locations within a short time window.",
+ "properties": {
+ "code": {
+ "description": "Assessment result code.",
+ "type": "string"
+ },
+ "confidence": {
+ "description": "Confidence level of the assessment.",
+ "type": "string"
+ }
+ },
+ "required": [
+ "code",
+ "confidence"
+ ],
+ "type": "object"
+ },
+ "NewDevice": {
+ "description": "Flags logins from a device not previously seen for the user.",
+ "properties": {
+ "code": {
+ "description": "Assessment result code.",
+ "type": "string"
+ },
+ "confidence": {
+ "description": "Confidence level of the assessment.",
+ "type": "string"
+ },
+ "details": {
+ "properties": {
+ "device": {
+ "description": "Device identifier.",
+ "type": "string"
+ },
+ "useragent": {
+ "description": "User agent string associated with the device.",
+ "type": "string"
+ }
+ },
+ "required": [
+ "device"
+ ],
+ "type": "object"
+ }
+ },
+ "required": [
+ "code",
+ "confidence"
+ ],
+ "type": "object"
+ },
+ "UntrustedIP": {
+ "description": "Flags logins from IPs listed in threat intelligence sources.",
+ "properties": {
+ "code": {
+ "description": "Assessment result code.",
+ "type": "string"
+ },
+ "confidence": {
+ "description": "Confidence level of the assessment.",
+ "type": "string"
+ },
+ "details": {
+ "properties": {
+ "ip": {
+ "description": "IP address that triggered the assessment.",
+ "type": "string"
+ },
+ "matches": {
+ "description": "Threat category matched.",
+ "type": "string"
+ },
+ "source": {
+ "description": "Threat intelligence source.",
+ "type": "string"
+ }
+ },
+ "required": [
+ "ip",
+ "matches",
+ "source"
+ ],
+ "type": "object"
+ }
+ },
+ "required": [
+ "code",
+ "confidence"
+ ],
+ "type": "object"
+ }
+ },
+ "required": [
+ "UntrustedIP"
+ ],
+ "type": "object"
+ },
+ "confidence": {
+ "description": "Overall confidence level of the risk assessment.",
+ "type": "string"
+ },
+ "version": {
+ "description": "Risk assessment engine version.",
+ "type": "string"
+ }
+ },
+ "required": [
+ "assessments",
+ "confidence",
+ "version"
+ ],
+ "type": "object"
+ },
+ "session": {
+ "properties": {
+ "cookie": {
+ "properties": {
+ "mode": {
+ "enum": [
+ "persistent",
+ "non-persistent"
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "mode"
+ ],
+ "type": "object"
+ },
+ "idp_session_expiry": {
+ "type": "number"
+ }
+ },
+ "required": [
+ "cookie"
+ ],
+ "type": "object"
+ },
+ "session_id": {
+ "type": "string"
+ },
+ "transaction_id": {
+ "description": "Transaction ID to correlate log events that belong to the same authentication transaction.",
+ "type": "string"
+ }
+ },
+ "required": [
+ "body"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "organization_id": {
+ "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.",
+ "type": "string"
+ },
+ "organization_name": {
+ "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "security_context": {
+ "properties": {
+ "ja3": {
+ "description": "JA3 fingerprint. Could be undefined.",
+ "type": "string"
+ },
+ "ja4": {
+ "description": "JA4 fingerprint. Could be undefined.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "strategy": {
+ "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.",
+ "examples": [
+ [
+ "auth0",
+ "waad",
+ "oktawic",
+ "google-oauth2"
+ ]
+ ],
+ "type": "string"
+ },
+ "strategy_type": {
+ "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.",
+ "examples": [
+ [
+ "database",
+ "social",
+ "enterprise"
+ ]
+ ],
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "ss",
+ "description": "Successful Signup",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "strategy",
+ "strategy_type",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "ss_sso_failure": {
+ "description": "Failed Self-Service Single Sign-On Operation Only emitted by snake-server",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "anyOf": [
+ {
+ "properties": {
+ "connection_name": {
+ "type": "string"
+ },
+ "custom_domain": {
+ "type": "string"
+ },
+ "enabled_features": {
+ "properties": {
+ "domainVerification": {
+ "type": "boolean"
+ },
+ "provisioning": {
+ "type": "boolean"
+ },
+ "sso": {
+ "type": "boolean"
+ }
+ },
+ "required": [
+ "sso",
+ "domainVerification",
+ "provisioning"
+ ],
+ "type": "object"
+ },
+ "flow_type": {
+ "enum": [
+ "create",
+ "update"
+ ],
+ "type": "string"
+ },
+ "ss_sso_event_name": {
+ "const": "ss_sso_ticket_consumption",
+ "type": "string"
+ },
+ "ss_sso_tracing_id": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "ss_sso_event_name"
+ ],
+ "type": "object"
+ },
+ {
+ "properties": {
+ "connection_name": {
+ "type": "string"
+ },
+ "custom_domain": {
+ "type": "string"
+ },
+ "enabled_features": {
+ "properties": {
+ "domainVerification": {
+ "type": "boolean"
+ },
+ "provisioning": {
+ "type": "boolean"
+ },
+ "sso": {
+ "type": "boolean"
+ }
+ },
+ "required": [
+ "sso",
+ "domainVerification",
+ "provisioning"
+ ],
+ "type": "object"
+ },
+ "flow_type": {
+ "enum": [
+ "create",
+ "update"
+ ],
+ "type": "string"
+ },
+ "ss_sso_event_name": {
+ "enum": [
+ "ss_sso_ticket_generation",
+ "ss_sso_connection_creation",
+ "ss_sso_connection_update",
+ "ss_sso_enable_connection",
+ "ss_sso_add_domain",
+ "ss_sso_delete_pending_domain",
+ "ss_sso_delete_verified_domain",
+ "ss_sso_domain_verification",
+ "ss_sso_associate_verified_domain",
+ "ss_sso_provisioning_token_creation",
+ "ss_sso_provisioning_token_deletion",
+ "ss_sso_provisioning_attribute_update",
+ "ss_sso_google_workspace_provisioning_consent_failed",
+ "ss_sso_missing_configuration"
+ ],
+ "type": "string"
+ },
+ "ss_sso_tracing_id": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "connection_name",
+ "flow_type",
+ "ss_sso_event_name",
+ "ss_sso_tracing_id"
+ ],
+ "type": "object"
+ }
+ ],
+ "description": "Log details"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "ss_sso_failure",
+ "description": "Failed SS-SSO Operation",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "ss_sso_info": {
+ "description": "Information from a Self-Service Single Sign-On Operation Only emitted by snake-server",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "connection_name": {
+ "type": "string"
+ },
+ "custom_domain": {
+ "type": "string"
+ },
+ "enabled_features": {
+ "properties": {
+ "domainVerification": {
+ "type": "boolean"
+ },
+ "provisioning": {
+ "type": "boolean"
+ },
+ "sso": {
+ "type": "boolean"
+ }
+ },
+ "required": [
+ "sso",
+ "domainVerification",
+ "provisioning"
+ ],
+ "type": "object"
+ },
+ "flow_type": {
+ "enum": [
+ "create",
+ "update"
+ ],
+ "type": "string"
+ },
+ "ss_sso_event_name": {
+ "enum": [
+ "ss_sso_try_connection_start",
+ "ss_sso_try_connection_end",
+ "ss_sso_google_workspace_provisioning_consent_started",
+ "ss_sso_google_workspace_provisioning_groups_enabled",
+ "ss_sso_flow_end"
+ ],
+ "type": "string"
+ },
+ "ss_sso_tracing_id": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "ss_sso_event_name",
+ "ss_sso_tracing_id",
+ "connection_name",
+ "flow_type"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "ss_sso_info",
+ "description": "Information from an SS-SSO Operation",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "ss_sso_success": {
+ "description": "Successful Self-Service Single Sign-On Operation Only emitted by snake-server",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "connection_name": {
+ "type": "string"
+ },
+ "custom_domain": {
+ "type": "string"
+ },
+ "enabled_features": {
+ "properties": {
+ "domainVerification": {
+ "type": "boolean"
+ },
+ "provisioning": {
+ "type": "boolean"
+ },
+ "sso": {
+ "type": "boolean"
+ }
+ },
+ "required": [
+ "sso",
+ "domainVerification",
+ "provisioning"
+ ],
+ "type": "object"
+ },
+ "flow_type": {
+ "enum": [
+ "create",
+ "update"
+ ],
+ "type": "string"
+ },
+ "ss_sso_event_name": {
+ "enum": [
+ "ss_sso_ticket_generation",
+ "ss_sso_ticket_consumption",
+ "ss_sso_connection_creation",
+ "ss_sso_connection_update",
+ "ss_sso_enable_connection",
+ "ss_sso_add_domain",
+ "ss_sso_delete_pending_domain",
+ "ss_sso_delete_verified_domain",
+ "ss_sso_domain_verification_unsuccessful",
+ "ss_sso_domain_verification_successful",
+ "ss_sso_associate_verified_domain",
+ "ss_sso_provisioning_token_creation",
+ "ss_sso_provisioning_token_deletion",
+ "ss_sso_provisioning_attribute_update",
+ "ss_sso_google_workspace_provisioning_consent_completed",
+ "ss_sso_missing_configuration"
+ ],
+ "type": "string"
+ },
+ "ss_sso_tracing_id": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "ss_sso_event_name",
+ "ss_sso_tracing_id",
+ "connection_name",
+ "flow_type"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "ss_sso_success",
+ "description": "Successful SS-SSO Operation",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "ssa": {
+ "description": "Successful Silent Auth",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "actions": {
+ "properties": {
+ "executions": {
+ "description": "List of executions triggered by this auth flow. Executions can be retrieved with https://auth0.com/docs/api/management/v2/actions/get-execution",
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ }
+ },
+ "required": [
+ "executions"
+ ],
+ "type": "object"
+ },
+ "completedAt": {
+ "type": "number"
+ },
+ "elapsedTime": {
+ "type": [
+ "number",
+ "null"
+ ]
+ },
+ "initiatedAt": {
+ "type": "number"
+ },
+ "prompts": {
+ "items": {
+ "properties": {
+ "coi": {
+ "type": "string"
+ },
+ "completedAt": {
+ "type": "number"
+ },
+ "connection": {
+ "type": "string"
+ },
+ "connection_id": {
+ "type": "string"
+ },
+ "cov": {
+ "type": "string"
+ },
+ "elapsedTime": {
+ "type": [
+ "number",
+ "null"
+ ]
+ },
+ "flow": {
+ "type": "string"
+ },
+ "grantInfo": {
+ "properties": {
+ "audience": {
+ "type": "string"
+ },
+ "expiration": {
+ "type": "string"
+ },
+ "id": {
+ "type": "string"
+ },
+ "scope": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "identity": {
+ "type": [
+ "string",
+ "number"
+ ]
+ },
+ "initiatedAt": {
+ "type": "number"
+ },
+ "name": {
+ "type": "string"
+ },
+ "passwordless_amr": {
+ "type": "string"
+ },
+ "performed_acr": {
+ "anyOf": [
+ {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "type": "null"
+ }
+ ]
+ },
+ "performed_amr": {
+ "anyOf": [
+ {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "type": "null"
+ }
+ ]
+ },
+ "provider": {
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "requiredCaptcha": {
+ "type": "boolean"
+ },
+ "session": {
+ "type": "boolean"
+ },
+ "session_id": {
+ "type": "string"
+ },
+ "stats": {
+ "properties": {
+ "loginsCount": {
+ "description": "The number of logins this user has done, if available. Logins done with a valid username and password always increment this count, even if further steps in the process cause the login to fail (MFA, extensibility, etc.) Null values should be treated as missing data and not as 0.",
+ "type": [
+ "number",
+ "null"
+ ]
+ }
+ },
+ "required": [
+ "loginsCount"
+ ],
+ "type": "object"
+ },
+ "strategy": {
+ "type": "string"
+ },
+ "timers": {
+ "properties": {
+ "rules": {
+ "type": "number"
+ }
+ },
+ "type": "object"
+ },
+ "url": {
+ "type": "string"
+ },
+ "user_id": {
+ "type": "string"
+ },
+ "user_name": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "requiredCaptcha",
+ "session_id"
+ ],
+ "type": "object"
+ },
+ "type": "array"
+ },
+ "riskAssessment": {
+ "properties": {
+ "assessments": {
+ "description": "Risk assessment results keyed by assessor name.",
+ "properties": {
+ "ImpossibleTravel": {
+ "description": "Flags logins from geographically distant locations within a short time window.",
+ "properties": {
+ "code": {
+ "description": "Assessment result code.",
+ "type": "string"
+ },
+ "confidence": {
+ "description": "Confidence level of the assessment.",
+ "type": "string"
+ }
+ },
+ "required": [
+ "code",
+ "confidence"
+ ],
+ "type": "object"
+ },
+ "NewDevice": {
+ "description": "Flags logins from a device not previously seen for the user.",
+ "properties": {
+ "code": {
+ "description": "Assessment result code.",
+ "type": "string"
+ },
+ "confidence": {
+ "description": "Confidence level of the assessment.",
+ "type": "string"
+ },
+ "details": {
+ "properties": {
+ "device": {
+ "description": "Device identifier.",
+ "type": "string"
+ },
+ "useragent": {
+ "description": "User agent string associated with the device.",
+ "type": "string"
+ }
+ },
+ "required": [
+ "device"
+ ],
+ "type": "object"
+ }
+ },
+ "required": [
+ "code",
+ "confidence"
+ ],
+ "type": "object"
+ },
+ "UntrustedIP": {
+ "description": "Flags logins from IPs listed in threat intelligence sources.",
+ "properties": {
+ "code": {
+ "description": "Assessment result code.",
+ "type": "string"
+ },
+ "confidence": {
+ "description": "Confidence level of the assessment.",
+ "type": "string"
+ },
+ "details": {
+ "properties": {
+ "ip": {
+ "description": "IP address that triggered the assessment.",
+ "type": "string"
+ },
+ "matches": {
+ "description": "Threat category matched.",
+ "type": "string"
+ },
+ "source": {
+ "description": "Threat intelligence source.",
+ "type": "string"
+ }
+ },
+ "required": [
+ "ip",
+ "matches",
+ "source"
+ ],
+ "type": "object"
+ }
+ },
+ "required": [
+ "code",
+ "confidence"
+ ],
+ "type": "object"
+ }
+ },
+ "required": [
+ "UntrustedIP"
+ ],
+ "type": "object"
+ },
+ "confidence": {
+ "description": "Overall confidence level of the risk assessment.",
+ "type": "string"
+ },
+ "version": {
+ "description": "Risk assessment engine version.",
+ "type": "string"
+ }
+ },
+ "required": [
+ "assessments",
+ "confidence",
+ "version"
+ ],
+ "type": "object"
+ },
+ "session": {
+ "properties": {
+ "cookie": {
+ "properties": {
+ "mode": {
+ "enum": [
+ "persistent",
+ "non-persistent"
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "mode"
+ ],
+ "type": "object"
+ },
+ "idp_session_expiry": {
+ "type": "number"
+ }
+ },
+ "required": [
+ "cookie"
+ ],
+ "type": "object"
+ },
+ "session_id": {
+ "type": "string"
+ },
+ "triggered_by_session_transfer_token": {
+ "description": "Whether a Session Transfer Token was used for authentication",
+ "type": "boolean"
+ }
+ },
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "hostname": {
+ "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.",
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "organization_id": {
+ "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.",
+ "type": "string"
+ },
+ "organization_name": {
+ "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.",
+ "type": "string"
+ },
+ "session_connection": {
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "ssa",
+ "description": "Successful Silent Auth",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "hostname",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "sscim": {
+ "description": "Successful SCIM Operation",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "action": {
+ "type": "string"
+ },
+ "connection_id": {
+ "type": "string"
+ },
+ "request": {
+ "properties": {
+ "body": {
+ "anyOf": [
+ {
+ "type": "object"
+ },
+ {
+ "type": "null"
+ }
+ ]
+ },
+ "ip": {
+ "type": "string"
+ },
+ "method": {
+ "type": "string"
+ },
+ "path": {
+ "type": "string"
+ },
+ "query": {
+ "type": "object"
+ },
+ "userAgent": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "method",
+ "path",
+ "query",
+ "userAgent",
+ "ip",
+ "body"
+ ],
+ "type": "object"
+ },
+ "response": {
+ "properties": {
+ "statusCode": {
+ "type": "number"
+ }
+ },
+ "required": [
+ "statusCode"
+ ],
+ "type": "object"
+ }
+ },
+ "required": [
+ "action",
+ "connection_id",
+ "request",
+ "response"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "sscim",
+ "description": "Successful SCIM Operation",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "success_on_behalf_of_token_exchange": {
+ "description": "Successful Exchange via On-Behalf-Of Token Exchange",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "agent_id": {
+ "description": "Stable identifier for the agent acting as principal in this flow. Present when an Auth0 Agent has been granted authority via token exchange and is acting on behalf of a user or itself.",
+ "type": "string"
+ },
+ "audience": {
+ "description": "The audience in the JWT associated with the request.",
+ "type": "string"
+ },
+ "auth0_client": {
+ "anyOf": [
+ {
+ "properties": {
+ "env": {
+ "type": "object"
+ },
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ],
+ "type": "object"
+ },
+ {
+ "type": "object"
+ },
+ {
+ "items": {},
+ "type": "array"
+ }
+ ],
+ "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header."
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "access_token_jti": {
+ "type": "string"
+ },
+ "actor": {
+ "description": "Identifies and provides information about the acting party to whom authority has been delegated when an entity is acting on behalf of another. Nested `act` claim represents delegation chains (deepest = original caller).",
+ "properties": {
+ "act": {
+ "anyOf": [
+ {
+ "properties": {
+ "act": {
+ "anyOf": [
+ {
+ "properties": {
+ "act": {
+ "anyOf": [
+ {
+ "properties": {
+ "act": {
+ "anyOf": [
+ {
+ "properties": {
+ "sub": {
+ "type": [
+ "string",
+ "null"
+ ]
+ }
+ },
+ "type": "object"
+ },
+ {
+ "type": "null"
+ }
+ ]
+ },
+ "sub": {
+ "type": [
+ "string",
+ "null"
+ ]
+ }
+ },
+ "type": "object"
+ },
+ {
+ "type": "null"
+ }
+ ]
+ },
+ "sub": {
+ "type": [
+ "string",
+ "null"
+ ]
+ }
+ },
+ "type": "object"
+ },
+ {
+ "type": "null"
+ }
+ ]
+ },
+ "sub": {
+ "type": [
+ "string",
+ "null"
+ ]
+ }
+ },
+ "type": "object"
+ },
+ {
+ "type": "null"
+ }
+ ]
+ },
+ "sub": {
+ "type": [
+ "string",
+ "null"
+ ]
+ }
+ },
+ "type": "object"
+ },
+ "requested_token_type": {
+ "type": "string"
+ },
+ "subject_token_type": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "subject_token_type",
+ "requested_token_type",
+ "actor"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "organization_id": {
+ "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.",
+ "type": "string"
+ },
+ "organization_name": {
+ "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.",
+ "type": "string"
+ },
+ "scope": {
+ "anyOf": [
+ {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`"
+ },
+ "security_context": {
+ "properties": {
+ "ja3": {
+ "description": "JA3 fingerprint. Could be undefined.",
+ "type": "string"
+ },
+ "ja4": {
+ "description": "JA4 fingerprint. Could be undefined.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "success_on_behalf_of_token_exchange",
+ "description": "Successful Exchange via On-Behalf-Of Token Exchange",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "audience",
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "sui": {
+ "description": "Successful Users Import",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "connection": {
+ "type": "string"
+ },
+ "tenant": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "sui",
+ "description": "Successful Users Import",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "description",
+ "details",
+ "environment_name",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "sv": {
+ "description": "Successfully consumed email verification link",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "body": {
+ "properties": {
+ "tenant": {
+ "type": "string"
+ },
+ "ticket": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "tenant",
+ "ticket"
+ ],
+ "type": "object"
+ },
+ "email": {
+ "type": "string"
+ },
+ "query": {
+ "properties": {
+ "client_id": {
+ "type": "string"
+ },
+ "connection": {
+ "type": "string"
+ },
+ "email": {
+ "type": "string"
+ },
+ "idp_user_id": {
+ "type": "string"
+ },
+ "includeEmailInRedirect": {
+ "type": "boolean"
+ },
+ "resultUrl": {
+ "type": "string"
+ },
+ "tenant": {
+ "type": "string"
+ },
+ "user_id": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_id",
+ "connection",
+ "email",
+ "idp_user_id",
+ "includeEmailInRedirect",
+ "resultUrl",
+ "tenant",
+ "user_id"
+ ],
+ "type": "object"
+ },
+ "title": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "strategy": {
+ "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.",
+ "examples": [
+ [
+ "auth0",
+ "waad",
+ "oktawic",
+ "google-oauth2"
+ ]
+ ],
+ "type": "string"
+ },
+ "strategy_type": {
+ "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.",
+ "examples": [
+ [
+ "database",
+ "social",
+ "enterprise"
+ ]
+ ],
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "sv",
+ "description": "Successful Verification Email",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "strategy",
+ "strategy_type",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "svr": {
+ "description": "Successfully called verification email endpoint. Verification email has been queued for sending.",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "body": {
+ "properties": {
+ "client_id": {
+ "type": "string"
+ },
+ "connection": {
+ "type": "string"
+ },
+ "email": {
+ "type": "string"
+ },
+ "idp_user_id": {
+ "type": [
+ "string",
+ "number"
+ ]
+ },
+ "includeEmailInRedirect": {
+ "type": "boolean"
+ },
+ "job_id": {
+ "type": "string"
+ },
+ "provider": {
+ "type": "string"
+ },
+ "resultUrl": {
+ "type": "string"
+ },
+ "template": {
+ "properties": {
+ "type": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "type"
+ ],
+ "type": "object"
+ },
+ "tenant": {
+ "type": "string"
+ },
+ "to": {
+ "type": "string"
+ },
+ "ttl_sec": {
+ "type": "number"
+ },
+ "user_id": {
+ "type": "string"
+ },
+ "verificationUrl": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ }
+ },
+ "required": [
+ "body"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "references": {
+ "description": "References for correlating related events across services and stitching them into distributed traces.",
+ "properties": {
+ "correlation_id": {
+ "description": "Correlation ID to trace related events across services.",
+ "maxLength": 128,
+ "type": "string"
+ },
+ "trace_id": {
+ "description": "W3C trace ID (hex) to correlate this event with a distributed trace.",
+ "pattern": "^[a-f0-9]{32}$",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "strategy": {
+ "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.",
+ "examples": [
+ [
+ "auth0",
+ "waad",
+ "oktawic",
+ "google-oauth2"
+ ]
+ ],
+ "type": "string"
+ },
+ "strategy_type": {
+ "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.",
+ "examples": [
+ [
+ "database",
+ "social",
+ "enterprise"
+ ]
+ ],
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "svr",
+ "description": "Successful Verification Email Request",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "strategy",
+ "strategy_type",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "ublkdu": {
+ "description": "User block setup by anomaly detection has been released",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "email": {
+ "type": "string"
+ },
+ "query": {
+ "type": "object"
+ },
+ "request": {
+ "type": "object"
+ },
+ "response": {
+ "type": "object"
+ },
+ "title": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "strategy": {
+ "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.",
+ "examples": [
+ [
+ "auth0",
+ "waad",
+ "oktawic",
+ "google-oauth2"
+ ]
+ ],
+ "type": "string"
+ },
+ "strategy_type": {
+ "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.",
+ "examples": [
+ [
+ "database",
+ "social",
+ "enterprise"
+ ]
+ ],
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "ublkdu",
+ "description": "User login block released",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "strategy",
+ "strategy_type",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "universal_logout_failed": {
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "error": {
+ "type": "string"
+ },
+ "response": {
+ "properties": {
+ "statusCode": {
+ "type": "number"
+ }
+ },
+ "required": [
+ "statusCode"
+ ],
+ "type": "object"
+ }
+ },
+ "required": [
+ "response",
+ "error"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "universal_logout_failed",
+ "description": "Failed Universal Logout request",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "universal_logout_succeeded": {
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "universal_logout_succeeded",
+ "description": "Successful Universal Logout request",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "description",
+ "environment_name",
+ "ip",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "w": {
+ "description": "A warning has happened during a login flow",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "audience": {
+ "description": "The audience in the JWT associated with the request.",
+ "type": "string"
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "credentials_tenant": {
+ "type": "string"
+ },
+ "host_tenant": {
+ "type": "string"
+ },
+ "method": {
+ "type": "string"
+ },
+ "opts": {
+ "properties": {
+ "search": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "original_profile": {
+ "type": "string"
+ },
+ "path": {
+ "type": "string"
+ },
+ "referer": {
+ "type": "string"
+ },
+ "request": {
+ "type": "object"
+ },
+ "response": {
+ "type": "object"
+ },
+ "session_id": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "ip": {
+ "anyOf": [
+ {
+ "format": "ipv4",
+ "type": "string"
+ },
+ {
+ "format": "ipv6",
+ "type": "string"
+ }
+ ],
+ "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard."
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "mtls_thumbprint_sha256": {
+ "description": "Representation of the client certificate used to authenticate the client as per RFC 8705 section 3.1. Only included in authorization and token exchanges using mtls as a client authentication method.",
+ "type": "string"
+ },
+ "scope": {
+ "anyOf": [
+ {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`"
+ },
+ "strategy": {
+ "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.",
+ "examples": [
+ [
+ "auth0",
+ "waad",
+ "oktawic",
+ "google-oauth2"
+ ]
+ ],
+ "type": "string"
+ },
+ "strategy_type": {
+ "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.",
+ "examples": [
+ [
+ "database",
+ "social",
+ "enterprise"
+ ]
+ ],
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "tracking_id": {
+ "type": "string"
+ },
+ "type": {
+ "const": "w",
+ "description": "Warning",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "audience",
+ "client_name",
+ "description",
+ "details",
+ "environment_name",
+ "ip",
+ "log_id",
+ "strategy",
+ "strategy_type",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "wn": {
+ "description": "Warning Notification",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "client_id": {
+ "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "client_name": {
+ "description": "Client name associated with the client_id, when available. May be empty string.",
+ "type": "string"
+ },
+ "connection": {
+ "description": "Name of the connection, when available. The connection here matches the `connection_id` field.",
+ "type": "string"
+ },
+ "connection_id": {
+ "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.",
+ "type": "string"
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "notification_channel": {
+ "type": "string"
+ },
+ "notification_type": {
+ "type": "string"
+ },
+ "to": {
+ "type": "string"
+ },
+ "warning": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "notification_type",
+ "notification_channel",
+ "to"
+ ],
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "wn",
+ "description": "Warning Notifications",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "description",
+ "details",
+ "environment_name",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ },
+ "wum": {
+ "description": "A warning has happened during user management related tasks",
+ "properties": {
+ "$event_schema": {
+ "description": "Event schema meta",
+ "allOf": [
+ {
+ "properties": {
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "version"
+ ],
+ "type": "object"
+ }
+ ]
+ },
+ "date": {
+ "description": "The date when the event occurred in ISO 8601 format",
+ "examples": [
+ "2024-01-15T10:30:00.000Z"
+ ],
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the event. This can also contain a description of the issue for failure logs.",
+ "type": "string"
+ },
+ "details": {
+ "description": "Log details",
+ "properties": {
+ "tenant": {
+ "type": "string"
+ },
+ "user_id": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "environment_name": {
+ "description": "The name of the environment where the event occurred",
+ "examples": [
+ "prod-eu-1",
+ "prod-us-1"
+ ],
+ "type": "string"
+ },
+ "identity_user_id": {
+ "description": "ID for the user as reported by the IdP.",
+ "type": "string"
+ },
+ "is_mobile": {
+ "description": "Whether the request originated from a mobile device. Only present when user_agent is available.",
+ "type": "boolean"
+ },
+ "log_id": {
+ "description": "Log id",
+ "type": "string"
+ },
+ "tenant_name": {
+ "description": "Tenant name",
+ "type": "string"
+ },
+ "type": {
+ "const": "wum",
+ "description": "Warning User Management",
+ "type": "string"
+ },
+ "user_agent": {
+ "description": "The user_agent behind this log, when available",
+ "examples": [
+ "Chrome 120.0.0 / Mac OS X 10.15.7"
+ ],
+ "type": "string"
+ },
+ "user_id": {
+ "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string",
+ "type": "string"
+ },
+ "user_name": {
+ "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.",
+ "examples": [
+ [
+ "example@example.com",
+ "+14155554321"
+ ]
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "description",
+ "details",
+ "environment_name",
+ "log_id",
+ "tenant_name",
+ "type"
+ ],
+ "type": "object"
+ }
+ }
}
}
diff --git a/main/docs/tenant-logs/_metadata.json b/main/docs/tenant-logs/_metadata.json
new file mode 100644
index 0000000000..aa5045d366
--- /dev/null
+++ b/main/docs/tenant-logs/_metadata.json
@@ -0,0 +1,3 @@
+{
+ "schemaVersion": "2.131.0"
+}
diff --git a/main/docs/tenant-logs/acls-summary.mdx b/main/docs/tenant-logs/acls-summary.mdx
new file mode 100644
index 0000000000..093d4aea19
--- /dev/null
+++ b/main/docs/tenant-logs/acls-summary.mdx
@@ -0,0 +1,8 @@
+---
+title: "acls_summary"
+openapi-schema: logs-schema acls_summary
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/actions-execution-failed.mdx b/main/docs/tenant-logs/actions-execution-failed.mdx
new file mode 100644
index 0000000000..1118b69d3d
--- /dev/null
+++ b/main/docs/tenant-logs/actions-execution-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "actions_execution_failed"
+openapi-schema: logs-schema actions_execution_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/acul-sdk-notice.mdx b/main/docs/tenant-logs/acul-sdk-notice.mdx
new file mode 100644
index 0000000000..3ac9977c6b
--- /dev/null
+++ b/main/docs/tenant-logs/acul-sdk-notice.mdx
@@ -0,0 +1,8 @@
+---
+title: "acul_sdk_notice"
+openapi-schema: logs-schema acul_sdk_notice
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/api-limit-warning.mdx b/main/docs/tenant-logs/api-limit-warning.mdx
new file mode 100644
index 0000000000..b957187034
--- /dev/null
+++ b/main/docs/tenant-logs/api-limit-warning.mdx
@@ -0,0 +1,8 @@
+---
+title: "api_limit_warning"
+openapi-schema: logs-schema api_limit_warning
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/api-limit.mdx b/main/docs/tenant-logs/api-limit.mdx
new file mode 100644
index 0000000000..c5b1e00233
--- /dev/null
+++ b/main/docs/tenant-logs/api-limit.mdx
@@ -0,0 +1,8 @@
+---
+title: "api_limit"
+openapi-schema: logs-schema api_limit
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/appi.mdx b/main/docs/tenant-logs/appi.mdx
new file mode 100644
index 0000000000..aa1889c48e
--- /dev/null
+++ b/main/docs/tenant-logs/appi.mdx
@@ -0,0 +1,8 @@
+---
+title: "appi"
+openapi-schema: logs-schema appi
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/ciba-exchange-failed.mdx b/main/docs/tenant-logs/ciba-exchange-failed.mdx
new file mode 100644
index 0000000000..6bf353dc43
--- /dev/null
+++ b/main/docs/tenant-logs/ciba-exchange-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "ciba_exchange_failed"
+openapi-schema: logs-schema ciba_exchange_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/ciba-exchange-succeeded.mdx b/main/docs/tenant-logs/ciba-exchange-succeeded.mdx
new file mode 100644
index 0000000000..00b08144ed
--- /dev/null
+++ b/main/docs/tenant-logs/ciba-exchange-succeeded.mdx
@@ -0,0 +1,8 @@
+---
+title: "ciba_exchange_succeeded"
+openapi-schema: logs-schema ciba_exchange_succeeded
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/ciba-start-failed.mdx b/main/docs/tenant-logs/ciba-start-failed.mdx
new file mode 100644
index 0000000000..9dba690e8c
--- /dev/null
+++ b/main/docs/tenant-logs/ciba-start-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "ciba_start_failed"
+openapi-schema: logs-schema ciba_start_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/ciba-start-succeeded.mdx b/main/docs/tenant-logs/ciba-start-succeeded.mdx
new file mode 100644
index 0000000000..518f536d96
--- /dev/null
+++ b/main/docs/tenant-logs/ciba-start-succeeded.mdx
@@ -0,0 +1,8 @@
+---
+title: "ciba_start_succeeded"
+openapi-schema: logs-schema ciba_start_succeeded
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/cls.mdx b/main/docs/tenant-logs/cls.mdx
new file mode 100644
index 0000000000..b110579073
--- /dev/null
+++ b/main/docs/tenant-logs/cls.mdx
@@ -0,0 +1,8 @@
+---
+title: "cls"
+openapi-schema: logs-schema cls
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/connected-accounts-connection-failed.mdx b/main/docs/tenant-logs/connected-accounts-connection-failed.mdx
new file mode 100644
index 0000000000..21e2fa6fb0
--- /dev/null
+++ b/main/docs/tenant-logs/connected-accounts-connection-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "connected_accounts_connection_failed"
+openapi-schema: logs-schema connected_accounts_connection_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/connected-accounts-connection-succeeded.mdx b/main/docs/tenant-logs/connected-accounts-connection-succeeded.mdx
new file mode 100644
index 0000000000..f9bbda95e1
--- /dev/null
+++ b/main/docs/tenant-logs/connected-accounts-connection-succeeded.mdx
@@ -0,0 +1,8 @@
+---
+title: "connected_accounts_connection_succeeded"
+openapi-schema: logs-schema connected_accounts_connection_succeeded
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/connected-accounts-delete-failed.mdx b/main/docs/tenant-logs/connected-accounts-delete-failed.mdx
new file mode 100644
index 0000000000..0d63b16142
--- /dev/null
+++ b/main/docs/tenant-logs/connected-accounts-delete-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "connected_accounts_delete_failed"
+openapi-schema: logs-schema connected_accounts_delete_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/connected-accounts-delete-succeeded.mdx b/main/docs/tenant-logs/connected-accounts-delete-succeeded.mdx
new file mode 100644
index 0000000000..89fa24d7fa
--- /dev/null
+++ b/main/docs/tenant-logs/connected-accounts-delete-succeeded.mdx
@@ -0,0 +1,8 @@
+---
+title: "connected_accounts_delete_succeeded"
+openapi-schema: logs-schema connected_accounts_delete_succeeded
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/cs.mdx b/main/docs/tenant-logs/cs.mdx
new file mode 100644
index 0000000000..0029dea0f9
--- /dev/null
+++ b/main/docs/tenant-logs/cs.mdx
@@ -0,0 +1,8 @@
+---
+title: "cs"
+openapi-schema: logs-schema cs
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/custom-domain-verification-failed.mdx b/main/docs/tenant-logs/custom-domain-verification-failed.mdx
new file mode 100644
index 0000000000..6224072e65
--- /dev/null
+++ b/main/docs/tenant-logs/custom-domain-verification-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "custom_domain_verification_failed"
+openapi-schema: logs-schema custom_domain_verification_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/depnote.mdx b/main/docs/tenant-logs/depnote.mdx
new file mode 100644
index 0000000000..2b0e2eec3e
--- /dev/null
+++ b/main/docs/tenant-logs/depnote.mdx
@@ -0,0 +1,8 @@
+---
+title: "depnote"
+openapi-schema: logs-schema depnote
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/directory-sync-completed.mdx b/main/docs/tenant-logs/directory-sync-completed.mdx
new file mode 100644
index 0000000000..1dd8ea0bd4
--- /dev/null
+++ b/main/docs/tenant-logs/directory-sync-completed.mdx
@@ -0,0 +1,8 @@
+---
+title: "directory_sync_completed"
+openapi-schema: logs-schema directory_sync_completed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/directory-sync-failed.mdx b/main/docs/tenant-logs/directory-sync-failed.mdx
new file mode 100644
index 0000000000..80ddfbb7b2
--- /dev/null
+++ b/main/docs/tenant-logs/directory-sync-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "directory_sync_failed"
+openapi-schema: logs-schema directory_sync_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/directory-sync-started.mdx b/main/docs/tenant-logs/directory-sync-started.mdx
new file mode 100644
index 0000000000..b0edd5f915
--- /dev/null
+++ b/main/docs/tenant-logs/directory-sync-started.mdx
@@ -0,0 +1,8 @@
+---
+title: "directory_sync_started"
+openapi-schema: logs-schema directory_sync_started
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/f.mdx b/main/docs/tenant-logs/f.mdx
new file mode 100644
index 0000000000..c3cba7f88c
--- /dev/null
+++ b/main/docs/tenant-logs/f.mdx
@@ -0,0 +1,8 @@
+---
+title: "f"
+openapi-schema: logs-schema f
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/failed-on-behalf-of-token-exchange.mdx b/main/docs/tenant-logs/failed-on-behalf-of-token-exchange.mdx
new file mode 100644
index 0000000000..47f623add2
--- /dev/null
+++ b/main/docs/tenant-logs/failed-on-behalf-of-token-exchange.mdx
@@ -0,0 +1,8 @@
+---
+title: "failed_on_behalf_of_token_exchange"
+openapi-schema: logs-schema failed_on_behalf_of_token_exchange
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/fce.mdx b/main/docs/tenant-logs/fce.mdx
new file mode 100644
index 0000000000..371a206262
--- /dev/null
+++ b/main/docs/tenant-logs/fce.mdx
@@ -0,0 +1,8 @@
+---
+title: "fce"
+openapi-schema: logs-schema fce
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/fco.mdx b/main/docs/tenant-logs/fco.mdx
new file mode 100644
index 0000000000..fcf9b788f5
--- /dev/null
+++ b/main/docs/tenant-logs/fco.mdx
@@ -0,0 +1,8 @@
+---
+title: "fco"
+openapi-schema: logs-schema fco
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/fcoa.mdx b/main/docs/tenant-logs/fcoa.mdx
new file mode 100644
index 0000000000..e202413ee8
--- /dev/null
+++ b/main/docs/tenant-logs/fcoa.mdx
@@ -0,0 +1,8 @@
+---
+title: "fcoa"
+openapi-schema: logs-schema fcoa
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/fcp.mdx b/main/docs/tenant-logs/fcp.mdx
new file mode 100644
index 0000000000..8d3153f488
--- /dev/null
+++ b/main/docs/tenant-logs/fcp.mdx
@@ -0,0 +1,8 @@
+---
+title: "fcp"
+openapi-schema: logs-schema fcp
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/fcph.mdx b/main/docs/tenant-logs/fcph.mdx
new file mode 100644
index 0000000000..d7169eab1b
--- /dev/null
+++ b/main/docs/tenant-logs/fcph.mdx
@@ -0,0 +1,8 @@
+---
+title: "fcph"
+openapi-schema: logs-schema fcph
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/fcpn.mdx b/main/docs/tenant-logs/fcpn.mdx
new file mode 100644
index 0000000000..3c8c84f8ee
--- /dev/null
+++ b/main/docs/tenant-logs/fcpn.mdx
@@ -0,0 +1,8 @@
+---
+title: "fcpn"
+openapi-schema: logs-schema fcpn
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/fcpr.mdx b/main/docs/tenant-logs/fcpr.mdx
new file mode 100644
index 0000000000..d56ff6ba40
--- /dev/null
+++ b/main/docs/tenant-logs/fcpr.mdx
@@ -0,0 +1,8 @@
+---
+title: "fcpr"
+openapi-schema: logs-schema fcpr
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/fcpro.mdx b/main/docs/tenant-logs/fcpro.mdx
new file mode 100644
index 0000000000..4a2a67d5c6
--- /dev/null
+++ b/main/docs/tenant-logs/fcpro.mdx
@@ -0,0 +1,8 @@
+---
+title: "fcpro"
+openapi-schema: logs-schema fcpro
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/fcu.mdx b/main/docs/tenant-logs/fcu.mdx
new file mode 100644
index 0000000000..c3b0142713
--- /dev/null
+++ b/main/docs/tenant-logs/fcu.mdx
@@ -0,0 +1,8 @@
+---
+title: "fcu"
+openapi-schema: logs-schema fcu
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/fd.mdx b/main/docs/tenant-logs/fd.mdx
new file mode 100644
index 0000000000..fd60c01dc6
--- /dev/null
+++ b/main/docs/tenant-logs/fd.mdx
@@ -0,0 +1,8 @@
+---
+title: "fd"
+openapi-schema: logs-schema fd
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/fdeac.mdx b/main/docs/tenant-logs/fdeac.mdx
new file mode 100644
index 0000000000..959b5d781f
--- /dev/null
+++ b/main/docs/tenant-logs/fdeac.mdx
@@ -0,0 +1,8 @@
+---
+title: "fdeac"
+openapi-schema: logs-schema fdeac
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/fdeaz.mdx b/main/docs/tenant-logs/fdeaz.mdx
new file mode 100644
index 0000000000..9dbec9d453
--- /dev/null
+++ b/main/docs/tenant-logs/fdeaz.mdx
@@ -0,0 +1,8 @@
+---
+title: "fdeaz"
+openapi-schema: logs-schema fdeaz
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/fdecc.mdx b/main/docs/tenant-logs/fdecc.mdx
new file mode 100644
index 0000000000..de2f23d901
--- /dev/null
+++ b/main/docs/tenant-logs/fdecc.mdx
@@ -0,0 +1,8 @@
+---
+title: "fdecc"
+openapi-schema: logs-schema fdecc
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/fdu.mdx b/main/docs/tenant-logs/fdu.mdx
new file mode 100644
index 0000000000..6df42066da
--- /dev/null
+++ b/main/docs/tenant-logs/fdu.mdx
@@ -0,0 +1,8 @@
+---
+title: "fdu"
+openapi-schema: logs-schema fdu
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/feacft.mdx b/main/docs/tenant-logs/feacft.mdx
new file mode 100644
index 0000000000..cfabcf57c8
--- /dev/null
+++ b/main/docs/tenant-logs/feacft.mdx
@@ -0,0 +1,8 @@
+---
+title: "feacft"
+openapi-schema: logs-schema feacft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/feccft.mdx b/main/docs/tenant-logs/feccft.mdx
new file mode 100644
index 0000000000..9b23480230
--- /dev/null
+++ b/main/docs/tenant-logs/feccft.mdx
@@ -0,0 +1,8 @@
+---
+title: "feccft"
+openapi-schema: logs-schema feccft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/fecte.mdx b/main/docs/tenant-logs/fecte.mdx
new file mode 100644
index 0000000000..9af3c52542
--- /dev/null
+++ b/main/docs/tenant-logs/fecte.mdx
@@ -0,0 +1,8 @@
+---
+title: "fecte"
+openapi-schema: logs-schema fecte
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/fede.mdx b/main/docs/tenant-logs/fede.mdx
new file mode 100644
index 0000000000..faca59e826
--- /dev/null
+++ b/main/docs/tenant-logs/fede.mdx
@@ -0,0 +1,8 @@
+---
+title: "fede"
+openapi-schema: logs-schema fede
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/federated-logout-failed.mdx b/main/docs/tenant-logs/federated-logout-failed.mdx
new file mode 100644
index 0000000000..599da10d1c
--- /dev/null
+++ b/main/docs/tenant-logs/federated-logout-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "federated_logout_failed"
+openapi-schema: logs-schema federated_logout_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/fens.mdx b/main/docs/tenant-logs/fens.mdx
new file mode 100644
index 0000000000..30b2692a06
--- /dev/null
+++ b/main/docs/tenant-logs/fens.mdx
@@ -0,0 +1,8 @@
+---
+title: "fens"
+openapi-schema: logs-schema fens
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/feoobft.mdx b/main/docs/tenant-logs/feoobft.mdx
new file mode 100644
index 0000000000..ca40a8613f
--- /dev/null
+++ b/main/docs/tenant-logs/feoobft.mdx
@@ -0,0 +1,8 @@
+---
+title: "feoobft"
+openapi-schema: logs-schema feoobft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/feotpft.mdx b/main/docs/tenant-logs/feotpft.mdx
new file mode 100644
index 0000000000..f2adef346d
--- /dev/null
+++ b/main/docs/tenant-logs/feotpft.mdx
@@ -0,0 +1,8 @@
+---
+title: "feotpft"
+openapi-schema: logs-schema feotpft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/fepft.mdx b/main/docs/tenant-logs/fepft.mdx
new file mode 100644
index 0000000000..9d54c13b37
--- /dev/null
+++ b/main/docs/tenant-logs/fepft.mdx
@@ -0,0 +1,8 @@
+---
+title: "fepft"
+openapi-schema: logs-schema fepft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/fepotpft.mdx b/main/docs/tenant-logs/fepotpft.mdx
new file mode 100644
index 0000000000..d7217efe2f
--- /dev/null
+++ b/main/docs/tenant-logs/fepotpft.mdx
@@ -0,0 +1,8 @@
+---
+title: "fepotpft"
+openapi-schema: logs-schema fepotpft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/fercft.mdx b/main/docs/tenant-logs/fercft.mdx
new file mode 100644
index 0000000000..23ef538b76
--- /dev/null
+++ b/main/docs/tenant-logs/fercft.mdx
@@ -0,0 +1,8 @@
+---
+title: "fercft"
+openapi-schema: logs-schema fercft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/ferrt.mdx b/main/docs/tenant-logs/ferrt.mdx
new file mode 100644
index 0000000000..e1daab0a60
--- /dev/null
+++ b/main/docs/tenant-logs/ferrt.mdx
@@ -0,0 +1,8 @@
+---
+title: "ferrt"
+openapi-schema: logs-schema ferrt
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/fertft.mdx b/main/docs/tenant-logs/fertft.mdx
new file mode 100644
index 0000000000..0aaf6c48f8
--- /dev/null
+++ b/main/docs/tenant-logs/fertft.mdx
@@ -0,0 +1,8 @@
+---
+title: "fertft"
+openapi-schema: logs-schema fertft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/feta.mdx b/main/docs/tenant-logs/feta.mdx
new file mode 100644
index 0000000000..a9291eda52
--- /dev/null
+++ b/main/docs/tenant-logs/feta.mdx
@@ -0,0 +1,8 @@
+---
+title: "feta"
+openapi-schema: logs-schema feta
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/fi.mdx b/main/docs/tenant-logs/fi.mdx
new file mode 100644
index 0000000000..82d81ffbb5
--- /dev/null
+++ b/main/docs/tenant-logs/fi.mdx
@@ -0,0 +1,8 @@
+---
+title: "fi"
+openapi-schema: logs-schema fi
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/flo.mdx b/main/docs/tenant-logs/flo.mdx
new file mode 100644
index 0000000000..380c25693e
--- /dev/null
+++ b/main/docs/tenant-logs/flo.mdx
@@ -0,0 +1,8 @@
+---
+title: "flo"
+openapi-schema: logs-schema flo
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/flows-execution-completed.mdx b/main/docs/tenant-logs/flows-execution-completed.mdx
new file mode 100644
index 0000000000..2e2d14a576
--- /dev/null
+++ b/main/docs/tenant-logs/flows-execution-completed.mdx
@@ -0,0 +1,8 @@
+---
+title: "flows_execution_completed"
+openapi-schema: logs-schema flows_execution_completed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/flows-execution-failed.mdx b/main/docs/tenant-logs/flows-execution-failed.mdx
new file mode 100644
index 0000000000..c26ffda221
--- /dev/null
+++ b/main/docs/tenant-logs/flows-execution-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "flows_execution_failed"
+openapi-schema: logs-schema flows_execution_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/fn.mdx b/main/docs/tenant-logs/fn.mdx
new file mode 100644
index 0000000000..65d425531a
--- /dev/null
+++ b/main/docs/tenant-logs/fn.mdx
@@ -0,0 +1,8 @@
+---
+title: "fn"
+openapi-schema: logs-schema fn
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/forms-submission-failed.mdx b/main/docs/tenant-logs/forms-submission-failed.mdx
new file mode 100644
index 0000000000..d1430e8d3c
--- /dev/null
+++ b/main/docs/tenant-logs/forms-submission-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "forms_submission_failed"
+openapi-schema: logs-schema forms_submission_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/forms-submission-succeeded.mdx b/main/docs/tenant-logs/forms-submission-succeeded.mdx
new file mode 100644
index 0000000000..ed06e7e147
--- /dev/null
+++ b/main/docs/tenant-logs/forms-submission-succeeded.mdx
@@ -0,0 +1,8 @@
+---
+title: "forms_submission_succeeded"
+openapi-schema: logs-schema forms_submission_succeeded
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/fp.mdx b/main/docs/tenant-logs/fp.mdx
new file mode 100644
index 0000000000..7a390ff18d
--- /dev/null
+++ b/main/docs/tenant-logs/fp.mdx
@@ -0,0 +1,8 @@
+---
+title: "fp"
+openapi-schema: logs-schema fp
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/fpar.mdx b/main/docs/tenant-logs/fpar.mdx
new file mode 100644
index 0000000000..fc4f4f5d48
--- /dev/null
+++ b/main/docs/tenant-logs/fpar.mdx
@@ -0,0 +1,8 @@
+---
+title: "fpar"
+openapi-schema: logs-schema fpar
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/fpurh.mdx b/main/docs/tenant-logs/fpurh.mdx
new file mode 100644
index 0000000000..ec6cfbb1ba
--- /dev/null
+++ b/main/docs/tenant-logs/fpurh.mdx
@@ -0,0 +1,8 @@
+---
+title: "fpurh"
+openapi-schema: logs-schema fpurh
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/fs.mdx b/main/docs/tenant-logs/fs.mdx
new file mode 100644
index 0000000000..5d7a8ccc5e
--- /dev/null
+++ b/main/docs/tenant-logs/fs.mdx
@@ -0,0 +1,8 @@
+---
+title: "fs"
+openapi-schema: logs-schema fs
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/fsa.mdx b/main/docs/tenant-logs/fsa.mdx
new file mode 100644
index 0000000000..85d76a0d6e
--- /dev/null
+++ b/main/docs/tenant-logs/fsa.mdx
@@ -0,0 +1,8 @@
+---
+title: "fsa"
+openapi-schema: logs-schema fsa
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/fu.mdx b/main/docs/tenant-logs/fu.mdx
new file mode 100644
index 0000000000..fbb24dbbd1
--- /dev/null
+++ b/main/docs/tenant-logs/fu.mdx
@@ -0,0 +1,8 @@
+---
+title: "fu"
+openapi-schema: logs-schema fu
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/fui.mdx b/main/docs/tenant-logs/fui.mdx
new file mode 100644
index 0000000000..617702e09c
--- /dev/null
+++ b/main/docs/tenant-logs/fui.mdx
@@ -0,0 +1,8 @@
+---
+title: "fui"
+openapi-schema: logs-schema fui
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/fv.mdx b/main/docs/tenant-logs/fv.mdx
new file mode 100644
index 0000000000..280c6dcd13
--- /dev/null
+++ b/main/docs/tenant-logs/fv.mdx
@@ -0,0 +1,8 @@
+---
+title: "fv"
+openapi-schema: logs-schema fv
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/fvr.mdx b/main/docs/tenant-logs/fvr.mdx
new file mode 100644
index 0000000000..256b2aaa00
--- /dev/null
+++ b/main/docs/tenant-logs/fvr.mdx
@@ -0,0 +1,8 @@
+---
+title: "fvr"
+openapi-schema: logs-schema fvr
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/gd-auth-email-verification.mdx b/main/docs/tenant-logs/gd-auth-email-verification.mdx
new file mode 100644
index 0000000000..e51a9268e3
--- /dev/null
+++ b/main/docs/tenant-logs/gd-auth-email-verification.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_auth_email_verification"
+openapi-schema: logs-schema gd_auth_email_verification
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/gd-auth-failed.mdx b/main/docs/tenant-logs/gd-auth-failed.mdx
new file mode 100644
index 0000000000..c1cfc3e34e
--- /dev/null
+++ b/main/docs/tenant-logs/gd-auth-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_auth_failed"
+openapi-schema: logs-schema gd_auth_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/gd-auth-rejected.mdx b/main/docs/tenant-logs/gd-auth-rejected.mdx
new file mode 100644
index 0000000000..90d462b4a8
--- /dev/null
+++ b/main/docs/tenant-logs/gd-auth-rejected.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_auth_rejected"
+openapi-schema: logs-schema gd_auth_rejected
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/gd-auth-succeed.mdx b/main/docs/tenant-logs/gd-auth-succeed.mdx
new file mode 100644
index 0000000000..e269d0d51f
--- /dev/null
+++ b/main/docs/tenant-logs/gd-auth-succeed.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_auth_succeed"
+openapi-schema: logs-schema gd_auth_succeed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/gd-enrollment-complete.mdx b/main/docs/tenant-logs/gd-enrollment-complete.mdx
new file mode 100644
index 0000000000..06f570abc8
--- /dev/null
+++ b/main/docs/tenant-logs/gd-enrollment-complete.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_enrollment_complete"
+openapi-schema: logs-schema gd_enrollment_complete
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/gd-otp-rate-limit-exceed.mdx b/main/docs/tenant-logs/gd-otp-rate-limit-exceed.mdx
new file mode 100644
index 0000000000..b086a7624a
--- /dev/null
+++ b/main/docs/tenant-logs/gd-otp-rate-limit-exceed.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_otp_rate_limit_exceed"
+openapi-schema: logs-schema gd_otp_rate_limit_exceed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/gd-recovery-failed.mdx b/main/docs/tenant-logs/gd-recovery-failed.mdx
new file mode 100644
index 0000000000..e3cc0eca69
--- /dev/null
+++ b/main/docs/tenant-logs/gd-recovery-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_recovery_failed"
+openapi-schema: logs-schema gd_recovery_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/gd-recovery-succeed.mdx b/main/docs/tenant-logs/gd-recovery-succeed.mdx
new file mode 100644
index 0000000000..772002bdb8
--- /dev/null
+++ b/main/docs/tenant-logs/gd-recovery-succeed.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_recovery_succeed"
+openapi-schema: logs-schema gd_recovery_succeed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/gd-send-email-verification.mdx b/main/docs/tenant-logs/gd-send-email-verification.mdx
new file mode 100644
index 0000000000..187545f53d
--- /dev/null
+++ b/main/docs/tenant-logs/gd-send-email-verification.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_send_email_verification"
+openapi-schema: logs-schema gd_send_email_verification
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/gd-send-email.mdx b/main/docs/tenant-logs/gd-send-email.mdx
new file mode 100644
index 0000000000..e150179892
--- /dev/null
+++ b/main/docs/tenant-logs/gd-send-email.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_send_email"
+openapi-schema: logs-schema gd_send_email
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/gd-send-pn-failure.mdx b/main/docs/tenant-logs/gd-send-pn-failure.mdx
new file mode 100644
index 0000000000..3b912b9196
--- /dev/null
+++ b/main/docs/tenant-logs/gd-send-pn-failure.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_send_pn_failure"
+openapi-schema: logs-schema gd_send_pn_failure
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/gd-send-pn.mdx b/main/docs/tenant-logs/gd-send-pn.mdx
new file mode 100644
index 0000000000..afd6bdc89a
--- /dev/null
+++ b/main/docs/tenant-logs/gd-send-pn.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_send_pn"
+openapi-schema: logs-schema gd_send_pn
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/gd-send-sms-failure.mdx b/main/docs/tenant-logs/gd-send-sms-failure.mdx
new file mode 100644
index 0000000000..ac8857a2d8
--- /dev/null
+++ b/main/docs/tenant-logs/gd-send-sms-failure.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_send_sms_failure"
+openapi-schema: logs-schema gd_send_sms_failure
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/gd-send-sms.mdx b/main/docs/tenant-logs/gd-send-sms.mdx
new file mode 100644
index 0000000000..3786da58d9
--- /dev/null
+++ b/main/docs/tenant-logs/gd-send-sms.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_send_sms"
+openapi-schema: logs-schema gd_send_sms
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/gd-send-voice-failure.mdx b/main/docs/tenant-logs/gd-send-voice-failure.mdx
new file mode 100644
index 0000000000..f0ed2a8de6
--- /dev/null
+++ b/main/docs/tenant-logs/gd-send-voice-failure.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_send_voice_failure"
+openapi-schema: logs-schema gd_send_voice_failure
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/gd-send-voice.mdx b/main/docs/tenant-logs/gd-send-voice.mdx
new file mode 100644
index 0000000000..3114e5927c
--- /dev/null
+++ b/main/docs/tenant-logs/gd-send-voice.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_send_voice"
+openapi-schema: logs-schema gd_send_voice
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/gd-start-auth.mdx b/main/docs/tenant-logs/gd-start-auth.mdx
new file mode 100644
index 0000000000..cb736e7d2e
--- /dev/null
+++ b/main/docs/tenant-logs/gd-start-auth.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_start_auth"
+openapi-schema: logs-schema gd_start_auth
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/gd-start-enroll-failed.mdx b/main/docs/tenant-logs/gd-start-enroll-failed.mdx
new file mode 100644
index 0000000000..f2ae5850df
--- /dev/null
+++ b/main/docs/tenant-logs/gd-start-enroll-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_start_enroll_failed"
+openapi-schema: logs-schema gd_start_enroll_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/gd-start-enroll.mdx b/main/docs/tenant-logs/gd-start-enroll.mdx
new file mode 100644
index 0000000000..44c9f579eb
--- /dev/null
+++ b/main/docs/tenant-logs/gd-start-enroll.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_start_enroll"
+openapi-schema: logs-schema gd_start_enroll
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/gd-tenant-update.mdx b/main/docs/tenant-logs/gd-tenant-update.mdx
new file mode 100644
index 0000000000..98fa966065
--- /dev/null
+++ b/main/docs/tenant-logs/gd-tenant-update.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_tenant_update"
+openapi-schema: logs-schema gd_tenant_update
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/gd-unenroll.mdx b/main/docs/tenant-logs/gd-unenroll.mdx
new file mode 100644
index 0000000000..a370502d66
--- /dev/null
+++ b/main/docs/tenant-logs/gd-unenroll.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_unenroll"
+openapi-schema: logs-schema gd_unenroll
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/gd-update-device-account.mdx b/main/docs/tenant-logs/gd-update-device-account.mdx
new file mode 100644
index 0000000000..a7d9891041
--- /dev/null
+++ b/main/docs/tenant-logs/gd-update-device-account.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_update_device_account"
+openapi-schema: logs-schema gd_update_device_account
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/gd-webauthn-challenge-failed.mdx b/main/docs/tenant-logs/gd-webauthn-challenge-failed.mdx
new file mode 100644
index 0000000000..c23e6ed06c
--- /dev/null
+++ b/main/docs/tenant-logs/gd-webauthn-challenge-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_webauthn_challenge_failed"
+openapi-schema: logs-schema gd_webauthn_challenge_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/gd-webauthn-enrollment-failed.mdx b/main/docs/tenant-logs/gd-webauthn-enrollment-failed.mdx
new file mode 100644
index 0000000000..4b88d66d4d
--- /dev/null
+++ b/main/docs/tenant-logs/gd-webauthn-enrollment-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "gd_webauthn_enrollment_failed"
+openapi-schema: logs-schema gd_webauthn_enrollment_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/idjag-exchange-failed.mdx b/main/docs/tenant-logs/idjag-exchange-failed.mdx
new file mode 100644
index 0000000000..c293757ebb
--- /dev/null
+++ b/main/docs/tenant-logs/idjag-exchange-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "idjag_exchange_failed"
+openapi-schema: logs-schema idjag_exchange_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/idjag-exchange-succeeded.mdx b/main/docs/tenant-logs/idjag-exchange-succeeded.mdx
new file mode 100644
index 0000000000..68d9c9038b
--- /dev/null
+++ b/main/docs/tenant-logs/idjag-exchange-succeeded.mdx
@@ -0,0 +1,8 @@
+---
+title: "idjag_exchange_succeeded"
+openapi-schema: logs-schema idjag_exchange_succeeded
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/jwt-bearer-exchange-failed.mdx b/main/docs/tenant-logs/jwt-bearer-exchange-failed.mdx
new file mode 100644
index 0000000000..1aa3b3e2b9
--- /dev/null
+++ b/main/docs/tenant-logs/jwt-bearer-exchange-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "jwt_bearer_exchange_failed"
+openapi-schema: logs-schema jwt_bearer_exchange_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/kms-key-management-failure.mdx b/main/docs/tenant-logs/kms-key-management-failure.mdx
new file mode 100644
index 0000000000..fd40918e33
--- /dev/null
+++ b/main/docs/tenant-logs/kms-key-management-failure.mdx
@@ -0,0 +1,8 @@
+---
+title: "kms_key_management_failure"
+openapi-schema: logs-schema kms_key_management_failure
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/kms-key-management-success.mdx b/main/docs/tenant-logs/kms-key-management-success.mdx
new file mode 100644
index 0000000000..513f2ca254
--- /dev/null
+++ b/main/docs/tenant-logs/kms-key-management-success.mdx
@@ -0,0 +1,8 @@
+---
+title: "kms_key_management_success"
+openapi-schema: logs-schema kms_key_management_success
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/kms-key-state-changed.mdx b/main/docs/tenant-logs/kms-key-state-changed.mdx
new file mode 100644
index 0000000000..5cfe421d0e
--- /dev/null
+++ b/main/docs/tenant-logs/kms-key-state-changed.mdx
@@ -0,0 +1,8 @@
+---
+title: "kms_key_state_changed"
+openapi-schema: logs-schema kms_key_state_changed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/limit-delegation.mdx b/main/docs/tenant-logs/limit-delegation.mdx
new file mode 100644
index 0000000000..17b075b265
--- /dev/null
+++ b/main/docs/tenant-logs/limit-delegation.mdx
@@ -0,0 +1,8 @@
+---
+title: "limit_delegation"
+openapi-schema: logs-schema limit_delegation
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/limit-mu.mdx b/main/docs/tenant-logs/limit-mu.mdx
new file mode 100644
index 0000000000..5b498c817d
--- /dev/null
+++ b/main/docs/tenant-logs/limit-mu.mdx
@@ -0,0 +1,8 @@
+---
+title: "limit_mu"
+openapi-schema: logs-schema limit_mu
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/limit-sul.mdx b/main/docs/tenant-logs/limit-sul.mdx
new file mode 100644
index 0000000000..a654e1dc20
--- /dev/null
+++ b/main/docs/tenant-logs/limit-sul.mdx
@@ -0,0 +1,8 @@
+---
+title: "limit_sul"
+openapi-schema: logs-schema limit_sul
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/limit-wc.mdx b/main/docs/tenant-logs/limit-wc.mdx
new file mode 100644
index 0000000000..d39359ab21
--- /dev/null
+++ b/main/docs/tenant-logs/limit-wc.mdx
@@ -0,0 +1,8 @@
+---
+title: "limit_wc"
+openapi-schema: logs-schema limit_wc
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/mfar.mdx b/main/docs/tenant-logs/mfar.mdx
new file mode 100644
index 0000000000..f68d8f6a7f
--- /dev/null
+++ b/main/docs/tenant-logs/mfar.mdx
@@ -0,0 +1,8 @@
+---
+title: "mfar"
+openapi-schema: logs-schema mfar
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/mgmt-api-read.mdx b/main/docs/tenant-logs/mgmt-api-read.mdx
new file mode 100644
index 0000000000..226da10318
--- /dev/null
+++ b/main/docs/tenant-logs/mgmt-api-read.mdx
@@ -0,0 +1,8 @@
+---
+title: "mgmt_api_read"
+openapi-schema: logs-schema mgmt_api_read
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/my-account-authentication-method-failed.mdx b/main/docs/tenant-logs/my-account-authentication-method-failed.mdx
new file mode 100644
index 0000000000..fa5e7388ff
--- /dev/null
+++ b/main/docs/tenant-logs/my-account-authentication-method-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "my_account_authentication_method_failed"
+openapi-schema: logs-schema my_account_authentication_method_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/my-account-authentication-method-succeeded.mdx b/main/docs/tenant-logs/my-account-authentication-method-succeeded.mdx
new file mode 100644
index 0000000000..eedc3a64fd
--- /dev/null
+++ b/main/docs/tenant-logs/my-account-authentication-method-succeeded.mdx
@@ -0,0 +1,8 @@
+---
+title: "my_account_authentication_method_succeeded"
+openapi-schema: logs-schema my_account_authentication_method_succeeded
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/oidc-backchannel-logout-failed.mdx b/main/docs/tenant-logs/oidc-backchannel-logout-failed.mdx
new file mode 100644
index 0000000000..8b738d1af6
--- /dev/null
+++ b/main/docs/tenant-logs/oidc-backchannel-logout-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "oidc_backchannel_logout_failed"
+openapi-schema: logs-schema oidc_backchannel_logout_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/oidc-backchannel-logout-succeeded.mdx b/main/docs/tenant-logs/oidc-backchannel-logout-succeeded.mdx
new file mode 100644
index 0000000000..319ff6aa79
--- /dev/null
+++ b/main/docs/tenant-logs/oidc-backchannel-logout-succeeded.mdx
@@ -0,0 +1,8 @@
+---
+title: "oidc_backchannel_logout_succeeded"
+openapi-schema: logs-schema oidc_backchannel_logout_succeeded
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/organization-member-added.mdx b/main/docs/tenant-logs/organization-member-added.mdx
new file mode 100644
index 0000000000..92ec6c12e0
--- /dev/null
+++ b/main/docs/tenant-logs/organization-member-added.mdx
@@ -0,0 +1,8 @@
+---
+title: "organization_member_added"
+openapi-schema: logs-schema organization_member_added
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/passkey-challenge-failed.mdx b/main/docs/tenant-logs/passkey-challenge-failed.mdx
new file mode 100644
index 0000000000..a3add7282a
--- /dev/null
+++ b/main/docs/tenant-logs/passkey-challenge-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "passkey_challenge_failed"
+openapi-schema: logs-schema passkey_challenge_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/passkey-challenge-started.mdx b/main/docs/tenant-logs/passkey-challenge-started.mdx
new file mode 100644
index 0000000000..73169904cf
--- /dev/null
+++ b/main/docs/tenant-logs/passkey-challenge-started.mdx
@@ -0,0 +1,8 @@
+---
+title: "passkey_challenge_started"
+openapi-schema: logs-schema passkey_challenge_started
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/pla.mdx b/main/docs/tenant-logs/pla.mdx
new file mode 100644
index 0000000000..dcea887320
--- /dev/null
+++ b/main/docs/tenant-logs/pla.mdx
@@ -0,0 +1,8 @@
+---
+title: "pla"
+openapi-schema: logs-schema pla
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/pwd-leak.mdx b/main/docs/tenant-logs/pwd-leak.mdx
new file mode 100644
index 0000000000..0a6e41c02a
--- /dev/null
+++ b/main/docs/tenant-logs/pwd-leak.mdx
@@ -0,0 +1,8 @@
+---
+title: "pwd_leak"
+openapi-schema: logs-schema pwd_leak
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/reset-pwd-leak.mdx b/main/docs/tenant-logs/reset-pwd-leak.mdx
new file mode 100644
index 0000000000..94e030f89f
--- /dev/null
+++ b/main/docs/tenant-logs/reset-pwd-leak.mdx
@@ -0,0 +1,8 @@
+---
+title: "reset_pwd_leak"
+openapi-schema: logs-schema reset_pwd_leak
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/resource-cleanup.mdx b/main/docs/tenant-logs/resource-cleanup.mdx
new file mode 100644
index 0000000000..fc95ffa07f
--- /dev/null
+++ b/main/docs/tenant-logs/resource-cleanup.mdx
@@ -0,0 +1,8 @@
+---
+title: "resource_cleanup"
+openapi-schema: logs-schema resource_cleanup
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/rich-consents-access-error.mdx b/main/docs/tenant-logs/rich-consents-access-error.mdx
new file mode 100644
index 0000000000..f53e4232f8
--- /dev/null
+++ b/main/docs/tenant-logs/rich-consents-access-error.mdx
@@ -0,0 +1,8 @@
+---
+title: "rich_consents_access_error"
+openapi-schema: logs-schema rich_consents_access_error
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/s.mdx b/main/docs/tenant-logs/s.mdx
new file mode 100644
index 0000000000..605f6d0d08
--- /dev/null
+++ b/main/docs/tenant-logs/s.mdx
@@ -0,0 +1,8 @@
+---
+title: "s"
+openapi-schema: logs-schema s
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/sapi.mdx b/main/docs/tenant-logs/sapi.mdx
new file mode 100644
index 0000000000..497a8b2bb3
--- /dev/null
+++ b/main/docs/tenant-logs/sapi.mdx
@@ -0,0 +1,8 @@
+---
+title: "sapi"
+openapi-schema: logs-schema sapi
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/sce.mdx b/main/docs/tenant-logs/sce.mdx
new file mode 100644
index 0000000000..3a165712cb
--- /dev/null
+++ b/main/docs/tenant-logs/sce.mdx
@@ -0,0 +1,8 @@
+---
+title: "sce"
+openapi-schema: logs-schema sce
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/scoa.mdx b/main/docs/tenant-logs/scoa.mdx
new file mode 100644
index 0000000000..d273e29cd6
--- /dev/null
+++ b/main/docs/tenant-logs/scoa.mdx
@@ -0,0 +1,8 @@
+---
+title: "scoa"
+openapi-schema: logs-schema scoa
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/scp.mdx b/main/docs/tenant-logs/scp.mdx
new file mode 100644
index 0000000000..345ade5df9
--- /dev/null
+++ b/main/docs/tenant-logs/scp.mdx
@@ -0,0 +1,8 @@
+---
+title: "scp"
+openapi-schema: logs-schema scp
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/scpn.mdx b/main/docs/tenant-logs/scpn.mdx
new file mode 100644
index 0000000000..dff793be4c
--- /dev/null
+++ b/main/docs/tenant-logs/scpn.mdx
@@ -0,0 +1,8 @@
+---
+title: "scpn"
+openapi-schema: logs-schema scpn
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/scpr.mdx b/main/docs/tenant-logs/scpr.mdx
new file mode 100644
index 0000000000..086f62e7c1
--- /dev/null
+++ b/main/docs/tenant-logs/scpr.mdx
@@ -0,0 +1,8 @@
+---
+title: "scpr"
+openapi-schema: logs-schema scpr
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/scu.mdx b/main/docs/tenant-logs/scu.mdx
new file mode 100644
index 0000000000..37d22a20b7
--- /dev/null
+++ b/main/docs/tenant-logs/scu.mdx
@@ -0,0 +1,8 @@
+---
+title: "scu"
+openapi-schema: logs-schema scu
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/scv.mdx b/main/docs/tenant-logs/scv.mdx
new file mode 100644
index 0000000000..a02d110359
--- /dev/null
+++ b/main/docs/tenant-logs/scv.mdx
@@ -0,0 +1,8 @@
+---
+title: "scv"
+openapi-schema: logs-schema scv
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/sd.mdx b/main/docs/tenant-logs/sd.mdx
new file mode 100644
index 0000000000..7e41706031
--- /dev/null
+++ b/main/docs/tenant-logs/sd.mdx
@@ -0,0 +1,8 @@
+---
+title: "sd"
+openapi-schema: logs-schema sd
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/sdu.mdx b/main/docs/tenant-logs/sdu.mdx
new file mode 100644
index 0000000000..9881eb1bd7
--- /dev/null
+++ b/main/docs/tenant-logs/sdu.mdx
@@ -0,0 +1,8 @@
+---
+title: "sdu"
+openapi-schema: logs-schema sdu
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/seacft.mdx b/main/docs/tenant-logs/seacft.mdx
new file mode 100644
index 0000000000..73139c2a20
--- /dev/null
+++ b/main/docs/tenant-logs/seacft.mdx
@@ -0,0 +1,8 @@
+---
+title: "seacft"
+openapi-schema: logs-schema seacft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/seccft.mdx b/main/docs/tenant-logs/seccft.mdx
new file mode 100644
index 0000000000..3f60a864ed
--- /dev/null
+++ b/main/docs/tenant-logs/seccft.mdx
@@ -0,0 +1,8 @@
+---
+title: "seccft"
+openapi-schema: logs-schema seccft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/secte.mdx b/main/docs/tenant-logs/secte.mdx
new file mode 100644
index 0000000000..995b0b68c4
--- /dev/null
+++ b/main/docs/tenant-logs/secte.mdx
@@ -0,0 +1,8 @@
+---
+title: "secte"
+openapi-schema: logs-schema secte
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/sede.mdx b/main/docs/tenant-logs/sede.mdx
new file mode 100644
index 0000000000..3312eb9d2b
--- /dev/null
+++ b/main/docs/tenant-logs/sede.mdx
@@ -0,0 +1,8 @@
+---
+title: "sede"
+openapi-schema: logs-schema sede
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/sens.mdx b/main/docs/tenant-logs/sens.mdx
new file mode 100644
index 0000000000..a6ad7179d6
--- /dev/null
+++ b/main/docs/tenant-logs/sens.mdx
@@ -0,0 +1,8 @@
+---
+title: "sens"
+openapi-schema: logs-schema sens
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/seoobft.mdx b/main/docs/tenant-logs/seoobft.mdx
new file mode 100644
index 0000000000..5b45b1cbca
--- /dev/null
+++ b/main/docs/tenant-logs/seoobft.mdx
@@ -0,0 +1,8 @@
+---
+title: "seoobft"
+openapi-schema: logs-schema seoobft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/seotpft.mdx b/main/docs/tenant-logs/seotpft.mdx
new file mode 100644
index 0000000000..77037e5b39
--- /dev/null
+++ b/main/docs/tenant-logs/seotpft.mdx
@@ -0,0 +1,8 @@
+---
+title: "seotpft"
+openapi-schema: logs-schema seotpft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/sepft.mdx b/main/docs/tenant-logs/sepft.mdx
new file mode 100644
index 0000000000..cbbf4cf464
--- /dev/null
+++ b/main/docs/tenant-logs/sepft.mdx
@@ -0,0 +1,8 @@
+---
+title: "sepft"
+openapi-schema: logs-schema sepft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/sepkoobft.mdx b/main/docs/tenant-logs/sepkoobft.mdx
new file mode 100644
index 0000000000..881f3e2952
--- /dev/null
+++ b/main/docs/tenant-logs/sepkoobft.mdx
@@ -0,0 +1,8 @@
+---
+title: "sepkoobft"
+openapi-schema: logs-schema sepkoobft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/sepkotpft.mdx b/main/docs/tenant-logs/sepkotpft.mdx
new file mode 100644
index 0000000000..a406744075
--- /dev/null
+++ b/main/docs/tenant-logs/sepkotpft.mdx
@@ -0,0 +1,8 @@
+---
+title: "sepkotpft"
+openapi-schema: logs-schema sepkotpft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/sepkrcft.mdx b/main/docs/tenant-logs/sepkrcft.mdx
new file mode 100644
index 0000000000..de2c7c1ba3
--- /dev/null
+++ b/main/docs/tenant-logs/sepkrcft.mdx
@@ -0,0 +1,8 @@
+---
+title: "sepkrcft"
+openapi-schema: logs-schema sepkrcft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/sercft.mdx b/main/docs/tenant-logs/sercft.mdx
new file mode 100644
index 0000000000..40adba2620
--- /dev/null
+++ b/main/docs/tenant-logs/sercft.mdx
@@ -0,0 +1,8 @@
+---
+title: "sercft"
+openapi-schema: logs-schema sercft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/sertft.mdx b/main/docs/tenant-logs/sertft.mdx
new file mode 100644
index 0000000000..0b243788d4
--- /dev/null
+++ b/main/docs/tenant-logs/sertft.mdx
@@ -0,0 +1,8 @@
+---
+title: "sertft"
+openapi-schema: logs-schema sertft
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/seta.mdx b/main/docs/tenant-logs/seta.mdx
new file mode 100644
index 0000000000..d074c7ae31
--- /dev/null
+++ b/main/docs/tenant-logs/seta.mdx
@@ -0,0 +1,8 @@
+---
+title: "seta"
+openapi-schema: logs-schema seta
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/si.mdx b/main/docs/tenant-logs/si.mdx
new file mode 100644
index 0000000000..72c2f09f23
--- /dev/null
+++ b/main/docs/tenant-logs/si.mdx
@@ -0,0 +1,8 @@
+---
+title: "si"
+openapi-schema: logs-schema si
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/slo.mdx b/main/docs/tenant-logs/slo.mdx
new file mode 100644
index 0000000000..ff4363f456
--- /dev/null
+++ b/main/docs/tenant-logs/slo.mdx
@@ -0,0 +1,8 @@
+---
+title: "slo"
+openapi-schema: logs-schema slo
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/srrt.mdx b/main/docs/tenant-logs/srrt.mdx
new file mode 100644
index 0000000000..81f076c6fc
--- /dev/null
+++ b/main/docs/tenant-logs/srrt.mdx
@@ -0,0 +1,8 @@
+---
+title: "srrt"
+openapi-schema: logs-schema srrt
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/ss-sso-failure.mdx b/main/docs/tenant-logs/ss-sso-failure.mdx
new file mode 100644
index 0000000000..1d25d3e806
--- /dev/null
+++ b/main/docs/tenant-logs/ss-sso-failure.mdx
@@ -0,0 +1,8 @@
+---
+title: "ss_sso_failure"
+openapi-schema: logs-schema ss_sso_failure
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/ss-sso-info.mdx b/main/docs/tenant-logs/ss-sso-info.mdx
new file mode 100644
index 0000000000..4e4229619b
--- /dev/null
+++ b/main/docs/tenant-logs/ss-sso-info.mdx
@@ -0,0 +1,8 @@
+---
+title: "ss_sso_info"
+openapi-schema: logs-schema ss_sso_info
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/ss-sso-success.mdx b/main/docs/tenant-logs/ss-sso-success.mdx
new file mode 100644
index 0000000000..77e6c9f58e
--- /dev/null
+++ b/main/docs/tenant-logs/ss-sso-success.mdx
@@ -0,0 +1,8 @@
+---
+title: "ss_sso_success"
+openapi-schema: logs-schema ss_sso_success
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/ss.mdx b/main/docs/tenant-logs/ss.mdx
new file mode 100644
index 0000000000..fcfc483432
--- /dev/null
+++ b/main/docs/tenant-logs/ss.mdx
@@ -0,0 +1,8 @@
+---
+title: "ss"
+openapi-schema: logs-schema ss
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/ssa.mdx b/main/docs/tenant-logs/ssa.mdx
new file mode 100644
index 0000000000..f715eba897
--- /dev/null
+++ b/main/docs/tenant-logs/ssa.mdx
@@ -0,0 +1,8 @@
+---
+title: "ssa"
+openapi-schema: logs-schema ssa
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/sscim.mdx b/main/docs/tenant-logs/sscim.mdx
new file mode 100644
index 0000000000..cd5bb39f74
--- /dev/null
+++ b/main/docs/tenant-logs/sscim.mdx
@@ -0,0 +1,8 @@
+---
+title: "sscim"
+openapi-schema: logs-schema sscim
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/success-on-behalf-of-token-exchange.mdx b/main/docs/tenant-logs/success-on-behalf-of-token-exchange.mdx
new file mode 100644
index 0000000000..dc5ca0bd5e
--- /dev/null
+++ b/main/docs/tenant-logs/success-on-behalf-of-token-exchange.mdx
@@ -0,0 +1,8 @@
+---
+title: "success_on_behalf_of_token_exchange"
+openapi-schema: logs-schema success_on_behalf_of_token_exchange
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/sui.mdx b/main/docs/tenant-logs/sui.mdx
new file mode 100644
index 0000000000..1931449e95
--- /dev/null
+++ b/main/docs/tenant-logs/sui.mdx
@@ -0,0 +1,8 @@
+---
+title: "sui"
+openapi-schema: logs-schema sui
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/sv.mdx b/main/docs/tenant-logs/sv.mdx
new file mode 100644
index 0000000000..48923d952b
--- /dev/null
+++ b/main/docs/tenant-logs/sv.mdx
@@ -0,0 +1,8 @@
+---
+title: "sv"
+openapi-schema: logs-schema sv
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/svr.mdx b/main/docs/tenant-logs/svr.mdx
new file mode 100644
index 0000000000..aaae129b0a
--- /dev/null
+++ b/main/docs/tenant-logs/svr.mdx
@@ -0,0 +1,8 @@
+---
+title: "svr"
+openapi-schema: logs-schema svr
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/ublkdu.mdx b/main/docs/tenant-logs/ublkdu.mdx
new file mode 100644
index 0000000000..74f56a3dfb
--- /dev/null
+++ b/main/docs/tenant-logs/ublkdu.mdx
@@ -0,0 +1,8 @@
+---
+title: "ublkdu"
+openapi-schema: logs-schema ublkdu
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/universal-logout-failed.mdx b/main/docs/tenant-logs/universal-logout-failed.mdx
new file mode 100644
index 0000000000..2e0b2cef76
--- /dev/null
+++ b/main/docs/tenant-logs/universal-logout-failed.mdx
@@ -0,0 +1,8 @@
+---
+title: "universal_logout_failed"
+openapi-schema: logs-schema universal_logout_failed
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/universal-logout-succeeded.mdx b/main/docs/tenant-logs/universal-logout-succeeded.mdx
new file mode 100644
index 0000000000..88028bfa57
--- /dev/null
+++ b/main/docs/tenant-logs/universal-logout-succeeded.mdx
@@ -0,0 +1,8 @@
+---
+title: "universal_logout_succeeded"
+openapi-schema: logs-schema universal_logout_succeeded
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/w.mdx b/main/docs/tenant-logs/w.mdx
new file mode 100644
index 0000000000..1897650298
--- /dev/null
+++ b/main/docs/tenant-logs/w.mdx
@@ -0,0 +1,8 @@
+---
+title: "w"
+openapi-schema: logs-schema w
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/wn.mdx b/main/docs/tenant-logs/wn.mdx
new file mode 100644
index 0000000000..eed7deaeed
--- /dev/null
+++ b/main/docs/tenant-logs/wn.mdx
@@ -0,0 +1,8 @@
+---
+title: "wn"
+openapi-schema: logs-schema wn
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+
diff --git a/main/docs/tenant-logs/wum.mdx b/main/docs/tenant-logs/wum.mdx
new file mode 100644
index 0000000000..35c7a69b84
--- /dev/null
+++ b/main/docs/tenant-logs/wum.mdx
@@ -0,0 +1,8 @@
+---
+title: "wum"
+openapi-schema: logs-schema wum
+---
+
+import { ApiSectionTitle } from "/snippets/ApiSectionTitle.jsx";
+
+