From b4c8f7ccbc72d08e78f2ad5a01a65a73f3300600 Mon Sep 17 00:00:00 2001 From: tafarij Date: Thu, 1 Feb 2024 21:11:43 +0000 Subject: [PATCH] update schema files --- logs/all-log-types.schema.json | 13363 ++++++++++++++++ logs/log-types/api_limit.schema.json | 123 + logs/log-types/cls.schema.json | 147 + logs/log-types/cs.schema.json | 186 + logs/log-types/depnote.schema.json | 153 + logs/log-types/f.schema.json | 233 + logs/log-types/fce.schema.json | 116 + logs/log-types/fco.schema.json | 170 + logs/log-types/fcoa.schema.json | 269 + logs/log-types/fcp.schema.json | 190 + logs/log-types/fcph.schema.json | 129 + logs/log-types/fcpn.schema.json | 154 + logs/log-types/fcpr.schema.json | 158 + logs/log-types/fcpro.schema.json | 97 + logs/log-types/fcu.schema.json | 150 + logs/log-types/fd.schema.json | 141 + logs/log-types/fdeac.schema.json | 155 + logs/log-types/fdeaz.schema.json | 162 + logs/log-types/fdecc.schema.json | 85 + logs/log-types/fdu.schema.json | 114 + logs/log-types/feacft.schema.json | 134 + logs/log-types/feccft.schema.json | 144 + logs/log-types/fede.schema.json | 88 + logs/log-types/fens.schema.json | 148 + logs/log-types/feoobft.schema.json | 117 + logs/log-types/feotpft.schema.json | 148 + logs/log-types/fepft.schema.json | 148 + logs/log-types/fepotpft.schema.json | 148 + logs/log-types/fercft.schema.json | 117 + logs/log-types/ferrt.schema.json | 156 + logs/log-types/fertft.schema.json | 157 + logs/log-types/fi.schema.json | 165 + logs/log-types/flo.schema.json | 145 + logs/log-types/fn.schema.json | 72 + logs/log-types/fp.schema.json | 150 + logs/log-types/fpar.schema.json | 201 + logs/log-types/fpurh.schema.json | 108 + logs/log-types/fs.schema.json | 137 + logs/log-types/fsa.schema.json | 138 + logs/log-types/fu.schema.json | 131 + logs/log-types/fv.schema.json | 191 + logs/log-types/fvr.schema.json | 173 + .../gd_auth_email_verification.schema.json | 163 + logs/log-types/gd_auth_failed.schema.json | 219 + logs/log-types/gd_auth_rejected.schema.json | 164 + logs/log-types/gd_auth_succeed.schema.json | 163 + .../gd_enrollment_complete.schema.json | 164 + .../gd_otp_rate_limit_exceed.schema.json | 164 + logs/log-types/gd_recovery_failed.schema.json | 164 + .../log-types/gd_recovery_succeed.schema.json | 163 + logs/log-types/gd_send_email.schema.json | 163 + .../gd_send_email_failure.schema.json | 163 + logs/log-types/gd_send_pn.schema.json | 164 + logs/log-types/gd_send_pn_failure.schema.json | 164 + logs/log-types/gd_send_sms.schema.json | 163 + .../log-types/gd_send_sms_failure.schema.json | 163 + logs/log-types/gd_send_voice.schema.json | 163 + .../gd_send_voice_failure.schema.json | 163 + logs/log-types/gd_start_auth.schema.json | 171 + logs/log-types/gd_start_enroll.schema.json | 163 + .../gd_start_enroll_failed.schema.json | 163 + logs/log-types/gd_tenant_update.schema.json | 163 + logs/log-types/gd_unenroll.schema.json | 163 + .../gd_update_device_account.schema.json | 163 + .../gd_webauthn_challenge_failed.schema.json | 171 + .../gd_webauthn_enrollment_failed.schema.json | 171 + logs/log-types/limit_delegation.schema.json | 76 + logs/log-types/limit_mu.schema.json | 88 + logs/log-types/limit_sul.schema.json | 88 + logs/log-types/limit_wc.schema.json | 88 + logs/log-types/mfar.schema.json | 225 + logs/log-types/mgmt_api_read.schema.json | 245 + ...oidc_backchannel_logout_failed.schema.json | 104 + ...c_backchannel_logout_succeeded.schema.json | 104 + logs/log-types/pla.schema.json | 137 + logs/log-types/pwd_leak.schema.json | 88 + logs/log-types/resource_cleanup.schema.json | 82 + logs/log-types/s.schema.json | 436 + logs/log-types/sapi.schema.json | 139 + logs/log-types/sce.schema.json | 154 + logs/log-types/scoa.schema.json | 424 + logs/log-types/scp.schema.json | 127 + logs/log-types/scph.schema.json | 148 + logs/log-types/scpn.schema.json | 144 + logs/log-types/scpr.schema.json | 162 + logs/log-types/scu.schema.json | 145 + logs/log-types/sd.schema.json | 141 + logs/log-types/sdu.schema.json | 114 + logs/log-types/seacft.schema.json | 143 + logs/log-types/seccft.schema.json | 171 + logs/log-types/sede.schema.json | 111 + logs/log-types/sens.schema.json | 140 + logs/log-types/seoobft.schema.json | 172 + logs/log-types/seotpft.schema.json | 125 + logs/log-types/sepft.schema.json | 169 + logs/log-types/sercft.schema.json | 120 + logs/log-types/sertft.schema.json | 170 + logs/log-types/si.schema.json | 151 + logs/log-types/slo.schema.json | 141 + logs/log-types/srrt.schema.json | 156 + logs/log-types/ss.schema.json | 617 + logs/log-types/ssa.schema.json | 406 + logs/log-types/sui.schema.json | 53 + logs/log-types/sv.schema.json | 172 + logs/log-types/svr.schema.json | 173 + logs/log-types/ublkdu.schema.json | 127 + logs/log-types/w.schema.json | 173 + 107 files changed, 30358 insertions(+) create mode 100644 logs/all-log-types.schema.json create mode 100644 logs/log-types/api_limit.schema.json create mode 100644 logs/log-types/cls.schema.json create mode 100644 logs/log-types/cs.schema.json create mode 100644 logs/log-types/depnote.schema.json create mode 100644 logs/log-types/f.schema.json create mode 100644 logs/log-types/fce.schema.json create mode 100644 logs/log-types/fco.schema.json create mode 100644 logs/log-types/fcoa.schema.json create mode 100644 logs/log-types/fcp.schema.json create mode 100644 logs/log-types/fcph.schema.json create mode 100644 logs/log-types/fcpn.schema.json create mode 100644 logs/log-types/fcpr.schema.json create mode 100644 logs/log-types/fcpro.schema.json create mode 100644 logs/log-types/fcu.schema.json create mode 100644 logs/log-types/fd.schema.json create mode 100644 logs/log-types/fdeac.schema.json create mode 100644 logs/log-types/fdeaz.schema.json create mode 100644 logs/log-types/fdecc.schema.json create mode 100644 logs/log-types/fdu.schema.json create mode 100644 logs/log-types/feacft.schema.json create mode 100644 logs/log-types/feccft.schema.json create mode 100644 logs/log-types/fede.schema.json create mode 100644 logs/log-types/fens.schema.json create mode 100644 logs/log-types/feoobft.schema.json create mode 100644 logs/log-types/feotpft.schema.json create mode 100644 logs/log-types/fepft.schema.json create mode 100644 logs/log-types/fepotpft.schema.json create mode 100644 logs/log-types/fercft.schema.json create mode 100644 logs/log-types/ferrt.schema.json create mode 100644 logs/log-types/fertft.schema.json create mode 100644 logs/log-types/fi.schema.json create mode 100644 logs/log-types/flo.schema.json create mode 100644 logs/log-types/fn.schema.json create mode 100644 logs/log-types/fp.schema.json create mode 100644 logs/log-types/fpar.schema.json create mode 100644 logs/log-types/fpurh.schema.json create mode 100644 logs/log-types/fs.schema.json create mode 100644 logs/log-types/fsa.schema.json create mode 100644 logs/log-types/fu.schema.json create mode 100644 logs/log-types/fv.schema.json create mode 100644 logs/log-types/fvr.schema.json create mode 100644 logs/log-types/gd_auth_email_verification.schema.json create mode 100644 logs/log-types/gd_auth_failed.schema.json create mode 100644 logs/log-types/gd_auth_rejected.schema.json create mode 100644 logs/log-types/gd_auth_succeed.schema.json create mode 100644 logs/log-types/gd_enrollment_complete.schema.json create mode 100644 logs/log-types/gd_otp_rate_limit_exceed.schema.json create mode 100644 logs/log-types/gd_recovery_failed.schema.json create mode 100644 logs/log-types/gd_recovery_succeed.schema.json create mode 100644 logs/log-types/gd_send_email.schema.json create mode 100644 logs/log-types/gd_send_email_failure.schema.json create mode 100644 logs/log-types/gd_send_pn.schema.json create mode 100644 logs/log-types/gd_send_pn_failure.schema.json create mode 100644 logs/log-types/gd_send_sms.schema.json create mode 100644 logs/log-types/gd_send_sms_failure.schema.json create mode 100644 logs/log-types/gd_send_voice.schema.json create mode 100644 logs/log-types/gd_send_voice_failure.schema.json create mode 100644 logs/log-types/gd_start_auth.schema.json create mode 100644 logs/log-types/gd_start_enroll.schema.json create mode 100644 logs/log-types/gd_start_enroll_failed.schema.json create mode 100644 logs/log-types/gd_tenant_update.schema.json create mode 100644 logs/log-types/gd_unenroll.schema.json create mode 100644 logs/log-types/gd_update_device_account.schema.json create mode 100644 logs/log-types/gd_webauthn_challenge_failed.schema.json create mode 100644 logs/log-types/gd_webauthn_enrollment_failed.schema.json create mode 100644 logs/log-types/limit_delegation.schema.json create mode 100644 logs/log-types/limit_mu.schema.json create mode 100644 logs/log-types/limit_sul.schema.json create mode 100644 logs/log-types/limit_wc.schema.json create mode 100644 logs/log-types/mfar.schema.json create mode 100644 logs/log-types/mgmt_api_read.schema.json create mode 100644 logs/log-types/oidc_backchannel_logout_failed.schema.json create mode 100644 logs/log-types/oidc_backchannel_logout_succeeded.schema.json create mode 100644 logs/log-types/pla.schema.json create mode 100644 logs/log-types/pwd_leak.schema.json create mode 100644 logs/log-types/resource_cleanup.schema.json create mode 100644 logs/log-types/s.schema.json create mode 100644 logs/log-types/sapi.schema.json create mode 100644 logs/log-types/sce.schema.json create mode 100644 logs/log-types/scoa.schema.json create mode 100644 logs/log-types/scp.schema.json create mode 100644 logs/log-types/scph.schema.json create mode 100644 logs/log-types/scpn.schema.json create mode 100644 logs/log-types/scpr.schema.json create mode 100644 logs/log-types/scu.schema.json create mode 100644 logs/log-types/sd.schema.json create mode 100644 logs/log-types/sdu.schema.json create mode 100644 logs/log-types/seacft.schema.json create mode 100644 logs/log-types/seccft.schema.json create mode 100644 logs/log-types/sede.schema.json create mode 100644 logs/log-types/sens.schema.json create mode 100644 logs/log-types/seoobft.schema.json create mode 100644 logs/log-types/seotpft.schema.json create mode 100644 logs/log-types/sepft.schema.json create mode 100644 logs/log-types/sercft.schema.json create mode 100644 logs/log-types/sertft.schema.json create mode 100644 logs/log-types/si.schema.json create mode 100644 logs/log-types/slo.schema.json create mode 100644 logs/log-types/srrt.schema.json create mode 100644 logs/log-types/ss.schema.json create mode 100644 logs/log-types/ssa.schema.json create mode 100644 logs/log-types/sui.schema.json create mode 100644 logs/log-types/sv.schema.json create mode 100644 logs/log-types/svr.schema.json create mode 100644 logs/log-types/ublkdu.schema.json create mode 100644 logs/log-types/w.schema.json diff --git a/logs/all-log-types.schema.json b/logs/all-log-types.schema.json new file mode 100644 index 0000000..15ad386 --- /dev/null +++ b/logs/all-log-types.schema.json @@ -0,0 +1,13363 @@ +{ + "$ref": "#/definitions/TenantLog", + "$schema": "http://json-schema.org/draft-07/schema#", + "definitions": { + "ActionExecutions": { + "properties": { + "executions": { + "description": "List of executions triggered by this auth flow. Executions can be retrieved with https://auth0.com/docs/api/management/v2/actions/get-execution", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "executions" + ], + "type": "object" + }, + "Auth0ClientProp": { + "properties": { + "env": { + "type": "object" + }, + "name": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + "AuthDetailsBase": { + "properties": { + "actions": { + "$ref": "#/definitions/ActionExecutions" + }, + "completedAt": { + "type": "number" + }, + "elapsedTime": { + "type": [ + "number", + "null" + ] + }, + "initiatedAt": { + "type": "number" + }, + "prompts": { + "items": { + "$ref": "#/definitions/AuthPrompt" + }, + "type": "array" + }, + "riskAssessment": { + "$ref": "#/definitions/RiskAssessment" + }, + "session_id": { + "type": "string" + } + }, + "type": "object" + }, + "AuthPrompt": { + "properties": { + "coi": { + "type": "string" + }, + "completedAt": { + "type": "number" + }, + "connection": { + "type": "string" + }, + "connection_id": { + "type": "string" + }, + "cov": { + "type": "string" + }, + "elapsedTime": { + "type": [ + "number", + "null" + ] + }, + "flow": { + "type": "string" + }, + "grantInfo": { + "properties": { + "audience": { + "type": "string" + }, + "expiration": { + "type": "string" + }, + "id": { + "type": "string" + }, + "scope": { + "type": "string" + } + }, + "type": "object" + }, + "identity": { + "type": [ + "string", + "number" + ] + }, + "initiatedAt": { + "type": "number" + }, + "name": { + "type": "string" + }, + "passwordless_amr": { + "type": "string" + }, + "performed_acr": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "performed_amr": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "provider": { + "type": [ + "string", + "null" + ] + }, + "requiredCaptcha": { + "type": "boolean" + }, + "session": { + "type": "boolean" + }, + "session_id": { + "type": "string" + }, + "stats": { + "$ref": "#/definitions/LoginsCountStats" + }, + "strategy": { + "type": "string" + }, + "timers": { + "properties": { + "rules": { + "type": "number" + } + }, + "type": "object" + }, + "url": { + "type": "string" + }, + "user_id": { + "type": "string" + }, + "user_name": { + "type": "string" + } + }, + "required": [ + "requiredCaptcha", + "session_id" + ], + "type": "object" + }, + "GdDetails": { + "properties": { + "authenticator": { + "properties": { + "id": { + "type": [ + "string", + "null" + ] + }, + "type": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "device_id": { + "type": "string" + }, + "enrollment": { + "properties": { + "_id": { + "type": "string" + }, + "identifier": { + "type": "string" + }, + "name": { + "type": "string" + }, + "phone_number": { + "type": [ + "string", + "null" + ] + }, + "tenant": { + "type": "string" + }, + "user_id": { + "type": "string" + } + }, + "required": [ + "_id", + "tenant", + "user_id" + ], + "type": "object" + }, + "failure_details": { + "properties": { + "errorCode": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "errorCode", + "message" + ], + "type": "object" + }, + "first_factor": { + "type": "boolean" + }, + "provider_error": { + "properties": { + "errorCode": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "errorCode", + "message" + ], + "type": "object" + }, + "request": { + "type": "object" + }, + "response": { + "type": "object" + }, + "session_id": { + "type": "string" + } + }, + "type": "object" + }, + "GdRequest": { + "properties": { + "auth": { + "properties": { + "scopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "strategy": { + "type": "string" + } + }, + "required": [ + "scopes", + "strategy" + ], + "type": "object" + }, + "body": { + "properties": { + "code": { + "type": "string" + } + }, + "required": [ + "code" + ], + "type": "object" + }, + "ip": { + "type": "string" + }, + "method": { + "type": "string" + }, + "path": { + "type": "string" + }, + "query": { + "type": "string" + }, + "userAgent": { + "type": "string" + } + }, + "required": [ + "auth", + "body", + "ip", + "method", + "path", + "query", + "userAgent" + ], + "type": "object" + }, + "IPV4": { + "format": "ipv4", + "type": "string" + }, + "IPV6": { + "format": "ipv6", + "type": "string" + }, + "LoginsCountStats": { + "properties": { + "loginsCount": { + "description": "The number of logins this user has done, if available. Logins done with a valid username and password always increment this count, even if further steps in the process cause the login to fail (MFA, extensibility, etc.) Null values should be treated as missing data and not as 0.", + "type": [ + "number", + "null" + ] + } + }, + "required": [ + "loginsCount" + ], + "type": "object" + }, + "OAuthError": { + "properties": { + "message": { + "type": "string" + }, + "oauthError": { + "type": "string" + }, + "payload": { + "properties": { + "attempt": { + "type": "number" + }, + "authorized": { + "description": "min-length 1", + "items": { + "type": "string" + }, + "type": "array" + }, + "clientID": { + "type": "string" + }, + "code": { + "type": "string" + }, + "message": { + "type": "string" + }, + "name": { + "type": "string" + }, + "status": { + "type": "string" + } + }, + "required": [ + "attempt", + "authorized", + "clientID", + "code", + "message", + "name", + "status" + ], + "type": "object" + }, + "type": { + "type": "string" + }, + "uri": { + "type": "string" + } + }, + "required": [ + "message", + "oauthError" + ], + "type": "object" + }, + "RiskAssessment": { + "properties": { + "assessments": { + "properties": { + "ImpossibleTravel": { + "properties": { + "code": { + "type": "string" + }, + "confidence": { + "type": "string" + } + }, + "required": [ + "code", + "confidence" + ], + "type": "object" + }, + "NewDevice": { + "properties": { + "code": { + "type": "string" + }, + "confidence": { + "type": "string" + }, + "details": { + "properties": { + "device": { + "type": "string" + }, + "useragent": { + "type": "string" + } + }, + "required": [ + "device" + ], + "type": "object" + } + }, + "required": [ + "code", + "confidence" + ], + "type": "object" + }, + "UntrustedIP": { + "properties": { + "code": { + "type": "string" + }, + "confidence": { + "type": "string" + }, + "details": { + "properties": { + "ip": { + "type": "string" + }, + "matches": { + "type": "string" + }, + "source": { + "type": "string" + } + }, + "required": [ + "ip", + "matches", + "source" + ], + "type": "object" + } + }, + "required": [ + "code", + "confidence" + ], + "type": "object" + } + }, + "required": [ + "UntrustedIP" + ], + "type": "object" + }, + "confidence": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "assessments", + "confidence", + "version" + ], + "type": "object" + }, + "SignupDetails": { + "properties": { + "actions": { + "$ref": "#/definitions/ActionExecutions" + }, + "body": { + "properties": { + "app_metadata": { + "type": "object" + }, + "blocked": { + "type": "boolean" + }, + "client_id": { + "type": "string" + }, + "connection": { + "type": "string" + }, + "email": { + "type": "string" + }, + "email_verified": { + "type": "boolean" + }, + "family_name": { + "type": "string" + }, + "given_name": { + "type": "string" + }, + "ip": { + "type": "string" + }, + "name": { + "type": "string" + }, + "nickname": { + "type": "string" + }, + "organization": { + "properties": { + "branding": { + "type": [ + "string", + "null" + ] + }, + "display_name": { + "type": "string" + }, + "id": { + "type": "string" + }, + "metadata": { + "anyOf": [ + {}, + { + "type": "null" + } + ] + }, + "name": { + "type": "string" + } + }, + "type": "object" + }, + "password": { + "type": "string" + }, + "phone_number": { + "type": "string" + }, + "phone_verified": { + "type": "boolean" + }, + "picture": { + "type": "string" + }, + "request_language": { + "type": "string" + }, + "tenant": { + "type": "string" + }, + "transaction": { + "properties": { + "acr_values": { + "anyOf": [ + { + "type": "string" + }, + { + "items": { + "type": "string" + }, + "type": "array" + } + ] + }, + "id": { + "type": "string" + }, + "locale": { + "type": "string" + }, + "login_hint": { + "type": [ + "string", + "null" + ] + }, + "prompt": { + "items": { + "type": "string" + }, + "type": "array" + }, + "protocol": { + "type": "string" + }, + "redirect_uri": { + "type": [ + "string", + "null" + ] + }, + "requested_scopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "response_mode": { + "type": [ + "string", + "null" + ] + }, + "response_type": { + "items": { + "type": "string" + }, + "type": "array" + }, + "state": { + "type": [ + "string", + "null" + ] + }, + "ui_locales": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "user-agent": { + "type": "string" + }, + "user_id": { + "type": "string" + }, + "user_metadata": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "username": { + "type": "string" + } + }, + "type": "object" + }, + "completedAt": { + "type": "number" + }, + "elapsedTime": { + "type": [ + "number", + "null" + ] + }, + "initiatedAt": { + "type": "number" + }, + "prompts": { + "items": { + "$ref": "#/definitions/AuthPrompt" + }, + "type": "array" + }, + "riskAssessment": { + "$ref": "#/definitions/RiskAssessment" + }, + "session_id": { + "type": "string" + } + }, + "required": [ + "body" + ], + "type": "object" + }, + "TenantLog": { + "anyOf": [ + { + "$ref": "#/definitions/api_limit" + }, + { + "$ref": "#/definitions/cls" + }, + { + "$ref": "#/definitions/cs" + }, + { + "$ref": "#/definitions/depnote" + }, + { + "$ref": "#/definitions/f" + }, + { + "$ref": "#/definitions/fce" + }, + { + "$ref": "#/definitions/fco" + }, + { + "$ref": "#/definitions/fcoa" + }, + { + "$ref": "#/definitions/fcp" + }, + { + "$ref": "#/definitions/fcph" + }, + { + "$ref": "#/definitions/fcpn" + }, + { + "$ref": "#/definitions/fcpr" + }, + { + "$ref": "#/definitions/fcpro" + }, + { + "$ref": "#/definitions/fcu" + }, + { + "$ref": "#/definitions/fd" + }, + { + "$ref": "#/definitions/fdeac" + }, + { + "$ref": "#/definitions/fdeaz" + }, + { + "$ref": "#/definitions/fdecc" + }, + { + "$ref": "#/definitions/fdu" + }, + { + "$ref": "#/definitions/feacft" + }, + { + "$ref": "#/definitions/feccft" + }, + { + "$ref": "#/definitions/fede" + }, + { + "$ref": "#/definitions/fens" + }, + { + "$ref": "#/definitions/feoobft" + }, + { + "$ref": "#/definitions/feotpft" + }, + { + "$ref": "#/definitions/fepft" + }, + { + "$ref": "#/definitions/fepotpft" + }, + { + "$ref": "#/definitions/fercft" + }, + { + "$ref": "#/definitions/ferrt" + }, + { + "$ref": "#/definitions/fertft" + }, + { + "$ref": "#/definitions/fi" + }, + { + "$ref": "#/definitions/flo" + }, + { + "$ref": "#/definitions/fn" + }, + { + "$ref": "#/definitions/fp" + }, + { + "$ref": "#/definitions/fpar" + }, + { + "$ref": "#/definitions/fpurh" + }, + { + "$ref": "#/definitions/fs" + }, + { + "$ref": "#/definitions/fsa" + }, + { + "$ref": "#/definitions/fu" + }, + { + "$ref": "#/definitions/fv" + }, + { + "$ref": "#/definitions/fvr" + }, + { + "$ref": "#/definitions/gd_auth_email_verification" + }, + { + "$ref": "#/definitions/gd_auth_failed" + }, + { + "$ref": "#/definitions/gd_auth_rejected" + }, + { + "$ref": "#/definitions/gd_auth_succeed" + }, + { + "$ref": "#/definitions/gd_enrollment_complete" + }, + { + "$ref": "#/definitions/gd_otp_rate_limit_exceed" + }, + { + "$ref": "#/definitions/gd_recovery_failed" + }, + { + "$ref": "#/definitions/gd_recovery_succeed" + }, + { + "$ref": "#/definitions/gd_send_email" + }, + { + "$ref": "#/definitions/gd_send_email_failure" + }, + { + "$ref": "#/definitions/gd_send_pn" + }, + { + "$ref": "#/definitions/gd_send_pn_failure" + }, + { + "$ref": "#/definitions/gd_send_sms" + }, + { + "$ref": "#/definitions/gd_send_sms_failure" + }, + { + "$ref": "#/definitions/gd_send_voice" + }, + { + "$ref": "#/definitions/gd_send_voice_failure" + }, + { + "$ref": "#/definitions/gd_start_auth" + }, + { + "$ref": "#/definitions/gd_start_enroll" + }, + { + "$ref": "#/definitions/gd_start_enroll_failed" + }, + { + "$ref": "#/definitions/gd_tenant_update" + }, + { + "$ref": "#/definitions/gd_unenroll" + }, + { + "$ref": "#/definitions/gd_update_device_account" + }, + { + "$ref": "#/definitions/gd_webauthn_challenge_failed" + }, + { + "$ref": "#/definitions/gd_webauthn_enrollment_failed" + }, + { + "$ref": "#/definitions/limit_delegation" + }, + { + "$ref": "#/definitions/limit_mu" + }, + { + "$ref": "#/definitions/limit_sul" + }, + { + "$ref": "#/definitions/limit_wc" + }, + { + "$ref": "#/definitions/mfar" + }, + { + "$ref": "#/definitions/mgmt_api_read" + }, + { + "$ref": "#/definitions/oidc_backchannel_logout_failed" + }, + { + "$ref": "#/definitions/oidc_backchannel_logout_succeeded" + }, + { + "$ref": "#/definitions/pla" + }, + { + "$ref": "#/definitions/pwd_leak" + }, + { + "$ref": "#/definitions/resource_cleanup" + }, + { + "$ref": "#/definitions/s" + }, + { + "$ref": "#/definitions/sapi" + }, + { + "$ref": "#/definitions/sce" + }, + { + "$ref": "#/definitions/scoa" + }, + { + "$ref": "#/definitions/scp" + }, + { + "$ref": "#/definitions/scph" + }, + { + "$ref": "#/definitions/scpn" + }, + { + "$ref": "#/definitions/scpr" + }, + { + "$ref": "#/definitions/scu" + }, + { + "$ref": "#/definitions/sd" + }, + { + "$ref": "#/definitions/sdu" + }, + { + "$ref": "#/definitions/seacft" + }, + { + "$ref": "#/definitions/seccft" + }, + { + "$ref": "#/definitions/sede" + }, + { + "$ref": "#/definitions/sens" + }, + { + "$ref": "#/definitions/seoobft" + }, + { + "$ref": "#/definitions/seotpft" + }, + { + "$ref": "#/definitions/sepft" + }, + { + "$ref": "#/definitions/sercft" + }, + { + "$ref": "#/definitions/sertft" + }, + { + "$ref": "#/definitions/si" + }, + { + "$ref": "#/definitions/slo" + }, + { + "$ref": "#/definitions/srrt" + }, + { + "$ref": "#/definitions/ss" + }, + { + "$ref": "#/definitions/ssa" + }, + { + "$ref": "#/definitions/sui" + }, + { + "$ref": "#/definitions/sv" + }, + { + "$ref": "#/definitions/svr" + }, + { + "$ref": "#/definitions/ublkdu" + }, + { + "$ref": "#/definitions/w" + } + ] + }, + "api_limit": { + "description": "The maximum number of requests to the Authentication or Management APIs in given time was reached", + "properties": { + "auth0_client": { + "anyOf": [ + { + "$ref": "#/definitions/Auth0ClientProp" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "request": { + "properties": { + "method": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "response": { + "type": "string" + } + }, + "type": "object" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "api_limit", + "description": "Rate Limit notice on Authentication or Management API", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "auth0_client", + "client_name", + "description", + "details", + "hostname", + "log_id", + "type" + ], + "type": "object" + }, + "cls": { + "description": "Passwordless Login Code/Link Sent", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "body": { + "properties": { + "authParams": {}, + "client_id": { + "type": "string" + }, + "connection": { + "type": "string" + }, + "email": { + "type": "string" + }, + "send": { + "type": "string" + }, + "tenant": { + "type": "string" + }, + "transaction": {} + }, + "required": [ + "client_id", + "connection", + "email", + "tenant" + ], + "type": "object" + }, + "link": { + "type": "string" + } + }, + "required": [ + "link", + "body" + ], + "type": "object" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "cls", + "description": "Code or Link Sent for Passwordless Login", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" + }, + "cs": { + "description": "Passwordless Login Code Sent", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "body": { + "properties": { + "authParams": { + "properties": { + "audience": { + "type": "string" + }, + "redirect_uri": { + "type": "string" + }, + "response_type": { + "type": "string" + }, + "scope": { + "type": "string" + }, + "state": { + "type": "string" + } + }, + "required": [ + "audience", + "redirect_uri", + "response_type", + "scope", + "state" + ], + "type": "object" + }, + "client_id": { + "type": "string" + }, + "connection": { + "type": "string" + }, + "ip": { + "type": "string" + }, + "phone_number": { + "type": "string" + }, + "request_language": { + "type": "string" + }, + "send": { + "type": "string" + }, + "tenant": { + "type": "string" + }, + "user-agent": { + "type": "string" + }, + "username": { + "type": "string" + } + }, + "required": [ + "authParams", + "client_id", + "connection", + "ip", + "phone_number", + "request_language", + "send", + "tenant", + "user-agent", + "username" + ], + "type": "object" + } + }, + "required": [ + "body" + ], + "type": "object" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "cs", + "description": "Code Sent for Passwordless Login", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" + }, + "depnote": { + "description": "Deprecation Notice", + "properties": { + "auth0_client": { + "anyOf": [ + { + "$ref": "#/definitions/Auth0ClientProp" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "feature": { + "properties": { + "description": { + "type": "string" + }, + "documentation": { + "type": "string" + }, + "id": { + "type": "string" + }, + "name": { + "type": "string" + }, + "tenant_from_host": { + "type": "string" + } + }, + "required": [ + "description", + "documentation", + "id", + "name" + ], + "type": "object" + }, + "method": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "required": [ + "feature" + ], + "type": "object" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "depnote", + "description": "Deprecation Notice", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "auth0_client", + "client_name", + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "f": { + "description": "Failed Login This is only emitted if the error is not covered by the `fp` or `fu` log types", + "properties": { + "auth0_client": { + "anyOf": [ + { + "$ref": "#/definitions/Auth0ClientProp" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "details": { + "properties": { + "error": { + "$ref": "#/definitions/OAuthError" + }, + "qs": { + "type": "object" + }, + "riskAssessment": { + "type": "string" + }, + "session_id": { + "type": "string" + }, + "stats": { + "$ref": "#/definitions/LoginsCountStats" + } + }, + "required": [ + "error" + ], + "type": "object" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "organization_id": { + "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.", + "type": "string" + }, + "organization_name": { + "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.", + "type": "string" + }, + "scope": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ], + "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "auth0_client", + "client_name", + "details", + "hostname", + "ip", + "strategy", + "strategy_type" + ], + "type": "object" + }, + "fce": { + "description": "Failed to change user email", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "details": { + "properties": { + "body": { + "properties": { + "client_id": { + "type": "string" + }, + "connection": { + "type": "string" + }, + "email": { + "type": "string" + }, + "email_verified": { + "type": "boolean" + }, + "newEmail": { + "type": "string" + }, + "tenant": { + "type": "string" + }, + "user_id": { + "type": "string" + }, + "verify": { + "type": "boolean" + } + }, + "required": [ + "client_id", + "connection", + "email", + "email_verified", + "newEmail", + "tenant", + "user_id", + "verify" + ], + "type": "object" + } + }, + "required": [ + "body" + ], + "type": "object" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "details", + "strategy", + "strategy_type" + ], + "type": "object" + }, + "fco": { + "description": "Failed due to CORS. Is the origin in the Allowed Origins list for the specified application?", + "properties": { + "auth0_client": { + "anyOf": [ + { + "$ref": "#/definitions/Auth0ClientProp" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "allowedOrigins": { + "items": { + "type": "string" + }, + "type": "array" + }, + "headers": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "host": { + "type": "string" + }, + "method": { + "type": "string" + }, + "origin": { + "type": "string" + }, + "originUrl": { + "type": "string" + }, + "originalUrl": { + "type": "string" + }, + "session_id": { + "type": "string" + }, + "webOrigins": { + "items": { + "type": "string" + }, + "type": "array" + }, + "xhr": { + "type": "boolean" + } + }, + "required": [ + "allowedOrigins", + "headers", + "host", + "method", + "origin", + "xhr" + ], + "type": "object" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "fco", + "description": "Failed due to CORS", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "auth0_client", + "client_name", + "description", + "details", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "fcoa": { + "description": "Failed Cross-Origin Authentication", + "properties": { + "audience": { + "description": "The audience in the JWT associated with the request.", + "type": "string" + }, + "auth0_client": { + "anyOf": [ + { + "$ref": "#/definitions/Auth0ClientProp" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "actions": { + "$ref": "#/definitions/ActionExecutions" + }, + "body": { + "type": "object" + }, + "connection": { + "type": "string" + }, + "error": { + "$ref": "#/definitions/OAuthError" + }, + "qs": { + "type": "object" + }, + "session_connection": { + "type": "string" + }, + "stats": { + "$ref": "#/definitions/LoginsCountStats" + } + }, + "required": [ + "error", + "connection", + "body" + ], + "type": "object" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "scope": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ], + "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "fcoa", + "description": "Failed Cross-Origin Authentication", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "audience", + "auth0_client", + "client_name", + "description", + "details", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" + }, + "fcp": { + "description": "Failed Change Password", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "body": { + "properties": { + "_csrf": { + "type": "string" + }, + "confirmNewPassword": { + "type": "string" + }, + "newPassword": { + "type": "string" + }, + "ticket": { + "type": "string" + } + }, + "required": [ + "confirmNewPassword", + "newPassword", + "_csrf", + "ticket" + ], + "type": "object" + }, + "description": { + "type": "string" + }, + "query": { + "properties": { + "client_id": { + "type": "string" + }, + "connection": { + "type": "string" + }, + "email": { + "type": "string" + }, + "includeEmailInRedirect": { + "type": "boolean" + }, + "markEmailAsVerified": { + "type": "boolean" + }, + "newPassword": { + "type": "string" + }, + "resultUrl": { + "type": "string" + }, + "tenant": { + "type": "string" + }, + "user_id": { + "type": "string" + }, + "username": { + "type": "string" + } + }, + "required": [ + "client_id", + "connection", + "email", + "includeEmailInRedirect", + "markEmailAsVerified", + "newPassword", + "resultUrl", + "tenant", + "user_id", + "username" + ], + "type": "object" + } + }, + "required": [ + "body", + "description", + "query" + ], + "type": "object" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "fcp", + "description": "Failed Change Password", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" + }, + "fcph": { + "description": "Failed Post Change Password Hook", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "actions": { + "$ref": "#/definitions/ActionExecutions" + } + }, + "required": [ + "actions" + ], + "type": "object" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "fcph", + "description": "Failed Post Change Password Hook", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" + }, + "fcpn": { + "description": "Failed Change Phone Number", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "body": { + "properties": { + "client_id": { + "type": "string" + }, + "connection": { + "type": "string" + }, + "new_phone_number": { + "type": "string" + }, + "old_phone_number": { + "type": "string" + }, + "phone_verified": { + "type": "string" + }, + "tenant": { + "type": "string" + }, + "user_id": { + "type": "string" + }, + "verify": { + "type": "boolean" + } + }, + "required": [ + "client_id", + "connection", + "new_phone_number", + "old_phone_number", + "phone_verified", + "tenant", + "user_id", + "verify" + ], + "type": "object" + } + }, + "required": [ + "body" + ], + "type": "object" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "fcpn", + "description": "Failed Change Phone Number", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" + }, + "fcpr": { + "description": "Failed Change Password Request", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "body": { + "properties": { + "client_id": { + "type": "string" + }, + "connection": { + "type": "string" + }, + "debug": { + "type": "boolean" + }, + "description": { + "type": "string" + }, + "email": { + "type": "string" + }, + "newPassword": { + "type": "string" + }, + "tenant": { + "type": "string" + }, + "ttl_sec": { + "type": "number" + }, + "username": { + "type": "string" + }, + "verify": { + "type": "boolean" + } + }, + "required": [ + "client_id", + "connection", + "debug", + "verify", + "email", + "tenant" + ], + "type": "object" + } + }, + "required": [ + "body" + ], + "type": "object" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "fcpr", + "description": "Failed Change Password Request", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" + }, + "fcpro": { + "description": "Failed to provision a AD/LDAP connector", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "properties": { + "details": { + "type": "string" + } + }, + "required": [ + "details" + ], + "type": "object" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "fcpro", + "description": "Failed Connector Provisioning", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "fcu": { + "description": "Failed to change username", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "body": { + "properties": { + "client_id": { + "type": "string" + }, + "connection": { + "type": "string" + }, + "email": { + "type": "string" + }, + "newUername": { + "type": "string" + }, + "oldUsername": { + "type": "string" + }, + "tenant": { + "type": "string" + }, + "user_id": { + "type": "string" + } + }, + "required": [ + "client_id", + "connection", + "email", + "newUername", + "oldUsername", + "tenant", + "user_id" + ], + "type": "object" + } + }, + "required": [ + "body" + ], + "type": "object" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "fcu", + "description": "Failed Change Username", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" + }, + "fd": { + "description": "Failed to generate delegation token", + "properties": { + "auth0_client": { + "anyOf": [ + { + "$ref": "#/definitions/Auth0ClientProp" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "api_type": { + "type": "string" + }, + "device": { + "type": "string" + }, + "grant_type": { + "type": "string" + }, + "scope": { + "type": "string" + }, + "target": { + "type": "string" + } + }, + "required": [ + "grant_type" + ], + "type": "object" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "fd", + "description": "Failed Delegation", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "auth0_client", + "client_name", + "description", + "details", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "fdeac": { + "description": "Failed Device Confirmation - Device Activation Failure", + "properties": { + "audience": { + "description": "The audience in the JWT associated with the request.", + "type": "string" + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "code": { + "type": "string" + }, + "connection": { + "type": "string" + }, + "error": { + "properties": { + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "session_id": { + "type": "string" + } + }, + "required": [ + "code", + "session_id" + ], + "type": "object" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "scope": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ], + "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "fdeac", + "description": "Failed Device Confirmation - Device Activation Failure", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "audience", + "client_name", + "description", + "details", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" + }, + "fdeaz": { + "description": "Failed Device Confirmation - Request Failure", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "body": { + "properties": { + "audience": { + "type": "string" + }, + "client_id": { + "type": "string" + }, + "scope": { + "type": "string" + } + }, + "required": [ + "client_id", + "scope" + ], + "type": "object" + }, + "error": { + "$ref": "#/definitions/OAuthError" + }, + "qs": { + "type": "object" + } + }, + "required": [ + "body" + ], + "type": "object" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "fdeaz", + "description": "Failed Device Confirmation - Request Failure", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "fdecc": { + "description": "Failed Device Confirmation - User Canceled", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "session_id": { + "type": "string" + } + }, + "required": [ + "session_id" + ], + "type": "object" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "fdecc", + "description": "Failed Device Confirmation - User Canceled", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "fdu": { + "description": "Failed User Deletion", + "properties": { + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "body": { + "properties": { + "connection": { + "type": "string" + }, + "tenant": { + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "body" + ], + "type": "object" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "fdu", + "description": "Failed User Deletion", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" + }, + "feacft": { + "description": "Failed to Exchange Authorization Code for Access Token", + "properties": { + "auth0_client": { + "anyOf": [ + { + "$ref": "#/definitions/Auth0ClientProp" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "code": { + "type": [ + "string", + "null" + ] + } + }, + "type": "object" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "transaction_linking_id": { + "description": "Reflects the transaction linking ID provided at the start of the auth flow, if any. Only available when using decoupled authorization flows.", + "pattern": "^[A-Za-z0-9-_]{27}$", + "type": "string" + }, + "type": { + "const": "feacft", + "description": "Failed Exchange of Authorization Code for Access Token", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "auth0_client", + "client_name", + "description", + "details", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "feccft": { + "description": "Failed exchange of Access Token for a Client Credentials Grant", + "properties": { + "audience": { + "description": "The audience in the JWT associated with the request.", + "type": "string" + }, + "auth0_client": { + "anyOf": [ + { + "$ref": "#/definitions/Auth0ClientProp" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "client_authentoication_error": { + "type": "string" + } + }, + "type": "object" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "organization_id": { + "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.", + "type": "string" + }, + "organization_name": { + "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.", + "type": "string" + }, + "scope": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ], + "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`" + }, + "type": { + "const": "feccft", + "description": "Failed Exchange of Access Token for a Client Credentials Grant", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "audience", + "auth0_client", + "client_name", + "description", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "fede": { + "description": "Failed to exchange Device Code for Access Token", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "fede", + "description": "Failed Exchange of Device Code for Access Token", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "fens": { + "description": "Failed exchange for Native Social Login", + "properties": { + "audience": { + "description": "The audience in the JWT associated with the request.", + "type": "string" + }, + "auth0_client": { + "anyOf": [ + { + "$ref": "#/definitions/Auth0ClientProp" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "subject_token_type": { + "type": "string" + } + }, + "required": [ + "subject_token_type" + ], + "type": "object" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "scope": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ], + "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`" + }, + "type": { + "const": "fens", + "description": "Failed Exchange for Native Social Login", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "audience", + "auth0_client", + "client_name", + "description", + "details", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "feoobft": { + "description": "Failed exchange of Password and OOB Challenge for Access Token", + "properties": { + "audience": { + "description": "The audience in the JWT associated with the request.", + "type": "string" + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP from which we got the request. Note that this does not follow forwarded-for headers unlike the `ip` field which aims at describing the IP of the end user." + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "scope": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ], + "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`" + }, + "type": { + "const": "feoobft", + "description": "Failed Exchange of Password and OOB Challenge for Access Token", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "audience", + "client_name", + "description", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "feotpft": { + "description": "Failed exchange of Password and OTP Challenge for Access Token", + "properties": { + "audience": { + "description": "The audience in the JWT associated with the request.", + "type": "string" + }, + "auth0_client": { + "anyOf": [ + { + "$ref": "#/definitions/Auth0ClientProp" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP from which we got the request. Note that this does not follow forwarded-for headers unlike the `ip` field which aims at describing the IP of the end user." + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "scope": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ], + "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`" + }, + "type": { + "const": "feotpft", + "description": "Failed Exchange of Password and OTP Challenge for Access Token", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "audience", + "auth0_client", + "client_name", + "description", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "fepft": { + "description": "Failed exchange of Password for Access Token", + "properties": { + "audience": { + "description": "The audience in the JWT associated with the request.", + "type": "string" + }, + "auth0_client": { + "anyOf": [ + { + "$ref": "#/definitions/Auth0ClientProp" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP from which we got the request. Note that this does not follow forwarded-for headers unlike the `ip` field which aims at describing the IP of the end user." + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "scope": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ], + "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`" + }, + "type": { + "const": "fepft", + "description": "Failed Exchange of Password for Access Token", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "audience", + "auth0_client", + "client_name", + "description", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "fepotpft": { + "description": "Failed exchange of Passwordless OTP for Access Token", + "properties": { + "audience": { + "description": "The audience in the JWT associated with the request.", + "type": "string" + }, + "auth0_client": { + "anyOf": [ + { + "$ref": "#/definitions/Auth0ClientProp" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP from which we got the request. Note that this does not follow forwarded-for headers unlike the `ip` field which aims at describing the IP of the end user." + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "scope": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ], + "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`" + }, + "type": { + "const": "fepotpft", + "description": "Failed Exchange of Passwordless OTP for Access Token", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "audience", + "auth0_client", + "client_name", + "description", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "fercft": { + "description": "Failed Exchange of Password and MFA Recovery Code for Access Token", + "properties": { + "audience": { + "description": "The audience in the JWT associated with the request.", + "type": "string" + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP from which we got the request. Note that this does not follow forwarded-for headers unlike the `ip` field which aims at describing the IP of the end user." + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "scope": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ], + "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`" + }, + "type": { + "const": "fepotpft", + "description": "Failed Exchange of Passwordless OTP for Access Token", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "audience", + "client_name", + "description", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "ferrt": { + "description": "Failed Exchange of Rotating Refresh Token. This could occur when reuse is detected.", + "properties": { + "audience": { + "description": "The audience in the JWT associated with the request.", + "type": "string" + }, + "auth0_client": { + "anyOf": [ + { + "$ref": "#/definitions/Auth0ClientProp" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "familyId": { + "type": "string" + }, + "latestCounter": { + "type": "number" + }, + "tokenCounter": { + "type": "number" + } + }, + "required": [ + "familyId", + "latestCounter", + "tokenCounter" + ], + "type": "object" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "scope": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ], + "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`" + }, + "type": { + "const": "ferrt", + "description": "Failed Exchange of Rotating Refresh Token", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "audience", + "auth0_client", + "client_name", + "description", + "details", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "fertft": { + "description": "Failed Exchange of Refresh Token for Access Token. This could occur if the refresh token is revoked or expired.", + "properties": { + "audience": { + "description": "The audience in the JWT associated with the request.", + "type": "string" + }, + "auth0_client": { + "anyOf": [ + { + "$ref": "#/definitions/Auth0ClientProp" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "actions": { + "$ref": "#/definitions/ActionExecutions" + } + }, + "type": "object" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "scope": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ], + "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`" + }, + "type": { + "const": "fertft", + "description": "Failed Exchange of Refresh Token for Access Token", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "audience", + "auth0_client", + "client_name", + "description", + "details", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "fi": { + "description": "Failed to accept a user invitation. This could happen if the user accepts an invitation using a different email address than provided in the invitation, or due to a system failure while provisioning the invitation.", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "invitation": { + "properties": { + "client_id": { + "type": "string" + }, + "created_at": { + "type": "string" + }, + "expires_at": { + "type": "string" + }, + "id": { + "type": "string" + }, + "invitee": { + "properties": { + "email": { + "type": "string" + } + }, + "required": [ + "email" + ], + "type": "object" + }, + "inviter": { + "properties": { + "name": { + "type": "string" + }, + "organization_id": { + "type": "string" + } + }, + "required": [ + "name", + "organization_id" + ], + "type": "object" + }, + "roles": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ticket_id": { + "type": "string" + } + }, + "required": [ + "client_id", + "created_at", + "expires_at", + "id", + "invitee", + "inviter", + "roles", + "ticket_id" + ], + "type": "object" + } + }, + "required": [ + "invitation" + ], + "type": "object" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "organization_id": { + "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.", + "type": "string" + }, + "organization_name": { + "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.", + "type": "string" + }, + "type": { + "const": "fi", + "description": "failed Invite Accept", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "flo": { + "description": "Failed Logout", + "properties": { + "auth0_client": { + "anyOf": [ + { + "$ref": "#/definitions/Auth0ClientProp" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "allowed_logout_url": { + "items": { + "type": "string" + }, + "type": "array" + }, + "initiated_by": { + "type": "string" + }, + "protocol": { + "type": "string" + }, + "return_to": { + "type": "string" + }, + "session_id": { + "type": "string" + } + }, + "required": [ + "allowed_logout_url", + "return_to" + ], + "type": "object" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "flo", + "description": "Failed Logout", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "auth0_client", + "client_name", + "description", + "details", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "fn": { + "description": "Failed Notification", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "email_type": { + "type": "string" + }, + "error": { + "type": "string" + }, + "to": { + "type": "string" + } + }, + "required": [ + "email_type", + "to" + ], + "type": "object" + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "fn", + "description": "Failed Notification", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "log_id", + "type" + ], + "type": "object" + }, + "fp": { + "description": "Failed login due to invalid password", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "consoleOut": {}, + "error": { + "anyOf": [ + { + "properties": { + "message": { + "type": "string" + } + }, + "required": [ + "message" + ], + "type": "object" + }, + { + "properties": { + "reason": { + "type": "string" + } + }, + "required": [ + "reason" + ], + "type": "object" + } + ] + } + }, + "required": [ + "error" + ], + "type": "object" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "organization_id": { + "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.", + "type": "string" + }, + "organization_name": { + "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "fp", + "description": "Failed Login - Invalid Password", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" + }, + "fpar": { + "description": "Failed Push Authorization Request", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "error": { + "$ref": "#/definitions/OAuthError" + }, + "qs": { + "type": "object" + }, + "riskAssessment": { + "type": "string" + }, + "session_id": { + "type": "string" + }, + "stats": { + "$ref": "#/definitions/LoginsCountStats" + } + }, + "required": [ + "error" + ], + "type": "object" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "organization_id": { + "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.", + "type": "string" + }, + "organization_name": { + "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.", + "type": "string" + }, + "scope": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ], + "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`" + }, + "type": { + "const": "fpar", + "description": "Failed Push Authorization Request", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "fpurh": { + "description": "Failed Post User Registration Hook", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "fpurh", + "description": "Failed Post User Registration Hook", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" + }, + "fs": { + "description": "Failed Signup", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "phone_number": { + "type": "string" + }, + "phone_risk_assessment": { + "properties": { + "country_code": { + "type": "number" + }, + "is_valid": { + "type": "boolean" + }, + "line_type": { + "type": "string" + }, + "risk_level": { + "type": "string" + } + }, + "required": [ + "line_type", + "risk_level", + "country_code", + "is_valid" + ], + "type": "object" + } + }, + "type": "object" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "fs", + "description": "Failed Signup", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" + }, + "fsa": { + "description": "Failed Silent Auth", + "properties": { + "audience": { + "description": "The audience in the JWT associated with the request.", + "type": "string" + }, + "auth0_client": { + "anyOf": [ + { + "$ref": "#/definitions/Auth0ClientProp" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "organization_id": { + "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.", + "type": "string" + }, + "organization_name": { + "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.", + "type": "string" + }, + "scope": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ], + "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`" + }, + "type": { + "const": "fsa", + "description": "Failed Silent Auth", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "audience", + "auth0_client", + "client_name", + "description", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "fu": { + "description": "Failed login due to invalid username", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "error": { + "properties": { + "message": { + "type": "string" + } + }, + "required": [ + "message" + ], + "type": "object" + } + }, + "type": "object" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "organization_id": { + "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.", + "type": "string" + }, + "organization_name": { + "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "fu", + "description": "Failed Login - Invalid username", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" + }, + "fv": { + "description": "Failed to send verification email", + "properties": { + "body": { + "type": "object" + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "body": { + "properties": { + "tenant": { + "type": "string" + }, + "ticket": { + "type": "string" + } + }, + "required": [ + "tenant", + "ticket" + ], + "type": "object" + }, + "email": { + "type": "string" + }, + "query": { + "properties": { + "client_id": { + "type": "string" + }, + "connection": { + "type": "string" + }, + "email": { + "type": "string" + }, + "idp_user_id": { + "type": "string" + }, + "includeEmailInRedirect": { + "type": "string" + }, + "resultUrl": { + "type": "string" + }, + "tenant": { + "type": "string" + }, + "user_id": { + "type": "string" + } + }, + "required": [ + "client_id", + "connection", + "email", + "idp_user_id", + "includeEmailInRedirect", + "resultUrl", + "tenant", + "user_id" + ], + "type": "object" + }, + "title": { + "type": "string" + } + }, + "required": [ + "query" + ], + "type": "object" + }, + "email": { + "type": "string" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "query": { + "type": "object" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "title": { + "type": "string" + }, + "type": { + "const": "fv", + "description": "Failed Verification Email", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "body", + "client_name", + "description", + "details", + "email", + "ip", + "log_id", + "query", + "strategy", + "strategy_type", + "title", + "type" + ], + "type": "object" + }, + "fvr": { + "description": "Failed to proces verification email request", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "body": { + "properties": { + "client_id": { + "type": "string" + }, + "connection": { + "type": "string" + }, + "email": { + "type": "string" + }, + "idp_user_id": { + "type": [ + "string", + "number" + ] + }, + "includeEmailInRedirect": { + "type": "boolean" + }, + "job_id": { + "type": "string" + }, + "provider": { + "type": "string" + }, + "resultUrl": { + "type": "string" + }, + "template": { + "properties": { + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "tenant": { + "type": "string" + }, + "to": { + "type": "string" + }, + "ttl_sec": { + "type": "number" + }, + "user_id": { + "type": "string" + }, + "verificationUrl": { + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "body" + ], + "type": "object" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "fvr", + "description": "Failed Verification Email Request", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" + }, + "gd_auth_email_verification": { + "properties": { + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "allOf": [ + { + "$ref": "#/definitions/GdDetails" + } + ] + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "gd_auth_email_verification", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "gd_auth_failed": { + "description": "Multi-factor authentication failed. This could happen due to a wrong code entered for SMS/Voice/Email/TOTP factors, or a system failure.", + "properties": { + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "authenticator": { + "properties": { + "id": { + "type": [ + "string", + "null" + ] + }, + "type": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "device_id": { + "type": "string" + }, + "enrollment": { + "properties": { + "_id": { + "type": "string" + }, + "identifier": { + "type": "string" + }, + "name": { + "type": "string" + }, + "phone_number": { + "type": [ + "string", + "null" + ] + }, + "tenant": { + "type": "string" + }, + "user_id": { + "type": "string" + } + }, + "required": [ + "_id", + "tenant", + "user_id" + ], + "type": "object" + }, + "failure_details": { + "properties": { + "errorCode": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "errorCode", + "message" + ], + "type": "object" + }, + "first_factor": { + "type": "boolean" + }, + "provider_error": { + "properties": { + "errorCode": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "errorCode", + "message" + ], + "type": "object" + }, + "request": { + "$ref": "#/definitions/GdRequest" + }, + "response": { + "type": "object" + }, + "session_id": { + "type": "string" + } + }, + "required": [ + "request", + "response" + ], + "type": "object" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "gd_auth_failed", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "gd_auth_rejected": { + "description": "User rejected a multi-factor authentication request via push-notification", + "properties": { + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "allOf": [ + { + "$ref": "#/definitions/GdDetails" + } + ] + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "gd_auth_rejected", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "gd_auth_succeed": { + "properties": { + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "allOf": [ + { + "$ref": "#/definitions/GdDetails" + } + ] + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "gd_auth_succeed", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "gd_enrollment_complete": { + "description": "A first time MFA user has successfully enrolled using one of the factors", + "properties": { + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "allOf": [ + { + "$ref": "#/definitions/GdDetails" + } + ] + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "gd_enrollment_complete", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "gd_otp_rate_limit_exceed": { + "description": "A user, during enrollment or authentication, enters an incorrect code more than the maximum allowed number of times. Ex: A user enrolling in SMS enters the 6-digit code wrong more than 10 times in a row.", + "properties": { + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "allOf": [ + { + "$ref": "#/definitions/GdDetails" + } + ] + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "gd_otp_rate_limit_exceed", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "gd_recovery_failed": { + "description": "A user entered a wrong Recovery Code when attempting to authenticate", + "properties": { + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "allOf": [ + { + "$ref": "#/definitions/GdDetails" + } + ] + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "gd_recovery_failed", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "gd_recovery_succeed": { + "properties": { + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "allOf": [ + { + "$ref": "#/definitions/GdDetails" + } + ] + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "gd_recovery_succeed", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "gd_send_email": { + "properties": { + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "allOf": [ + { + "$ref": "#/definitions/GdDetails" + } + ] + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "gd_send_email", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "gd_send_email_failure": { + "properties": { + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "allOf": [ + { + "$ref": "#/definitions/GdDetails" + } + ] + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "gd_send_email_failure", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "gd_send_pn": { + "description": "Push notification for MFA sent successfully sent", + "properties": { + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "allOf": [ + { + "$ref": "#/definitions/GdDetails" + } + ] + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "gd_send_pn", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "gd_send_pn_failure": { + "description": "Push notification for MFA failed", + "properties": { + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "allOf": [ + { + "$ref": "#/definitions/GdDetails" + } + ] + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "gd_send_pn_failure", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "gd_send_sms": { + "properties": { + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "allOf": [ + { + "$ref": "#/definitions/GdDetails" + } + ] + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "gd_send_sms", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "gd_send_sms_failure": { + "properties": { + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "allOf": [ + { + "$ref": "#/definitions/GdDetails" + } + ] + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "gd_send_sms_failure", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "gd_send_voice": { + "properties": { + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "allOf": [ + { + "$ref": "#/definitions/GdDetails" + } + ] + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "gd_send_voice", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "gd_send_voice_failure": { + "properties": { + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "allOf": [ + { + "$ref": "#/definitions/GdDetails" + } + ] + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "gd_send_voice_failure", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "gd_start_auth": { + "properties": { + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "allOf": [ + { + "$ref": "#/definitions/GdDetails" + } + ] + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "gd_start_auth", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "gd_start_enroll": { + "properties": { + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "allOf": [ + { + "$ref": "#/definitions/GdDetails" + } + ] + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "gd_start_enroll", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "gd_start_enroll_failed": { + "properties": { + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "allOf": [ + { + "$ref": "#/definitions/GdDetails" + } + ] + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "gd_start_enroll_failed", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "gd_tenant_update": { + "properties": { + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "allOf": [ + { + "$ref": "#/definitions/GdDetails" + } + ] + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "gd_tenant_update", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "gd_unenroll": { + "properties": { + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "allOf": [ + { + "$ref": "#/definitions/GdDetails" + } + ] + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "gd_unenroll", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "gd_update_device_account": { + "properties": { + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "allOf": [ + { + "$ref": "#/definitions/GdDetails" + } + ] + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "gd_update_device_account", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "gd_webauthn_challenge_failed": { + "properties": { + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "allOf": [ + { + "$ref": "#/definitions/GdDetails" + } + ] + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "gd_webauthn_challenge_failed", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "gd_webauthn_enrollment_failed": { + "properties": { + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "allOf": [ + { + "$ref": "#/definitions/GdDetails" + } + ] + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "gd_webauthn_enrollment_failed", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "limit_delegation": { + "description": "A user is temporarily prevented from logging in because of too many delegation requests", + "properties": { + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "limit_delegation", + "description": "Blocked Account - Too many Delegation requests", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "limit_mu": { + "description": "An IP address is blocked because it attempted too many failed logins without a successful login. Or an IP address is blocked because it attempted too many sign-ups, whether successful or failed.", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "limit_mu", + "description": "Blocked Account - Too many attempts or signups", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "limit_sul": { + "description": "A user is temporarily prevented from logging in because they reached the maximum logins per time period from the same IP address", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "limit_sul", + "description": "Blocked Account - Logins per IP", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "limit_wc": { + "description": "An IP address is blocked because it reached the maximum failed login attempts into a single account.", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "limit_wc", + "description": "Blocked Account - Failed Logins", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "mfar": { + "description": "A user has been prompted for multi-factor authentication (MFA). When using Adaptive MFA, Auth0 includes details about the risk assessment", + "properties": { + "auth0_client": { + "anyOf": [ + { + "$ref": "#/definitions/Auth0ClientProp" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP from which we got the request. Note that this does not follow forwarded-for headers unlike the `ip` field which aims at describing the IP of the end user." + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "assessments": { + "properties": { + "ImpossibleTravel": { + "properties": { + "code": { + "type": "string" + }, + "confidence": { + "type": "string" + } + }, + "required": [ + "code", + "confidence" + ], + "type": "object" + }, + "UntrustedIP": { + "properties": { + "code": { + "type": "string" + }, + "confidence": { + "type": "string" + }, + "details": { + "properties": { + "ip": { + "type": "string" + }, + "matches": { + "type": "string" + }, + "source": { + "type": "string" + } + }, + "required": [ + "ip", + "matches", + "source" + ], + "type": "object" + } + }, + "required": [ + "code", + "confidence", + "details" + ], + "type": "object" + } + }, + "type": "object" + }, + "confidence": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "confidence", + "version" + ], + "type": "object" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "mfar", + "description": "MFA Required", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "auth0_client", + "client_name", + "description", + "hostname", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" + }, + "mgmt_api_read": { + "description": "Successful GET request on the management API. This event will only be emitted if a secret is returned.", + "properties": { + "auth0_client": { + "anyOf": [ + { + "$ref": "#/definitions/Auth0ClientProp" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "accessedSecrets": { + "items": { + "type": "string" + }, + "type": "array" + }, + "request": { + "properties": { + "auth": { + "properties": { + "credentials": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + }, + { + "properties": { + "jti": { + "type": "string" + } + }, + "type": "object" + } + ] + }, + "strategy": { + "type": "string" + }, + "user": { + "anyOf": [ + { + "type": "string" + }, + { + "properties": { + "email": { + "type": "string" + }, + "name": { + "type": "string" + }, + "user_id": { + "type": "string" + } + }, + "required": [ + "email", + "name" + ], + "type": "object" + } + ] + } + }, + "required": [ + "credentials", + "strategy", + "user" + ], + "type": "object" + }, + "channel": { + "type": "string" + }, + "ip": { + "type": "string" + }, + "method": { + "type": "string" + }, + "path": { + "type": "string" + }, + "query": { + "type": "object" + }, + "userAgent": { + "type": "string" + } + }, + "required": [ + "auth", + "channel", + "ip", + "method", + "path", + "query", + "userAgent" + ], + "type": "object" + }, + "response": { + "properties": { + "body": { + "anyOf": [ + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ] + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "statusCode", + "body" + ], + "type": "object" + } + }, + "required": [ + "accessedSecrets", + "request", + "response" + ], + "type": "object" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "references": { + "description": "Content of the `x-correlation-id` header associated with the management API call, if the feature is enabled", + "properties": { + "correlation_id": { + "maxLength": 64, + "type": "string" + } + }, + "required": [ + "correlation_id" + ], + "type": "object" + }, + "type": { + "const": "mgmt_api_read", + "description": "Management API Read Operation", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "auth0_client", + "client_name", + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "oidc_backchannel_logout_failed": { + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "errors": { + "items": { + "type": "string" + }, + "type": "array" + }, + "initiator": { + "type": "string" + }, + "request": { + "properties": { + "backchannel_logout_uri": { + "type": "string" + }, + "method": { + "type": "string" + } + }, + "required": [ + "method", + "backchannel_logout_uri" + ], + "type": "object" + }, + "response": { + "properties": { + "statusCode": { + "type": "number" + } + }, + "required": [ + "statusCode" + ], + "type": "object" + } + }, + "required": [ + "request", + "response", + "initiator" + ], + "type": "object" + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "oidc_backchannel_logout_failed", + "description": "Failed OIDC Back-Channel Logout request", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "log_id", + "type" + ], + "type": "object" + }, + "oidc_backchannel_logout_succeeded": { + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "errors": { + "items": { + "type": "string" + }, + "type": "array" + }, + "initiator": { + "type": "string" + }, + "request": { + "properties": { + "backchannel_logout_uri": { + "type": "string" + }, + "method": { + "type": "string" + } + }, + "required": [ + "method", + "backchannel_logout_uri" + ], + "type": "object" + }, + "response": { + "properties": { + "statusCode": { + "type": "number" + } + }, + "required": [ + "statusCode" + ], + "type": "object" + } + }, + "required": [ + "request", + "response", + "initiator" + ], + "type": "object" + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "oidc_backchannel_logout_succeeded", + "description": "Successful OIDC Back-Channel Logout request", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "log_id", + "type" + ], + "type": "object" + }, + "pla": { + "description": "Generated before a login and helps in monitoring the behavior of bot detection without having to enable it.", + "properties": { + "auth0_client": { + "anyOf": [ + { + "$ref": "#/definitions/Auth0ClientProp" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "ipOnAllowlist": { + "type": "boolean" + }, + "requiresVerification": { + "type": "boolean" + }, + "session_id": { + "type": "string" + } + }, + "required": [ + "ipOnAllowlist", + "requiresVerification", + "session_id" + ], + "type": "object" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "pla", + "description": "Pre-Login Assessment", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "auth0_client", + "client_name", + "description", + "details", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "pwd_leak": { + "description": "Someone behind the IP address ip attempted to login with a leaked password", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "pwd_leak", + "description": "Breached Password - Login", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "resource_cleanup": { + "description": "Emitted when resources exceeding defined limits were removed. Normally related to refresh tokens", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "endCount": { + "type": "number" + }, + "removedCount": { + "type": "number" + }, + "resource": { + "type": "string" + }, + "start": { + "type": "number" + } + }, + "required": [ + "start", + "removedCount", + "endCount" + ], + "type": "object" + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "resource_cleanup", + "description": "Refresh Token Excess Warning", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "log_id", + "type" + ], + "type": "object" + }, + "s": { + "description": "Successful Login", + "properties": { + "auth0_client": { + "anyOf": [ + { + "$ref": "#/definitions/Auth0ClientProp" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "allOf": [ + { + "$ref": "#/definitions/AuthDetailsBase" + } + ] + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "organization_id": { + "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.", + "type": "string" + }, + "organization_name": { + "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "s", + "description": "Successful Login", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "auth0_client", + "client_name", + "description", + "details", + "hostname", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" + }, + "sapi": { + "description": "Successful API Operation Only emitted by the Management API on POST, DELETE, PATCH, and PUT", + "properties": { + "auth0_client": { + "anyOf": [ + { + "$ref": "#/definitions/Auth0ClientProp" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "accessedSecrets": { + "items": { + "type": "string" + }, + "type": "array" + }, + "request": { + "type": "object" + }, + "response": { + "type": "object" + } + }, + "required": [ + "request", + "response" + ], + "type": "object" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "references": { + "description": "Content of the `x-correlation-id` header associated with the management API call, if the feature is enabled", + "properties": { + "correlation_id": { + "maxLength": 64, + "type": "string" + } + }, + "required": [ + "correlation_id" + ], + "type": "object" + }, + "type": { + "const": "sapi", + "description": "Successful API Operation", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "auth0_client", + "client_name", + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "sce": { + "description": "Successful Change Email", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "body": { + "properties": { + "client_id": { + "type": "string" + }, + "connection": { + "type": "string" + }, + "email": { + "type": "string" + }, + "email_verified": { + "type": "string" + }, + "newEmail": { + "type": "string" + }, + "tenant": { + "type": "string" + }, + "user_id": { + "type": "string" + }, + "verify": { + "type": "boolean" + } + }, + "required": [ + "client_id", + "connection", + "email", + "email_verified", + "newEmail", + "user_id", + "tenant", + "verify" + ], + "type": "object" + } + }, + "required": [ + "body" + ], + "type": "object" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "sce", + "description": "Successful Change Email", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" + }, + "scoa": { + "description": "Successful Cross-Origin Authentication", + "properties": { + "auth0_client": { + "anyOf": [ + { + "$ref": "#/definitions/Auth0ClientProp" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "actions": { + "$ref": "#/definitions/ActionExecutions" + }, + "completedAt": { + "type": "number" + }, + "elapsedTime": { + "type": [ + "number", + "null" + ] + }, + "initiatedAt": { + "type": "number" + }, + "prompts": { + "items": { + "$ref": "#/definitions/AuthPrompt" + }, + "type": "array" + }, + "riskAssessment": { + "$ref": "#/definitions/RiskAssessment" + }, + "session_id": { + "type": "string" + } + }, + "type": "object" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "scoa", + "description": "Successful Cross-Origin Authentication", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "auth0_client", + "client_name", + "description", + "details", + "hostname", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" + }, + "scp": { + "description": "Successful Change Password", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "body": { + "type": "object" + }, + "email": { + "type": "string" + }, + "query": { + "type": "object" + }, + "title": { + "type": "string" + } + }, + "required": [ + "body" + ], + "type": "object" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "scp", + "description": "Successful Change Password", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" + }, + "scph": { + "description": "Successful Post Change Password Hook", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "context": { + "properties": { + "connection": { + "properties": { + "id": { + "type": "string" + }, + "name": { + "type": "string" + }, + "tenant": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "user": { + "properties": { + "email": { + "type": "string" + }, + "id": { + "type": "string" + }, + "last_password_reset": { + "type": "string" + }, + "user_id": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "scph", + "description": "Successful Post Change Password Hook", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" + }, + "scpn": { + "description": "Successful Change Phone Number", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "body": { + "properties": { + "client_id": { + "type": "string" + }, + "connection": { + "type": "string" + }, + "new_phone_number": { + "type": "string" + }, + "old_phone_number": { + "type": "string" + }, + "phone_verified": { + "type": "boolean" + }, + "tenant": { + "type": "string" + }, + "user_id": { + "type": "string" + }, + "verify": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [ + "body" + ], + "type": "object" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "scpn", + "description": "Successful Change Phone Number", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" + }, + "scpr": { + "description": "Successful Change Password Request", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "body": { + "properties": { + "client_id": { + "type": [ + "string", + "null" + ] + }, + "connection": { + "type": "string" + }, + "debug": { + "type": "boolean" + }, + "email": { + "type": "string" + }, + "includeEmailInRedirect": { + "type": "boolean" + }, + "markEmailAsVerified": { + "type": "boolean" + }, + "newPassword": { + "type": "string" + }, + "resultUrl": { + "type": "string" + }, + "tenant": { + "type": "string" + }, + "ttl_sec": { + "type": "string" + }, + "username": { + "type": "string" + }, + "verify": { + "type": "boolean" + } + }, + "type": "object" + }, + "resetUrl": { + "type": "string" + } + }, + "required": [ + "body" + ], + "type": "object" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "scpr", + "description": "Successful Change Password Request", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" + }, + "scu": { + "description": "Successful Change Username", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "body": { + "properties": { + "clientId": { + "type": "string" + }, + "connection": { + "type": "string" + }, + "email": { + "type": "string" + }, + "newUsername": { + "type": "string" + }, + "oldUsername": { + "type": "string" + }, + "tenant": { + "type": "string" + }, + "user_id": { + "type": "string" + } + }, + "required": [ + "newUsername", + "oldUsername" + ], + "type": "object" + } + }, + "required": [ + "body" + ], + "type": "object" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "scu", + "description": "Successful Change Username", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" + }, + "sd": { + "description": "Successful Delegation", + "properties": { + "auth0_client": { + "anyOf": [ + { + "$ref": "#/definitions/Auth0ClientProp" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "api_type": { + "type": "string" + }, + "device": { + "type": "string" + }, + "grant_type": { + "type": "string" + }, + "scope": { + "type": [ + "string", + "null" + ] + }, + "target": { + "type": "string" + } + }, + "type": "object" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "sd", + "description": "Successful Delegation", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "auth0_client", + "client_name", + "description", + "details", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "sdu": { + "description": "Successful User Deletion", + "properties": { + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "body": { + "properties": { + "connection": { + "type": "string" + }, + "tenant": { + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "body" + ], + "type": "object" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "sdu", + "description": "Successful User Deletion", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" + }, + "seacft": { + "description": "Successful Exchange of Authorization Code for Access Token", + "properties": { + "auth0_client": { + "anyOf": [ + { + "$ref": "#/definitions/Auth0ClientProp" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "code": { + "type": "string" + } + }, + "type": "object" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "mtls_thumbprint_sha256": { + "description": "Representation of the client certificate used to authenticate the client as per RFC 8705 section 3.1. Only included in authorization and token exchanges using mtls as a client authentication method.", + "type": "string" + }, + "organization_id": { + "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.", + "type": "string" + }, + "organization_name": { + "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.", + "type": "string" + }, + "transaction_linking_id": { + "description": "Reflects the transaction linking ID provided at the start of the auth flow, if any. Only available when using decoupled authorization flows.", + "pattern": "^[A-Za-z0-9-_]{27}$", + "type": "string" + }, + "type": { + "const": "seacft", + "description": "Successful Exchange of Authorization Code for Access Token", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "auth0_client", + "client_name", + "description", + "details", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "seccft": { + "description": "Successful Exchange of Access Token for a Client Credentials Grant", + "properties": { + "audience": { + "description": "The audience in the JWT associated with the request.", + "type": "string" + }, + "auth0_client": { + "anyOf": [ + { + "$ref": "#/definitions/Auth0ClientProp" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "actions": { + "$ref": "#/definitions/ActionExecutions" + } + }, + "required": [ + "actions" + ], + "type": "object" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "mtls_thumbprint_sha256": { + "description": "Representation of the client certificate used to authenticate the client as per RFC 8705 section 3.1. Only included in authorization and token exchanges using mtls as a client authentication method.", + "type": "string" + }, + "organization_id": { + "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.", + "type": "string" + }, + "organization_name": { + "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.", + "type": "string" + }, + "scope": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ], + "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`" + }, + "type": { + "const": "seccft", + "description": "Successful Exchange of Access Token for a Client Credentials Grant", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "audience", + "auth0_client", + "client_name", + "description", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "sede": { + "description": "Successful Exchange of Device Code for Access Token", + "properties": { + "audience": { + "description": "The audience in the JWT associated with the request.", + "type": "string" + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "mtls_thumbprint_sha256": { + "description": "Representation of the client certificate used to authenticate the client as per RFC 8705 section 3.1. Only included in authorization and token exchanges using mtls as a client authentication method.", + "type": "string" + }, + "scope": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ], + "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`" + }, + "type": { + "const": "sede", + "description": "Successful Exchange of Device Code for Access Token", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "audience", + "client_name", + "description", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "sens": { + "description": "Successful Exchange - Native Social Login", + "properties": { + "audience": { + "description": "The audience in the JWT associated with the request.", + "type": "string" + }, + "auth0_client": { + "anyOf": [ + { + "$ref": "#/definitions/Auth0ClientProp" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "subject_token_type": { + "type": "string" + } + }, + "type": "object" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "scope": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ], + "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`" + }, + "type": { + "const": "sens", + "description": "Successful Exchange Native Login", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "audience", + "auth0_client", + "client_name", + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "seoobft": { + "description": "Successful Exchange of Password and OOB Challenge for Access Token", + "properties": { + "audience": { + "description": "The audience in the JWT associated with the request.", + "type": "string" + }, + "auth0_client": { + "anyOf": [ + { + "$ref": "#/definitions/Auth0ClientProp" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP from which we got the request. Note that this does not follow forwarded-for headers unlike the `ip` field which aims at describing the IP of the end user." + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "actions": { + "$ref": "#/definitions/ActionExecutions" + } + }, + "required": [ + "actions" + ], + "type": "object" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "scope": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ], + "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`" + }, + "type": { + "const": "seoobft", + "description": "Successful Exchange of Password and OOB Challenge for Access Token", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "audience", + "auth0_client", + "client_name", + "description", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "seotpft": { + "description": "Successful Exchange of Password and OTP Challenge for Access Token", + "properties": { + "audience": { + "description": "The audience in the JWT associated with the request.", + "type": "string" + }, + "auth0_client": { + "anyOf": [ + { + "$ref": "#/definitions/Auth0ClientProp" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP from which we got the request. Note that this does not follow forwarded-for headers unlike the `ip` field which aims at describing the IP of the end user." + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "scope": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ], + "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "audience", + "auth0_client", + "client_name", + "hostname", + "ip" + ], + "type": "object" + }, + "sepft": { + "description": "Successful Exchange of Password for Access Token", + "properties": { + "audience": { + "description": "The audience in the JWT associated with the request.", + "type": "string" + }, + "auth0_client": { + "anyOf": [ + { + "$ref": "#/definitions/Auth0ClientProp" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP from which we got the request. Note that this does not follow forwarded-for headers unlike the `ip` field which aims at describing the IP of the end user." + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "actions": { + "$ref": "#/definitions/ActionExecutions" + } + }, + "type": "object" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "mtls_thumbprint_sha256": { + "description": "Representation of the client certificate used to authenticate the client as per RFC 8705 section 3.1. Only included in authorization and token exchanges using mtls as a client authentication method.", + "type": "string" + }, + "scope": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ], + "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`" + }, + "type": { + "const": "sepft", + "description": "Successful Exchange of Password for Access Token", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "audience", + "auth0_client", + "client_name", + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "sercft": { + "description": "Successful Exchange of Password and MFA Recovery Codeode for Access Token", + "properties": { + "audience": { + "description": "The audience in the JWT associated with the request.", + "type": "string" + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP from which we got the request. Note that this does not follow forwarded-for headers unlike the `ip` field which aims at describing the IP of the end user." + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "scope": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ], + "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`" + }, + "type": { + "const": "sercft", + "description": "Successful Exchange of Password and MFA Recovery Code for Access Token", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "audience", + "client_name", + "description", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "sertft": { + "description": "Successful Exchange of Refresh Token for Access Token", + "properties": { + "audience": { + "description": "The audience in the JWT associated with the request.", + "type": "string" + }, + "auth0_client": { + "anyOf": [ + { + "$ref": "#/definitions/Auth0ClientProp" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "actions": { + "$ref": "#/definitions/ActionExecutions" + }, + "familyId": { + "type": "string" + }, + "tokenCounter": { + "type": "number" + } + }, + "type": "object" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "mtls_thumbprint_sha256": { + "description": "Representation of the client certificate used to authenticate the client as per RFC 8705 section 3.1. Only included in authorization and token exchanges using mtls as a client authentication method.", + "type": "string" + }, + "organization_id": { + "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.", + "type": "string" + }, + "organization_name": { + "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.", + "type": "string" + }, + "scope": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ], + "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`" + }, + "type": { + "const": "sertft", + "description": "Successful Exchange of Refresh Token for Access Token", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "audience", + "auth0_client", + "client_name", + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "si": { + "description": "Successfully accepted a user invitation", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "invitation": { + "properties": { + "client_id": { + "type": "string" + }, + "created_at": { + "type": "string" + }, + "expires_at": { + "type": "string" + }, + "id": { + "type": "string" + }, + "invitee": { + "properties": { + "email": { + "type": "string" + } + }, + "required": [ + "email" + ], + "type": "object" + }, + "inviter": { + "properties": { + "name": { + "type": "string" + }, + "organization_id": { + "type": "string" + } + }, + "type": "object" + }, + "roles": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ticket_id": { + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "invitation" + ], + "type": "object" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "organization_id": { + "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.", + "type": "string" + }, + "organization_name": { + "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.", + "type": "string" + }, + "type": { + "const": "si", + "description": "Successful Invite Accept", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "slo": { + "description": "Successful Logout", + "properties": { + "auth0_client": { + "anyOf": [ + { + "$ref": "#/definitions/Auth0ClientProp" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "allowed_logout_url": { + "items": { + "type": "string" + }, + "type": "array" + }, + "initiated_by": { + "type": "string" + }, + "protocol": { + "type": "string" + }, + "return_to": { + "type": "string" + }, + "session_id": { + "type": "string" + } + }, + "type": "object" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "slo", + "description": "Successful Logout", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "auth0_client", + "client_name", + "description", + "details", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "srrt": { + "description": "Successfully revoked a refresh token", + "properties": { + "auth0_client": { + "anyOf": [ + { + "$ref": "#/definitions/Auth0ClientProp" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "audience": { + "type": "string" + }, + "credential_id": { + "type": "string" + }, + "grant_id": { + "type": [ + "string", + "null" + ] + }, + "host": { + "type": "string" + }, + "method": { + "type": "string" + }, + "origin": { + "type": "string" + }, + "originUrl": { + "type": "string" + }, + "originalUrl": { + "type": "string" + }, + "xhr": { + "type": "string" + } + }, + "required": [ + "credential_id" + ], + "type": "object" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "srrt", + "description": "Successful Refresh Token Revocation", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "auth0_client", + "client_name", + "description", + "details", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "ss": { + "description": "Successful Signup", + "properties": { + "auth0_client": { + "anyOf": [ + { + "$ref": "#/definitions/Auth0ClientProp" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "allOf": [ + { + "$ref": "#/definitions/SignupDetails" + } + ] + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "organization_id": { + "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.", + "type": "string" + }, + "organization_name": { + "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "ss", + "description": "Successful Signup", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "auth0_client", + "client_name", + "description", + "details", + "hostname", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" + }, + "ssa": { + "description": "Successful Silent Auth", + "properties": { + "auth0_client": { + "anyOf": [ + { + "$ref": "#/definitions/Auth0ClientProp" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "allOf": [ + { + "$ref": "#/definitions/AuthDetailsBase" + } + ] + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "organization_id": { + "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.", + "type": "string" + }, + "organization_name": { + "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.", + "type": "string" + }, + "session_connection": { + "type": "string" + }, + "type": { + "const": "ssa", + "description": "Successful Silent Auth", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "auth0_client", + "client_name", + "description", + "details", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" + }, + "sui": { + "description": "Successful Users Import", + "properties": { + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "connection": { + "type": "string" + }, + "tenant": { + "type": "string" + } + }, + "type": "object" + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "sui", + "description": "Successful Users Import", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "log_id", + "type" + ], + "type": "object" + }, + "sv": { + "description": "Successfully consumed email verification link", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "body": { + "properties": { + "tenant": { + "type": "string" + }, + "ticket": { + "type": "string" + } + }, + "required": [ + "tenant", + "ticket" + ], + "type": "object" + }, + "email": { + "type": "string" + }, + "query": { + "properties": { + "client_id": { + "type": "string" + }, + "connection": { + "type": "string" + }, + "email": { + "type": "string" + }, + "idp_user_id": { + "type": "string" + }, + "includeEmailInRedirect": { + "type": "boolean" + }, + "resultUrl": { + "type": "string" + }, + "tenant": { + "type": "string" + }, + "user_id": { + "type": "string" + } + }, + "required": [ + "client_id", + "connection", + "email", + "idp_user_id", + "includeEmailInRedirect", + "resultUrl", + "tenant", + "user_id" + ], + "type": "object" + }, + "title": { + "type": "string" + } + }, + "type": "object" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "sv", + "description": "Successful Verification Email", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" + }, + "svr": { + "description": "Successfully called verification email endpoint. Verification email has been queued for sending.", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "body": { + "properties": { + "client_id": { + "type": "string" + }, + "connection": { + "type": "string" + }, + "email": { + "type": "string" + }, + "idp_user_id": { + "type": [ + "string", + "number" + ] + }, + "includeEmailInRedirect": { + "type": "boolean" + }, + "job_id": { + "type": "string" + }, + "provider": { + "type": "string" + }, + "resultUrl": { + "type": "string" + }, + "template": { + "properties": { + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "tenant": { + "type": "string" + }, + "to": { + "type": "string" + }, + "ttl_sec": { + "type": "number" + }, + "user_id": { + "type": "string" + }, + "verificationUrl": { + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "body" + ], + "type": "object" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "svr", + "description": "Successful Verification Email Request", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" + }, + "ublkdu": { + "description": "User block setup by anomaly detection has been released", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "email": { + "type": "string" + }, + "query": { + "type": "object" + }, + "request": { + "type": "object" + }, + "response": { + "type": "object" + }, + "title": { + "type": "string" + } + }, + "type": "object" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "ublkdu", + "description": "User login block released", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" + }, + "w": { + "description": "A warning has happened during a login flow", + "properties": { + "audience": { + "description": "The audience in the JWT associated with the request.", + "type": "string" + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "credentials_tenant": { + "type": "string" + }, + "host_tenant": { + "type": "string" + }, + "method": { + "type": "string" + }, + "opts": { + "properties": { + "search": { + "type": "string" + } + }, + "type": "object" + }, + "original_profile": { + "type": "string" + }, + "path": { + "type": "string" + }, + "referer": { + "type": "string" + }, + "request": { + "type": "object" + }, + "response": { + "type": "object" + }, + "session_id": { + "type": "string" + } + }, + "type": "object" + }, + "ip": { + "anyOf": [ + { + "$ref": "#/definitions/IPV4" + }, + { + "$ref": "#/definitions/IPV6" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "mtls_thumbprint_sha256": { + "description": "Representation of the client certificate used to authenticate the client as per RFC 8705 section 3.1. Only included in authorization and token exchanges using mtls as a client authentication method.", + "type": "string" + }, + "scope": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ], + "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "tracking_id": { + "type": "string" + }, + "type": { + "const": "w", + "description": "Warning", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "audience", + "client_name", + "description", + "details", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" + } + } +} diff --git a/logs/log-types/api_limit.schema.json b/logs/log-types/api_limit.schema.json new file mode 100644 index 0000000..6ba5043 --- /dev/null +++ b/logs/log-types/api_limit.schema.json @@ -0,0 +1,123 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "The maximum number of requests to the Authentication or Management APIs in given time was reached", + "properties": { + "auth0_client": { + "anyOf": [ + { + "properties": { + "env": { + "type": "object" + }, + "name": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "request": { + "properties": { + "method": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "response": { + "type": "string" + } + }, + "type": "object" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "api_limit", + "description": "Rate Limit notice on Authentication or Management API", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "auth0_client", + "client_name", + "description", + "details", + "hostname", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/cls.schema.json b/logs/log-types/cls.schema.json new file mode 100644 index 0000000..cac262d --- /dev/null +++ b/logs/log-types/cls.schema.json @@ -0,0 +1,147 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Passwordless Login Code/Link Sent", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "body": { + "properties": { + "authParams": {}, + "client_id": { + "type": "string" + }, + "connection": { + "type": "string" + }, + "email": { + "type": "string" + }, + "send": { + "type": "string" + }, + "tenant": { + "type": "string" + }, + "transaction": {} + }, + "required": [ + "client_id", + "connection", + "email", + "tenant" + ], + "type": "object" + }, + "link": { + "type": "string" + } + }, + "required": [ + "link", + "body" + ], + "type": "object" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "cls", + "description": "Code or Link Sent for Passwordless Login", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/cs.schema.json b/logs/log-types/cs.schema.json new file mode 100644 index 0000000..9cc18fe --- /dev/null +++ b/logs/log-types/cs.schema.json @@ -0,0 +1,186 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Passwordless Login Code Sent", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "body": { + "properties": { + "authParams": { + "properties": { + "audience": { + "type": "string" + }, + "redirect_uri": { + "type": "string" + }, + "response_type": { + "type": "string" + }, + "scope": { + "type": "string" + }, + "state": { + "type": "string" + } + }, + "required": [ + "audience", + "redirect_uri", + "response_type", + "scope", + "state" + ], + "type": "object" + }, + "client_id": { + "type": "string" + }, + "connection": { + "type": "string" + }, + "ip": { + "type": "string" + }, + "phone_number": { + "type": "string" + }, + "request_language": { + "type": "string" + }, + "send": { + "type": "string" + }, + "tenant": { + "type": "string" + }, + "user-agent": { + "type": "string" + }, + "username": { + "type": "string" + } + }, + "required": [ + "authParams", + "client_id", + "connection", + "ip", + "phone_number", + "request_language", + "send", + "tenant", + "user-agent", + "username" + ], + "type": "object" + } + }, + "required": [ + "body" + ], + "type": "object" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "cs", + "description": "Code Sent for Passwordless Login", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/depnote.schema.json b/logs/log-types/depnote.schema.json new file mode 100644 index 0000000..ed470c9 --- /dev/null +++ b/logs/log-types/depnote.schema.json @@ -0,0 +1,153 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Deprecation Notice", + "properties": { + "auth0_client": { + "anyOf": [ + { + "properties": { + "env": { + "type": "object" + }, + "name": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "feature": { + "properties": { + "description": { + "type": "string" + }, + "documentation": { + "type": "string" + }, + "id": { + "type": "string" + }, + "name": { + "type": "string" + }, + "tenant_from_host": { + "type": "string" + } + }, + "required": [ + "description", + "documentation", + "id", + "name" + ], + "type": "object" + }, + "method": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "required": [ + "feature" + ], + "type": "object" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "depnote", + "description": "Deprecation Notice", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "auth0_client", + "client_name", + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/f.schema.json b/logs/log-types/f.schema.json new file mode 100644 index 0000000..0ea548f --- /dev/null +++ b/logs/log-types/f.schema.json @@ -0,0 +1,233 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Failed Login This is only emitted if the error is not covered by the `fp` or `fu` log types", + "properties": { + "auth0_client": { + "anyOf": [ + { + "properties": { + "env": { + "type": "object" + }, + "name": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "details": { + "properties": { + "error": { + "properties": { + "message": { + "type": "string" + }, + "oauthError": { + "type": "string" + }, + "payload": { + "properties": { + "attempt": { + "type": "number" + }, + "authorized": { + "description": "min-length 1", + "items": { + "type": "string" + }, + "type": "array" + }, + "clientID": { + "type": "string" + }, + "code": { + "type": "string" + }, + "message": { + "type": "string" + }, + "name": { + "type": "string" + }, + "status": { + "type": "string" + } + }, + "required": [ + "attempt", + "authorized", + "clientID", + "code", + "message", + "name", + "status" + ], + "type": "object" + }, + "type": { + "type": "string" + }, + "uri": { + "type": "string" + } + }, + "required": [ + "message", + "oauthError" + ], + "type": "object" + }, + "qs": { + "type": "object" + }, + "riskAssessment": { + "type": "string" + }, + "session_id": { + "type": "string" + }, + "stats": { + "properties": { + "loginsCount": { + "description": "The number of logins this user has done, if available. Logins done with a valid username and password always increment this count, even if further steps in the process cause the login to fail (MFA, extensibility, etc.) Null values should be treated as missing data and not as 0.", + "type": [ + "number", + "null" + ] + } + }, + "required": [ + "loginsCount" + ], + "type": "object" + } + }, + "required": [ + "error" + ], + "type": "object" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "organization_id": { + "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.", + "type": "string" + }, + "organization_name": { + "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.", + "type": "string" + }, + "scope": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ], + "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "auth0_client", + "client_name", + "details", + "hostname", + "ip", + "strategy", + "strategy_type" + ], + "type": "object" +} diff --git a/logs/log-types/fce.schema.json b/logs/log-types/fce.schema.json new file mode 100644 index 0000000..08978f6 --- /dev/null +++ b/logs/log-types/fce.schema.json @@ -0,0 +1,116 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Failed to change user email", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "details": { + "properties": { + "body": { + "properties": { + "client_id": { + "type": "string" + }, + "connection": { + "type": "string" + }, + "email": { + "type": "string" + }, + "email_verified": { + "type": "boolean" + }, + "newEmail": { + "type": "string" + }, + "tenant": { + "type": "string" + }, + "user_id": { + "type": "string" + }, + "verify": { + "type": "boolean" + } + }, + "required": [ + "client_id", + "connection", + "email", + "email_verified", + "newEmail", + "tenant", + "user_id", + "verify" + ], + "type": "object" + } + }, + "required": [ + "body" + ], + "type": "object" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "details", + "strategy", + "strategy_type" + ], + "type": "object" +} diff --git a/logs/log-types/fco.schema.json b/logs/log-types/fco.schema.json new file mode 100644 index 0000000..c95ce13 --- /dev/null +++ b/logs/log-types/fco.schema.json @@ -0,0 +1,170 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Failed due to CORS. Is the origin in the Allowed Origins list for the specified application?", + "properties": { + "auth0_client": { + "anyOf": [ + { + "properties": { + "env": { + "type": "object" + }, + "name": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "allowedOrigins": { + "items": { + "type": "string" + }, + "type": "array" + }, + "headers": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "host": { + "type": "string" + }, + "method": { + "type": "string" + }, + "origin": { + "type": "string" + }, + "originUrl": { + "type": "string" + }, + "originalUrl": { + "type": "string" + }, + "session_id": { + "type": "string" + }, + "webOrigins": { + "items": { + "type": "string" + }, + "type": "array" + }, + "xhr": { + "type": "boolean" + } + }, + "required": [ + "allowedOrigins", + "headers", + "host", + "method", + "origin", + "xhr" + ], + "type": "object" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "fco", + "description": "Failed due to CORS", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "auth0_client", + "client_name", + "description", + "details", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/fcoa.schema.json b/logs/log-types/fcoa.schema.json new file mode 100644 index 0000000..eb866b7 --- /dev/null +++ b/logs/log-types/fcoa.schema.json @@ -0,0 +1,269 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Failed Cross-Origin Authentication", + "properties": { + "audience": { + "description": "The audience in the JWT associated with the request.", + "type": "string" + }, + "auth0_client": { + "anyOf": [ + { + "properties": { + "env": { + "type": "object" + }, + "name": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "actions": { + "properties": { + "executions": { + "description": "List of executions triggered by this auth flow. Executions can be retrieved with https://auth0.com/docs/api/management/v2/actions/get-execution", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "executions" + ], + "type": "object" + }, + "body": { + "type": "object" + }, + "connection": { + "type": "string" + }, + "error": { + "properties": { + "message": { + "type": "string" + }, + "oauthError": { + "type": "string" + }, + "payload": { + "properties": { + "attempt": { + "type": "number" + }, + "authorized": { + "description": "min-length 1", + "items": { + "type": "string" + }, + "type": "array" + }, + "clientID": { + "type": "string" + }, + "code": { + "type": "string" + }, + "message": { + "type": "string" + }, + "name": { + "type": "string" + }, + "status": { + "type": "string" + } + }, + "required": [ + "attempt", + "authorized", + "clientID", + "code", + "message", + "name", + "status" + ], + "type": "object" + }, + "type": { + "type": "string" + }, + "uri": { + "type": "string" + } + }, + "required": [ + "message", + "oauthError" + ], + "type": "object" + }, + "qs": { + "type": "object" + }, + "session_connection": { + "type": "string" + }, + "stats": { + "properties": { + "loginsCount": { + "description": "The number of logins this user has done, if available. Logins done with a valid username and password always increment this count, even if further steps in the process cause the login to fail (MFA, extensibility, etc.) Null values should be treated as missing data and not as 0.", + "type": [ + "number", + "null" + ] + } + }, + "required": [ + "loginsCount" + ], + "type": "object" + } + }, + "required": [ + "error", + "connection", + "body" + ], + "type": "object" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "scope": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ], + "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "fcoa", + "description": "Failed Cross-Origin Authentication", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "audience", + "auth0_client", + "client_name", + "description", + "details", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/fcp.schema.json b/logs/log-types/fcp.schema.json new file mode 100644 index 0000000..0ad3262 --- /dev/null +++ b/logs/log-types/fcp.schema.json @@ -0,0 +1,190 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Failed Change Password", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "body": { + "properties": { + "_csrf": { + "type": "string" + }, + "confirmNewPassword": { + "type": "string" + }, + "newPassword": { + "type": "string" + }, + "ticket": { + "type": "string" + } + }, + "required": [ + "confirmNewPassword", + "newPassword", + "_csrf", + "ticket" + ], + "type": "object" + }, + "description": { + "type": "string" + }, + "query": { + "properties": { + "client_id": { + "type": "string" + }, + "connection": { + "type": "string" + }, + "email": { + "type": "string" + }, + "includeEmailInRedirect": { + "type": "boolean" + }, + "markEmailAsVerified": { + "type": "boolean" + }, + "newPassword": { + "type": "string" + }, + "resultUrl": { + "type": "string" + }, + "tenant": { + "type": "string" + }, + "user_id": { + "type": "string" + }, + "username": { + "type": "string" + } + }, + "required": [ + "client_id", + "connection", + "email", + "includeEmailInRedirect", + "markEmailAsVerified", + "newPassword", + "resultUrl", + "tenant", + "user_id", + "username" + ], + "type": "object" + } + }, + "required": [ + "body", + "description", + "query" + ], + "type": "object" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "fcp", + "description": "Failed Change Password", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/fcph.schema.json b/logs/log-types/fcph.schema.json new file mode 100644 index 0000000..154114a --- /dev/null +++ b/logs/log-types/fcph.schema.json @@ -0,0 +1,129 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Failed Post Change Password Hook", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "actions": { + "properties": { + "executions": { + "description": "List of executions triggered by this auth flow. Executions can be retrieved with https://auth0.com/docs/api/management/v2/actions/get-execution", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "executions" + ], + "type": "object" + } + }, + "required": [ + "actions" + ], + "type": "object" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "fcph", + "description": "Failed Post Change Password Hook", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/fcpn.schema.json b/logs/log-types/fcpn.schema.json new file mode 100644 index 0000000..f97e9a0 --- /dev/null +++ b/logs/log-types/fcpn.schema.json @@ -0,0 +1,154 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Failed Change Phone Number", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "body": { + "properties": { + "client_id": { + "type": "string" + }, + "connection": { + "type": "string" + }, + "new_phone_number": { + "type": "string" + }, + "old_phone_number": { + "type": "string" + }, + "phone_verified": { + "type": "string" + }, + "tenant": { + "type": "string" + }, + "user_id": { + "type": "string" + }, + "verify": { + "type": "boolean" + } + }, + "required": [ + "client_id", + "connection", + "new_phone_number", + "old_phone_number", + "phone_verified", + "tenant", + "user_id", + "verify" + ], + "type": "object" + } + }, + "required": [ + "body" + ], + "type": "object" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "fcpn", + "description": "Failed Change Phone Number", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/fcpr.schema.json b/logs/log-types/fcpr.schema.json new file mode 100644 index 0000000..48a8504 --- /dev/null +++ b/logs/log-types/fcpr.schema.json @@ -0,0 +1,158 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Failed Change Password Request", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "body": { + "properties": { + "client_id": { + "type": "string" + }, + "connection": { + "type": "string" + }, + "debug": { + "type": "boolean" + }, + "description": { + "type": "string" + }, + "email": { + "type": "string" + }, + "newPassword": { + "type": "string" + }, + "tenant": { + "type": "string" + }, + "ttl_sec": { + "type": "number" + }, + "username": { + "type": "string" + }, + "verify": { + "type": "boolean" + } + }, + "required": [ + "client_id", + "connection", + "debug", + "verify", + "email", + "tenant" + ], + "type": "object" + } + }, + "required": [ + "body" + ], + "type": "object" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "fcpr", + "description": "Failed Change Password Request", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/fcpro.schema.json b/logs/log-types/fcpro.schema.json new file mode 100644 index 0000000..08ca967 --- /dev/null +++ b/logs/log-types/fcpro.schema.json @@ -0,0 +1,97 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Failed to provision a AD/LDAP connector", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "properties": { + "details": { + "type": "string" + } + }, + "required": [ + "details" + ], + "type": "object" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "fcpro", + "description": "Failed Connector Provisioning", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/fcu.schema.json b/logs/log-types/fcu.schema.json new file mode 100644 index 0000000..46a5c4a --- /dev/null +++ b/logs/log-types/fcu.schema.json @@ -0,0 +1,150 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Failed to change username", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "body": { + "properties": { + "client_id": { + "type": "string" + }, + "connection": { + "type": "string" + }, + "email": { + "type": "string" + }, + "newUername": { + "type": "string" + }, + "oldUsername": { + "type": "string" + }, + "tenant": { + "type": "string" + }, + "user_id": { + "type": "string" + } + }, + "required": [ + "client_id", + "connection", + "email", + "newUername", + "oldUsername", + "tenant", + "user_id" + ], + "type": "object" + } + }, + "required": [ + "body" + ], + "type": "object" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "fcu", + "description": "Failed Change Username", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/fd.schema.json b/logs/log-types/fd.schema.json new file mode 100644 index 0000000..d54b4b2 --- /dev/null +++ b/logs/log-types/fd.schema.json @@ -0,0 +1,141 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Failed to generate delegation token", + "properties": { + "auth0_client": { + "anyOf": [ + { + "properties": { + "env": { + "type": "object" + }, + "name": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "api_type": { + "type": "string" + }, + "device": { + "type": "string" + }, + "grant_type": { + "type": "string" + }, + "scope": { + "type": "string" + }, + "target": { + "type": "string" + } + }, + "required": [ + "grant_type" + ], + "type": "object" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "fd", + "description": "Failed Delegation", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "auth0_client", + "client_name", + "description", + "details", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/fdeac.schema.json b/logs/log-types/fdeac.schema.json new file mode 100644 index 0000000..c631f98 --- /dev/null +++ b/logs/log-types/fdeac.schema.json @@ -0,0 +1,155 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Failed Device Confirmation - Device Activation Failure", + "properties": { + "audience": { + "description": "The audience in the JWT associated with the request.", + "type": "string" + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "code": { + "type": "string" + }, + "connection": { + "type": "string" + }, + "error": { + "properties": { + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "session_id": { + "type": "string" + } + }, + "required": [ + "code", + "session_id" + ], + "type": "object" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "scope": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ], + "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "fdeac", + "description": "Failed Device Confirmation - Device Activation Failure", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "audience", + "client_name", + "description", + "details", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/fdeaz.schema.json b/logs/log-types/fdeaz.schema.json new file mode 100644 index 0000000..00bbc93 --- /dev/null +++ b/logs/log-types/fdeaz.schema.json @@ -0,0 +1,162 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Failed Device Confirmation - Request Failure", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "body": { + "properties": { + "audience": { + "type": "string" + }, + "client_id": { + "type": "string" + }, + "scope": { + "type": "string" + } + }, + "required": [ + "client_id", + "scope" + ], + "type": "object" + }, + "error": { + "properties": { + "message": { + "type": "string" + }, + "oauthError": { + "type": "string" + }, + "payload": { + "properties": { + "attempt": { + "type": "number" + }, + "authorized": { + "description": "min-length 1", + "items": { + "type": "string" + }, + "type": "array" + }, + "clientID": { + "type": "string" + }, + "code": { + "type": "string" + }, + "message": { + "type": "string" + }, + "name": { + "type": "string" + }, + "status": { + "type": "string" + } + }, + "required": [ + "attempt", + "authorized", + "clientID", + "code", + "message", + "name", + "status" + ], + "type": "object" + }, + "type": { + "type": "string" + }, + "uri": { + "type": "string" + } + }, + "required": [ + "message", + "oauthError" + ], + "type": "object" + }, + "qs": { + "type": "object" + } + }, + "required": [ + "body" + ], + "type": "object" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "fdeaz", + "description": "Failed Device Confirmation - Request Failure", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/fdecc.schema.json b/logs/log-types/fdecc.schema.json new file mode 100644 index 0000000..7d7deca --- /dev/null +++ b/logs/log-types/fdecc.schema.json @@ -0,0 +1,85 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Failed Device Confirmation - User Canceled", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "session_id": { + "type": "string" + } + }, + "required": [ + "session_id" + ], + "type": "object" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "fdecc", + "description": "Failed Device Confirmation - User Canceled", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/fdu.schema.json b/logs/log-types/fdu.schema.json new file mode 100644 index 0000000..0a63158 --- /dev/null +++ b/logs/log-types/fdu.schema.json @@ -0,0 +1,114 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Failed User Deletion", + "properties": { + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "body": { + "properties": { + "connection": { + "type": "string" + }, + "tenant": { + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "body" + ], + "type": "object" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "fdu", + "description": "Failed User Deletion", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/feacft.schema.json b/logs/log-types/feacft.schema.json new file mode 100644 index 0000000..b1e3695 --- /dev/null +++ b/logs/log-types/feacft.schema.json @@ -0,0 +1,134 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Failed to Exchange Authorization Code for Access Token", + "properties": { + "auth0_client": { + "anyOf": [ + { + "properties": { + "env": { + "type": "object" + }, + "name": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "code": { + "type": [ + "string", + "null" + ] + } + }, + "type": "object" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "transaction_linking_id": { + "description": "Reflects the transaction linking ID provided at the start of the auth flow, if any. Only available when using decoupled authorization flows.", + "pattern": "^[A-Za-z0-9-_]{27}$", + "type": "string" + }, + "type": { + "const": "feacft", + "description": "Failed Exchange of Authorization Code for Access Token", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "auth0_client", + "client_name", + "description", + "details", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/feccft.schema.json b/logs/log-types/feccft.schema.json new file mode 100644 index 0000000..c4ca6ad --- /dev/null +++ b/logs/log-types/feccft.schema.json @@ -0,0 +1,144 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Failed exchange of Access Token for a Client Credentials Grant", + "properties": { + "audience": { + "description": "The audience in the JWT associated with the request.", + "type": "string" + }, + "auth0_client": { + "anyOf": [ + { + "properties": { + "env": { + "type": "object" + }, + "name": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "client_authentoication_error": { + "type": "string" + } + }, + "type": "object" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "organization_id": { + "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.", + "type": "string" + }, + "organization_name": { + "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.", + "type": "string" + }, + "scope": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ], + "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`" + }, + "type": { + "const": "feccft", + "description": "Failed Exchange of Access Token for a Client Credentials Grant", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "audience", + "auth0_client", + "client_name", + "description", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/fede.schema.json b/logs/log-types/fede.schema.json new file mode 100644 index 0000000..132094c --- /dev/null +++ b/logs/log-types/fede.schema.json @@ -0,0 +1,88 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Failed to exchange Device Code for Access Token", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "fede", + "description": "Failed Exchange of Device Code for Access Token", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/fens.schema.json b/logs/log-types/fens.schema.json new file mode 100644 index 0000000..e99fe0e --- /dev/null +++ b/logs/log-types/fens.schema.json @@ -0,0 +1,148 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Failed exchange for Native Social Login", + "properties": { + "audience": { + "description": "The audience in the JWT associated with the request.", + "type": "string" + }, + "auth0_client": { + "anyOf": [ + { + "properties": { + "env": { + "type": "object" + }, + "name": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "subject_token_type": { + "type": "string" + } + }, + "required": [ + "subject_token_type" + ], + "type": "object" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "scope": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ], + "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`" + }, + "type": { + "const": "fens", + "description": "Failed Exchange for Native Social Login", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "audience", + "auth0_client", + "client_name", + "description", + "details", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/feoobft.schema.json b/logs/log-types/feoobft.schema.json new file mode 100644 index 0000000..5d5a6af --- /dev/null +++ b/logs/log-types/feoobft.schema.json @@ -0,0 +1,117 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Failed exchange of Password and OOB Challenge for Access Token", + "properties": { + "audience": { + "description": "The audience in the JWT associated with the request.", + "type": "string" + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP from which we got the request. Note that this does not follow forwarded-for headers unlike the `ip` field which aims at describing the IP of the end user." + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "scope": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ], + "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`" + }, + "type": { + "const": "feoobft", + "description": "Failed Exchange of Password and OOB Challenge for Access Token", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "audience", + "client_name", + "description", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/feotpft.schema.json b/logs/log-types/feotpft.schema.json new file mode 100644 index 0000000..cf1e720 --- /dev/null +++ b/logs/log-types/feotpft.schema.json @@ -0,0 +1,148 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Failed exchange of Password and OTP Challenge for Access Token", + "properties": { + "audience": { + "description": "The audience in the JWT associated with the request.", + "type": "string" + }, + "auth0_client": { + "anyOf": [ + { + "properties": { + "env": { + "type": "object" + }, + "name": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP from which we got the request. Note that this does not follow forwarded-for headers unlike the `ip` field which aims at describing the IP of the end user." + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "scope": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ], + "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`" + }, + "type": { + "const": "feotpft", + "description": "Failed Exchange of Password and OTP Challenge for Access Token", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "audience", + "auth0_client", + "client_name", + "description", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/fepft.schema.json b/logs/log-types/fepft.schema.json new file mode 100644 index 0000000..cd06abb --- /dev/null +++ b/logs/log-types/fepft.schema.json @@ -0,0 +1,148 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Failed exchange of Password for Access Token", + "properties": { + "audience": { + "description": "The audience in the JWT associated with the request.", + "type": "string" + }, + "auth0_client": { + "anyOf": [ + { + "properties": { + "env": { + "type": "object" + }, + "name": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP from which we got the request. Note that this does not follow forwarded-for headers unlike the `ip` field which aims at describing the IP of the end user." + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "scope": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ], + "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`" + }, + "type": { + "const": "fepft", + "description": "Failed Exchange of Password for Access Token", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "audience", + "auth0_client", + "client_name", + "description", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/fepotpft.schema.json b/logs/log-types/fepotpft.schema.json new file mode 100644 index 0000000..31964e3 --- /dev/null +++ b/logs/log-types/fepotpft.schema.json @@ -0,0 +1,148 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Failed exchange of Passwordless OTP for Access Token", + "properties": { + "audience": { + "description": "The audience in the JWT associated with the request.", + "type": "string" + }, + "auth0_client": { + "anyOf": [ + { + "properties": { + "env": { + "type": "object" + }, + "name": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP from which we got the request. Note that this does not follow forwarded-for headers unlike the `ip` field which aims at describing the IP of the end user." + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "scope": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ], + "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`" + }, + "type": { + "const": "fepotpft", + "description": "Failed Exchange of Passwordless OTP for Access Token", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "audience", + "auth0_client", + "client_name", + "description", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/fercft.schema.json b/logs/log-types/fercft.schema.json new file mode 100644 index 0000000..5bde1c2 --- /dev/null +++ b/logs/log-types/fercft.schema.json @@ -0,0 +1,117 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Failed Exchange of Password and MFA Recovery Code for Access Token", + "properties": { + "audience": { + "description": "The audience in the JWT associated with the request.", + "type": "string" + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP from which we got the request. Note that this does not follow forwarded-for headers unlike the `ip` field which aims at describing the IP of the end user." + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "scope": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ], + "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`" + }, + "type": { + "const": "fepotpft", + "description": "Failed Exchange of Passwordless OTP for Access Token", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "audience", + "client_name", + "description", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/ferrt.schema.json b/logs/log-types/ferrt.schema.json new file mode 100644 index 0000000..904a2b5 --- /dev/null +++ b/logs/log-types/ferrt.schema.json @@ -0,0 +1,156 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Failed Exchange of Rotating Refresh Token. This could occur when reuse is detected.", + "properties": { + "audience": { + "description": "The audience in the JWT associated with the request.", + "type": "string" + }, + "auth0_client": { + "anyOf": [ + { + "properties": { + "env": { + "type": "object" + }, + "name": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "familyId": { + "type": "string" + }, + "latestCounter": { + "type": "number" + }, + "tokenCounter": { + "type": "number" + } + }, + "required": [ + "familyId", + "latestCounter", + "tokenCounter" + ], + "type": "object" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "scope": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ], + "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`" + }, + "type": { + "const": "ferrt", + "description": "Failed Exchange of Rotating Refresh Token", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "audience", + "auth0_client", + "client_name", + "description", + "details", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/fertft.schema.json b/logs/log-types/fertft.schema.json new file mode 100644 index 0000000..8fa4ae3 --- /dev/null +++ b/logs/log-types/fertft.schema.json @@ -0,0 +1,157 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Failed Exchange of Refresh Token for Access Token. This could occur if the refresh token is revoked or expired.", + "properties": { + "audience": { + "description": "The audience in the JWT associated with the request.", + "type": "string" + }, + "auth0_client": { + "anyOf": [ + { + "properties": { + "env": { + "type": "object" + }, + "name": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "actions": { + "properties": { + "executions": { + "description": "List of executions triggered by this auth flow. Executions can be retrieved with https://auth0.com/docs/api/management/v2/actions/get-execution", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "executions" + ], + "type": "object" + } + }, + "type": "object" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "scope": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ], + "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`" + }, + "type": { + "const": "fertft", + "description": "Failed Exchange of Refresh Token for Access Token", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "audience", + "auth0_client", + "client_name", + "description", + "details", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/fi.schema.json b/logs/log-types/fi.schema.json new file mode 100644 index 0000000..2040997 --- /dev/null +++ b/logs/log-types/fi.schema.json @@ -0,0 +1,165 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Failed to accept a user invitation. This could happen if the user accepts an invitation using a different email address than provided in the invitation, or due to a system failure while provisioning the invitation.", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "invitation": { + "properties": { + "client_id": { + "type": "string" + }, + "created_at": { + "type": "string" + }, + "expires_at": { + "type": "string" + }, + "id": { + "type": "string" + }, + "invitee": { + "properties": { + "email": { + "type": "string" + } + }, + "required": [ + "email" + ], + "type": "object" + }, + "inviter": { + "properties": { + "name": { + "type": "string" + }, + "organization_id": { + "type": "string" + } + }, + "required": [ + "name", + "organization_id" + ], + "type": "object" + }, + "roles": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ticket_id": { + "type": "string" + } + }, + "required": [ + "client_id", + "created_at", + "expires_at", + "id", + "invitee", + "inviter", + "roles", + "ticket_id" + ], + "type": "object" + } + }, + "required": [ + "invitation" + ], + "type": "object" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "organization_id": { + "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.", + "type": "string" + }, + "organization_name": { + "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.", + "type": "string" + }, + "type": { + "const": "fi", + "description": "failed Invite Accept", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/flo.schema.json b/logs/log-types/flo.schema.json new file mode 100644 index 0000000..b9946f1 --- /dev/null +++ b/logs/log-types/flo.schema.json @@ -0,0 +1,145 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Failed Logout", + "properties": { + "auth0_client": { + "anyOf": [ + { + "properties": { + "env": { + "type": "object" + }, + "name": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "allowed_logout_url": { + "items": { + "type": "string" + }, + "type": "array" + }, + "initiated_by": { + "type": "string" + }, + "protocol": { + "type": "string" + }, + "return_to": { + "type": "string" + }, + "session_id": { + "type": "string" + } + }, + "required": [ + "allowed_logout_url", + "return_to" + ], + "type": "object" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "flo", + "description": "Failed Logout", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "auth0_client", + "client_name", + "description", + "details", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/fn.schema.json b/logs/log-types/fn.schema.json new file mode 100644 index 0000000..879a3bf --- /dev/null +++ b/logs/log-types/fn.schema.json @@ -0,0 +1,72 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Failed Notification", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "email_type": { + "type": "string" + }, + "error": { + "type": "string" + }, + "to": { + "type": "string" + } + }, + "required": [ + "email_type", + "to" + ], + "type": "object" + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "fn", + "description": "Failed Notification", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/fp.schema.json b/logs/log-types/fp.schema.json new file mode 100644 index 0000000..43ff97d --- /dev/null +++ b/logs/log-types/fp.schema.json @@ -0,0 +1,150 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Failed login due to invalid password", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "consoleOut": {}, + "error": { + "anyOf": [ + { + "properties": { + "message": { + "type": "string" + } + }, + "required": [ + "message" + ], + "type": "object" + }, + { + "properties": { + "reason": { + "type": "string" + } + }, + "required": [ + "reason" + ], + "type": "object" + } + ] + } + }, + "required": [ + "error" + ], + "type": "object" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "organization_id": { + "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.", + "type": "string" + }, + "organization_name": { + "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "fp", + "description": "Failed Login - Invalid Password", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/fpar.schema.json b/logs/log-types/fpar.schema.json new file mode 100644 index 0000000..0f452c5 --- /dev/null +++ b/logs/log-types/fpar.schema.json @@ -0,0 +1,201 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Failed Push Authorization Request", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "error": { + "properties": { + "message": { + "type": "string" + }, + "oauthError": { + "type": "string" + }, + "payload": { + "properties": { + "attempt": { + "type": "number" + }, + "authorized": { + "description": "min-length 1", + "items": { + "type": "string" + }, + "type": "array" + }, + "clientID": { + "type": "string" + }, + "code": { + "type": "string" + }, + "message": { + "type": "string" + }, + "name": { + "type": "string" + }, + "status": { + "type": "string" + } + }, + "required": [ + "attempt", + "authorized", + "clientID", + "code", + "message", + "name", + "status" + ], + "type": "object" + }, + "type": { + "type": "string" + }, + "uri": { + "type": "string" + } + }, + "required": [ + "message", + "oauthError" + ], + "type": "object" + }, + "qs": { + "type": "object" + }, + "riskAssessment": { + "type": "string" + }, + "session_id": { + "type": "string" + }, + "stats": { + "properties": { + "loginsCount": { + "description": "The number of logins this user has done, if available. Logins done with a valid username and password always increment this count, even if further steps in the process cause the login to fail (MFA, extensibility, etc.) Null values should be treated as missing data and not as 0.", + "type": [ + "number", + "null" + ] + } + }, + "required": [ + "loginsCount" + ], + "type": "object" + } + }, + "required": [ + "error" + ], + "type": "object" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "organization_id": { + "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.", + "type": "string" + }, + "organization_name": { + "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.", + "type": "string" + }, + "scope": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ], + "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`" + }, + "type": { + "const": "fpar", + "description": "Failed Push Authorization Request", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/fpurh.schema.json b/logs/log-types/fpurh.schema.json new file mode 100644 index 0000000..9bd07f4 --- /dev/null +++ b/logs/log-types/fpurh.schema.json @@ -0,0 +1,108 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Failed Post User Registration Hook", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "fpurh", + "description": "Failed Post User Registration Hook", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/fs.schema.json b/logs/log-types/fs.schema.json new file mode 100644 index 0000000..8b06d8a --- /dev/null +++ b/logs/log-types/fs.schema.json @@ -0,0 +1,137 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Failed Signup", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "phone_number": { + "type": "string" + }, + "phone_risk_assessment": { + "properties": { + "country_code": { + "type": "number" + }, + "is_valid": { + "type": "boolean" + }, + "line_type": { + "type": "string" + }, + "risk_level": { + "type": "string" + } + }, + "required": [ + "line_type", + "risk_level", + "country_code", + "is_valid" + ], + "type": "object" + } + }, + "type": "object" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "fs", + "description": "Failed Signup", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/fsa.schema.json b/logs/log-types/fsa.schema.json new file mode 100644 index 0000000..c075223 --- /dev/null +++ b/logs/log-types/fsa.schema.json @@ -0,0 +1,138 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Failed Silent Auth", + "properties": { + "audience": { + "description": "The audience in the JWT associated with the request.", + "type": "string" + }, + "auth0_client": { + "anyOf": [ + { + "properties": { + "env": { + "type": "object" + }, + "name": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "organization_id": { + "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.", + "type": "string" + }, + "organization_name": { + "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.", + "type": "string" + }, + "scope": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ], + "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`" + }, + "type": { + "const": "fsa", + "description": "Failed Silent Auth", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "audience", + "auth0_client", + "client_name", + "description", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/fu.schema.json b/logs/log-types/fu.schema.json new file mode 100644 index 0000000..e4327a0 --- /dev/null +++ b/logs/log-types/fu.schema.json @@ -0,0 +1,131 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Failed login due to invalid username", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "error": { + "properties": { + "message": { + "type": "string" + } + }, + "required": [ + "message" + ], + "type": "object" + } + }, + "type": "object" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "organization_id": { + "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.", + "type": "string" + }, + "organization_name": { + "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "fu", + "description": "Failed Login - Invalid username", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/fv.schema.json b/logs/log-types/fv.schema.json new file mode 100644 index 0000000..46d4fd6 --- /dev/null +++ b/logs/log-types/fv.schema.json @@ -0,0 +1,191 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Failed to send verification email", + "properties": { + "body": { + "type": "object" + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "body": { + "properties": { + "tenant": { + "type": "string" + }, + "ticket": { + "type": "string" + } + }, + "required": [ + "tenant", + "ticket" + ], + "type": "object" + }, + "email": { + "type": "string" + }, + "query": { + "properties": { + "client_id": { + "type": "string" + }, + "connection": { + "type": "string" + }, + "email": { + "type": "string" + }, + "idp_user_id": { + "type": "string" + }, + "includeEmailInRedirect": { + "type": "string" + }, + "resultUrl": { + "type": "string" + }, + "tenant": { + "type": "string" + }, + "user_id": { + "type": "string" + } + }, + "required": [ + "client_id", + "connection", + "email", + "idp_user_id", + "includeEmailInRedirect", + "resultUrl", + "tenant", + "user_id" + ], + "type": "object" + }, + "title": { + "type": "string" + } + }, + "required": [ + "query" + ], + "type": "object" + }, + "email": { + "type": "string" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "query": { + "type": "object" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "title": { + "type": "string" + }, + "type": { + "const": "fv", + "description": "Failed Verification Email", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "body", + "client_name", + "description", + "details", + "email", + "ip", + "log_id", + "query", + "strategy", + "strategy_type", + "title", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/fvr.schema.json b/logs/log-types/fvr.schema.json new file mode 100644 index 0000000..817de1d --- /dev/null +++ b/logs/log-types/fvr.schema.json @@ -0,0 +1,173 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Failed to proces verification email request", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "body": { + "properties": { + "client_id": { + "type": "string" + }, + "connection": { + "type": "string" + }, + "email": { + "type": "string" + }, + "idp_user_id": { + "type": [ + "string", + "number" + ] + }, + "includeEmailInRedirect": { + "type": "boolean" + }, + "job_id": { + "type": "string" + }, + "provider": { + "type": "string" + }, + "resultUrl": { + "type": "string" + }, + "template": { + "properties": { + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "tenant": { + "type": "string" + }, + "to": { + "type": "string" + }, + "ttl_sec": { + "type": "number" + }, + "user_id": { + "type": "string" + }, + "verificationUrl": { + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "body" + ], + "type": "object" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "fvr", + "description": "Failed Verification Email Request", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/gd_auth_email_verification.schema.json b/logs/log-types/gd_auth_email_verification.schema.json new file mode 100644 index 0000000..a61a8e3 --- /dev/null +++ b/logs/log-types/gd_auth_email_verification.schema.json @@ -0,0 +1,163 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "properties": { + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "allOf": [ + { + "properties": { + "authenticator": { + "properties": { + "id": { + "type": [ + "string", + "null" + ] + }, + "type": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "device_id": { + "type": "string" + }, + "enrollment": { + "properties": { + "_id": { + "type": "string" + }, + "identifier": { + "type": "string" + }, + "name": { + "type": "string" + }, + "phone_number": { + "type": [ + "string", + "null" + ] + }, + "tenant": { + "type": "string" + }, + "user_id": { + "type": "string" + } + }, + "required": [ + "_id", + "tenant", + "user_id" + ], + "type": "object" + }, + "failure_details": { + "properties": { + "errorCode": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "errorCode", + "message" + ], + "type": "object" + }, + "first_factor": { + "type": "boolean" + }, + "provider_error": { + "properties": { + "errorCode": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "errorCode", + "message" + ], + "type": "object" + }, + "request": { + "type": "object" + }, + "response": { + "type": "object" + }, + "session_id": { + "type": "string" + } + }, + "type": "object" + } + ] + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "gd_auth_email_verification", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/gd_auth_failed.schema.json b/logs/log-types/gd_auth_failed.schema.json new file mode 100644 index 0000000..8c477dc --- /dev/null +++ b/logs/log-types/gd_auth_failed.schema.json @@ -0,0 +1,219 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Multi-factor authentication failed. This could happen due to a wrong code entered for SMS/Voice/Email/TOTP factors, or a system failure.", + "properties": { + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "authenticator": { + "properties": { + "id": { + "type": [ + "string", + "null" + ] + }, + "type": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "device_id": { + "type": "string" + }, + "enrollment": { + "properties": { + "_id": { + "type": "string" + }, + "identifier": { + "type": "string" + }, + "name": { + "type": "string" + }, + "phone_number": { + "type": [ + "string", + "null" + ] + }, + "tenant": { + "type": "string" + }, + "user_id": { + "type": "string" + } + }, + "required": [ + "_id", + "tenant", + "user_id" + ], + "type": "object" + }, + "failure_details": { + "properties": { + "errorCode": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "errorCode", + "message" + ], + "type": "object" + }, + "first_factor": { + "type": "boolean" + }, + "provider_error": { + "properties": { + "errorCode": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "errorCode", + "message" + ], + "type": "object" + }, + "request": { + "properties": { + "auth": { + "properties": { + "scopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "strategy": { + "type": "string" + } + }, + "required": [ + "scopes", + "strategy" + ], + "type": "object" + }, + "body": { + "properties": { + "code": { + "type": "string" + } + }, + "required": [ + "code" + ], + "type": "object" + }, + "ip": { + "type": "string" + }, + "method": { + "type": "string" + }, + "path": { + "type": "string" + }, + "query": { + "type": "string" + }, + "userAgent": { + "type": "string" + } + }, + "required": [ + "auth", + "body", + "ip", + "method", + "path", + "query", + "userAgent" + ], + "type": "object" + }, + "response": { + "type": "object" + }, + "session_id": { + "type": "string" + } + }, + "required": [ + "request", + "response" + ], + "type": "object" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "gd_auth_failed", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/gd_auth_rejected.schema.json b/logs/log-types/gd_auth_rejected.schema.json new file mode 100644 index 0000000..61bf632 --- /dev/null +++ b/logs/log-types/gd_auth_rejected.schema.json @@ -0,0 +1,164 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "User rejected a multi-factor authentication request via push-notification", + "properties": { + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "allOf": [ + { + "properties": { + "authenticator": { + "properties": { + "id": { + "type": [ + "string", + "null" + ] + }, + "type": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "device_id": { + "type": "string" + }, + "enrollment": { + "properties": { + "_id": { + "type": "string" + }, + "identifier": { + "type": "string" + }, + "name": { + "type": "string" + }, + "phone_number": { + "type": [ + "string", + "null" + ] + }, + "tenant": { + "type": "string" + }, + "user_id": { + "type": "string" + } + }, + "required": [ + "_id", + "tenant", + "user_id" + ], + "type": "object" + }, + "failure_details": { + "properties": { + "errorCode": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "errorCode", + "message" + ], + "type": "object" + }, + "first_factor": { + "type": "boolean" + }, + "provider_error": { + "properties": { + "errorCode": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "errorCode", + "message" + ], + "type": "object" + }, + "request": { + "type": "object" + }, + "response": { + "type": "object" + }, + "session_id": { + "type": "string" + } + }, + "type": "object" + } + ] + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "gd_auth_rejected", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/gd_auth_succeed.schema.json b/logs/log-types/gd_auth_succeed.schema.json new file mode 100644 index 0000000..c7d8d14 --- /dev/null +++ b/logs/log-types/gd_auth_succeed.schema.json @@ -0,0 +1,163 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "properties": { + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "allOf": [ + { + "properties": { + "authenticator": { + "properties": { + "id": { + "type": [ + "string", + "null" + ] + }, + "type": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "device_id": { + "type": "string" + }, + "enrollment": { + "properties": { + "_id": { + "type": "string" + }, + "identifier": { + "type": "string" + }, + "name": { + "type": "string" + }, + "phone_number": { + "type": [ + "string", + "null" + ] + }, + "tenant": { + "type": "string" + }, + "user_id": { + "type": "string" + } + }, + "required": [ + "_id", + "tenant", + "user_id" + ], + "type": "object" + }, + "failure_details": { + "properties": { + "errorCode": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "errorCode", + "message" + ], + "type": "object" + }, + "first_factor": { + "type": "boolean" + }, + "provider_error": { + "properties": { + "errorCode": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "errorCode", + "message" + ], + "type": "object" + }, + "request": { + "type": "object" + }, + "response": { + "type": "object" + }, + "session_id": { + "type": "string" + } + }, + "type": "object" + } + ] + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "gd_auth_succeed", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/gd_enrollment_complete.schema.json b/logs/log-types/gd_enrollment_complete.schema.json new file mode 100644 index 0000000..c723d81 --- /dev/null +++ b/logs/log-types/gd_enrollment_complete.schema.json @@ -0,0 +1,164 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "A first time MFA user has successfully enrolled using one of the factors", + "properties": { + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "allOf": [ + { + "properties": { + "authenticator": { + "properties": { + "id": { + "type": [ + "string", + "null" + ] + }, + "type": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "device_id": { + "type": "string" + }, + "enrollment": { + "properties": { + "_id": { + "type": "string" + }, + "identifier": { + "type": "string" + }, + "name": { + "type": "string" + }, + "phone_number": { + "type": [ + "string", + "null" + ] + }, + "tenant": { + "type": "string" + }, + "user_id": { + "type": "string" + } + }, + "required": [ + "_id", + "tenant", + "user_id" + ], + "type": "object" + }, + "failure_details": { + "properties": { + "errorCode": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "errorCode", + "message" + ], + "type": "object" + }, + "first_factor": { + "type": "boolean" + }, + "provider_error": { + "properties": { + "errorCode": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "errorCode", + "message" + ], + "type": "object" + }, + "request": { + "type": "object" + }, + "response": { + "type": "object" + }, + "session_id": { + "type": "string" + } + }, + "type": "object" + } + ] + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "gd_enrollment_complete", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/gd_otp_rate_limit_exceed.schema.json b/logs/log-types/gd_otp_rate_limit_exceed.schema.json new file mode 100644 index 0000000..bdd26d5 --- /dev/null +++ b/logs/log-types/gd_otp_rate_limit_exceed.schema.json @@ -0,0 +1,164 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "A user, during enrollment or authentication, enters an incorrect code more than the maximum allowed number of times. Ex: A user enrolling in SMS enters the 6-digit code wrong more than 10 times in a row.", + "properties": { + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "allOf": [ + { + "properties": { + "authenticator": { + "properties": { + "id": { + "type": [ + "string", + "null" + ] + }, + "type": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "device_id": { + "type": "string" + }, + "enrollment": { + "properties": { + "_id": { + "type": "string" + }, + "identifier": { + "type": "string" + }, + "name": { + "type": "string" + }, + "phone_number": { + "type": [ + "string", + "null" + ] + }, + "tenant": { + "type": "string" + }, + "user_id": { + "type": "string" + } + }, + "required": [ + "_id", + "tenant", + "user_id" + ], + "type": "object" + }, + "failure_details": { + "properties": { + "errorCode": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "errorCode", + "message" + ], + "type": "object" + }, + "first_factor": { + "type": "boolean" + }, + "provider_error": { + "properties": { + "errorCode": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "errorCode", + "message" + ], + "type": "object" + }, + "request": { + "type": "object" + }, + "response": { + "type": "object" + }, + "session_id": { + "type": "string" + } + }, + "type": "object" + } + ] + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "gd_otp_rate_limit_exceed", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/gd_recovery_failed.schema.json b/logs/log-types/gd_recovery_failed.schema.json new file mode 100644 index 0000000..321b806 --- /dev/null +++ b/logs/log-types/gd_recovery_failed.schema.json @@ -0,0 +1,164 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "A user entered a wrong Recovery Code when attempting to authenticate", + "properties": { + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "allOf": [ + { + "properties": { + "authenticator": { + "properties": { + "id": { + "type": [ + "string", + "null" + ] + }, + "type": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "device_id": { + "type": "string" + }, + "enrollment": { + "properties": { + "_id": { + "type": "string" + }, + "identifier": { + "type": "string" + }, + "name": { + "type": "string" + }, + "phone_number": { + "type": [ + "string", + "null" + ] + }, + "tenant": { + "type": "string" + }, + "user_id": { + "type": "string" + } + }, + "required": [ + "_id", + "tenant", + "user_id" + ], + "type": "object" + }, + "failure_details": { + "properties": { + "errorCode": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "errorCode", + "message" + ], + "type": "object" + }, + "first_factor": { + "type": "boolean" + }, + "provider_error": { + "properties": { + "errorCode": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "errorCode", + "message" + ], + "type": "object" + }, + "request": { + "type": "object" + }, + "response": { + "type": "object" + }, + "session_id": { + "type": "string" + } + }, + "type": "object" + } + ] + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "gd_recovery_failed", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/gd_recovery_succeed.schema.json b/logs/log-types/gd_recovery_succeed.schema.json new file mode 100644 index 0000000..61b6ede --- /dev/null +++ b/logs/log-types/gd_recovery_succeed.schema.json @@ -0,0 +1,163 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "properties": { + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "allOf": [ + { + "properties": { + "authenticator": { + "properties": { + "id": { + "type": [ + "string", + "null" + ] + }, + "type": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "device_id": { + "type": "string" + }, + "enrollment": { + "properties": { + "_id": { + "type": "string" + }, + "identifier": { + "type": "string" + }, + "name": { + "type": "string" + }, + "phone_number": { + "type": [ + "string", + "null" + ] + }, + "tenant": { + "type": "string" + }, + "user_id": { + "type": "string" + } + }, + "required": [ + "_id", + "tenant", + "user_id" + ], + "type": "object" + }, + "failure_details": { + "properties": { + "errorCode": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "errorCode", + "message" + ], + "type": "object" + }, + "first_factor": { + "type": "boolean" + }, + "provider_error": { + "properties": { + "errorCode": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "errorCode", + "message" + ], + "type": "object" + }, + "request": { + "type": "object" + }, + "response": { + "type": "object" + }, + "session_id": { + "type": "string" + } + }, + "type": "object" + } + ] + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "gd_recovery_succeed", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/gd_send_email.schema.json b/logs/log-types/gd_send_email.schema.json new file mode 100644 index 0000000..8aa708e --- /dev/null +++ b/logs/log-types/gd_send_email.schema.json @@ -0,0 +1,163 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "properties": { + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "allOf": [ + { + "properties": { + "authenticator": { + "properties": { + "id": { + "type": [ + "string", + "null" + ] + }, + "type": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "device_id": { + "type": "string" + }, + "enrollment": { + "properties": { + "_id": { + "type": "string" + }, + "identifier": { + "type": "string" + }, + "name": { + "type": "string" + }, + "phone_number": { + "type": [ + "string", + "null" + ] + }, + "tenant": { + "type": "string" + }, + "user_id": { + "type": "string" + } + }, + "required": [ + "_id", + "tenant", + "user_id" + ], + "type": "object" + }, + "failure_details": { + "properties": { + "errorCode": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "errorCode", + "message" + ], + "type": "object" + }, + "first_factor": { + "type": "boolean" + }, + "provider_error": { + "properties": { + "errorCode": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "errorCode", + "message" + ], + "type": "object" + }, + "request": { + "type": "object" + }, + "response": { + "type": "object" + }, + "session_id": { + "type": "string" + } + }, + "type": "object" + } + ] + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "gd_send_email", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/gd_send_email_failure.schema.json b/logs/log-types/gd_send_email_failure.schema.json new file mode 100644 index 0000000..175b56f --- /dev/null +++ b/logs/log-types/gd_send_email_failure.schema.json @@ -0,0 +1,163 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "properties": { + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "allOf": [ + { + "properties": { + "authenticator": { + "properties": { + "id": { + "type": [ + "string", + "null" + ] + }, + "type": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "device_id": { + "type": "string" + }, + "enrollment": { + "properties": { + "_id": { + "type": "string" + }, + "identifier": { + "type": "string" + }, + "name": { + "type": "string" + }, + "phone_number": { + "type": [ + "string", + "null" + ] + }, + "tenant": { + "type": "string" + }, + "user_id": { + "type": "string" + } + }, + "required": [ + "_id", + "tenant", + "user_id" + ], + "type": "object" + }, + "failure_details": { + "properties": { + "errorCode": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "errorCode", + "message" + ], + "type": "object" + }, + "first_factor": { + "type": "boolean" + }, + "provider_error": { + "properties": { + "errorCode": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "errorCode", + "message" + ], + "type": "object" + }, + "request": { + "type": "object" + }, + "response": { + "type": "object" + }, + "session_id": { + "type": "string" + } + }, + "type": "object" + } + ] + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "gd_send_email_failure", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/gd_send_pn.schema.json b/logs/log-types/gd_send_pn.schema.json new file mode 100644 index 0000000..dcaa59f --- /dev/null +++ b/logs/log-types/gd_send_pn.schema.json @@ -0,0 +1,164 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Push notification for MFA sent successfully sent", + "properties": { + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "allOf": [ + { + "properties": { + "authenticator": { + "properties": { + "id": { + "type": [ + "string", + "null" + ] + }, + "type": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "device_id": { + "type": "string" + }, + "enrollment": { + "properties": { + "_id": { + "type": "string" + }, + "identifier": { + "type": "string" + }, + "name": { + "type": "string" + }, + "phone_number": { + "type": [ + "string", + "null" + ] + }, + "tenant": { + "type": "string" + }, + "user_id": { + "type": "string" + } + }, + "required": [ + "_id", + "tenant", + "user_id" + ], + "type": "object" + }, + "failure_details": { + "properties": { + "errorCode": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "errorCode", + "message" + ], + "type": "object" + }, + "first_factor": { + "type": "boolean" + }, + "provider_error": { + "properties": { + "errorCode": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "errorCode", + "message" + ], + "type": "object" + }, + "request": { + "type": "object" + }, + "response": { + "type": "object" + }, + "session_id": { + "type": "string" + } + }, + "type": "object" + } + ] + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "gd_send_pn", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/gd_send_pn_failure.schema.json b/logs/log-types/gd_send_pn_failure.schema.json new file mode 100644 index 0000000..5ecf319 --- /dev/null +++ b/logs/log-types/gd_send_pn_failure.schema.json @@ -0,0 +1,164 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Push notification for MFA failed", + "properties": { + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "allOf": [ + { + "properties": { + "authenticator": { + "properties": { + "id": { + "type": [ + "string", + "null" + ] + }, + "type": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "device_id": { + "type": "string" + }, + "enrollment": { + "properties": { + "_id": { + "type": "string" + }, + "identifier": { + "type": "string" + }, + "name": { + "type": "string" + }, + "phone_number": { + "type": [ + "string", + "null" + ] + }, + "tenant": { + "type": "string" + }, + "user_id": { + "type": "string" + } + }, + "required": [ + "_id", + "tenant", + "user_id" + ], + "type": "object" + }, + "failure_details": { + "properties": { + "errorCode": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "errorCode", + "message" + ], + "type": "object" + }, + "first_factor": { + "type": "boolean" + }, + "provider_error": { + "properties": { + "errorCode": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "errorCode", + "message" + ], + "type": "object" + }, + "request": { + "type": "object" + }, + "response": { + "type": "object" + }, + "session_id": { + "type": "string" + } + }, + "type": "object" + } + ] + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "gd_send_pn_failure", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/gd_send_sms.schema.json b/logs/log-types/gd_send_sms.schema.json new file mode 100644 index 0000000..d0b9624 --- /dev/null +++ b/logs/log-types/gd_send_sms.schema.json @@ -0,0 +1,163 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "properties": { + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "allOf": [ + { + "properties": { + "authenticator": { + "properties": { + "id": { + "type": [ + "string", + "null" + ] + }, + "type": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "device_id": { + "type": "string" + }, + "enrollment": { + "properties": { + "_id": { + "type": "string" + }, + "identifier": { + "type": "string" + }, + "name": { + "type": "string" + }, + "phone_number": { + "type": [ + "string", + "null" + ] + }, + "tenant": { + "type": "string" + }, + "user_id": { + "type": "string" + } + }, + "required": [ + "_id", + "tenant", + "user_id" + ], + "type": "object" + }, + "failure_details": { + "properties": { + "errorCode": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "errorCode", + "message" + ], + "type": "object" + }, + "first_factor": { + "type": "boolean" + }, + "provider_error": { + "properties": { + "errorCode": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "errorCode", + "message" + ], + "type": "object" + }, + "request": { + "type": "object" + }, + "response": { + "type": "object" + }, + "session_id": { + "type": "string" + } + }, + "type": "object" + } + ] + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "gd_send_sms", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/gd_send_sms_failure.schema.json b/logs/log-types/gd_send_sms_failure.schema.json new file mode 100644 index 0000000..d92d94f --- /dev/null +++ b/logs/log-types/gd_send_sms_failure.schema.json @@ -0,0 +1,163 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "properties": { + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "allOf": [ + { + "properties": { + "authenticator": { + "properties": { + "id": { + "type": [ + "string", + "null" + ] + }, + "type": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "device_id": { + "type": "string" + }, + "enrollment": { + "properties": { + "_id": { + "type": "string" + }, + "identifier": { + "type": "string" + }, + "name": { + "type": "string" + }, + "phone_number": { + "type": [ + "string", + "null" + ] + }, + "tenant": { + "type": "string" + }, + "user_id": { + "type": "string" + } + }, + "required": [ + "_id", + "tenant", + "user_id" + ], + "type": "object" + }, + "failure_details": { + "properties": { + "errorCode": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "errorCode", + "message" + ], + "type": "object" + }, + "first_factor": { + "type": "boolean" + }, + "provider_error": { + "properties": { + "errorCode": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "errorCode", + "message" + ], + "type": "object" + }, + "request": { + "type": "object" + }, + "response": { + "type": "object" + }, + "session_id": { + "type": "string" + } + }, + "type": "object" + } + ] + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "gd_send_sms_failure", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/gd_send_voice.schema.json b/logs/log-types/gd_send_voice.schema.json new file mode 100644 index 0000000..94ab2ea --- /dev/null +++ b/logs/log-types/gd_send_voice.schema.json @@ -0,0 +1,163 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "properties": { + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "allOf": [ + { + "properties": { + "authenticator": { + "properties": { + "id": { + "type": [ + "string", + "null" + ] + }, + "type": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "device_id": { + "type": "string" + }, + "enrollment": { + "properties": { + "_id": { + "type": "string" + }, + "identifier": { + "type": "string" + }, + "name": { + "type": "string" + }, + "phone_number": { + "type": [ + "string", + "null" + ] + }, + "tenant": { + "type": "string" + }, + "user_id": { + "type": "string" + } + }, + "required": [ + "_id", + "tenant", + "user_id" + ], + "type": "object" + }, + "failure_details": { + "properties": { + "errorCode": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "errorCode", + "message" + ], + "type": "object" + }, + "first_factor": { + "type": "boolean" + }, + "provider_error": { + "properties": { + "errorCode": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "errorCode", + "message" + ], + "type": "object" + }, + "request": { + "type": "object" + }, + "response": { + "type": "object" + }, + "session_id": { + "type": "string" + } + }, + "type": "object" + } + ] + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "gd_send_voice", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/gd_send_voice_failure.schema.json b/logs/log-types/gd_send_voice_failure.schema.json new file mode 100644 index 0000000..b07f55f --- /dev/null +++ b/logs/log-types/gd_send_voice_failure.schema.json @@ -0,0 +1,163 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "properties": { + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "allOf": [ + { + "properties": { + "authenticator": { + "properties": { + "id": { + "type": [ + "string", + "null" + ] + }, + "type": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "device_id": { + "type": "string" + }, + "enrollment": { + "properties": { + "_id": { + "type": "string" + }, + "identifier": { + "type": "string" + }, + "name": { + "type": "string" + }, + "phone_number": { + "type": [ + "string", + "null" + ] + }, + "tenant": { + "type": "string" + }, + "user_id": { + "type": "string" + } + }, + "required": [ + "_id", + "tenant", + "user_id" + ], + "type": "object" + }, + "failure_details": { + "properties": { + "errorCode": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "errorCode", + "message" + ], + "type": "object" + }, + "first_factor": { + "type": "boolean" + }, + "provider_error": { + "properties": { + "errorCode": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "errorCode", + "message" + ], + "type": "object" + }, + "request": { + "type": "object" + }, + "response": { + "type": "object" + }, + "session_id": { + "type": "string" + } + }, + "type": "object" + } + ] + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "gd_send_voice_failure", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/gd_start_auth.schema.json b/logs/log-types/gd_start_auth.schema.json new file mode 100644 index 0000000..dcb703c --- /dev/null +++ b/logs/log-types/gd_start_auth.schema.json @@ -0,0 +1,171 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "properties": { + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "allOf": [ + { + "properties": { + "authenticator": { + "properties": { + "id": { + "type": [ + "string", + "null" + ] + }, + "type": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "device_id": { + "type": "string" + }, + "enrollment": { + "properties": { + "_id": { + "type": "string" + }, + "identifier": { + "type": "string" + }, + "name": { + "type": "string" + }, + "phone_number": { + "type": [ + "string", + "null" + ] + }, + "tenant": { + "type": "string" + }, + "user_id": { + "type": "string" + } + }, + "required": [ + "_id", + "tenant", + "user_id" + ], + "type": "object" + }, + "failure_details": { + "properties": { + "errorCode": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "errorCode", + "message" + ], + "type": "object" + }, + "first_factor": { + "type": "boolean" + }, + "provider_error": { + "properties": { + "errorCode": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "errorCode", + "message" + ], + "type": "object" + }, + "request": { + "type": "object" + }, + "response": { + "type": "object" + }, + "session_id": { + "type": "string" + } + }, + "type": "object" + } + ] + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "gd_start_auth", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/gd_start_enroll.schema.json b/logs/log-types/gd_start_enroll.schema.json new file mode 100644 index 0000000..6d5c5d8 --- /dev/null +++ b/logs/log-types/gd_start_enroll.schema.json @@ -0,0 +1,163 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "properties": { + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "allOf": [ + { + "properties": { + "authenticator": { + "properties": { + "id": { + "type": [ + "string", + "null" + ] + }, + "type": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "device_id": { + "type": "string" + }, + "enrollment": { + "properties": { + "_id": { + "type": "string" + }, + "identifier": { + "type": "string" + }, + "name": { + "type": "string" + }, + "phone_number": { + "type": [ + "string", + "null" + ] + }, + "tenant": { + "type": "string" + }, + "user_id": { + "type": "string" + } + }, + "required": [ + "_id", + "tenant", + "user_id" + ], + "type": "object" + }, + "failure_details": { + "properties": { + "errorCode": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "errorCode", + "message" + ], + "type": "object" + }, + "first_factor": { + "type": "boolean" + }, + "provider_error": { + "properties": { + "errorCode": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "errorCode", + "message" + ], + "type": "object" + }, + "request": { + "type": "object" + }, + "response": { + "type": "object" + }, + "session_id": { + "type": "string" + } + }, + "type": "object" + } + ] + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "gd_start_enroll", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/gd_start_enroll_failed.schema.json b/logs/log-types/gd_start_enroll_failed.schema.json new file mode 100644 index 0000000..655b671 --- /dev/null +++ b/logs/log-types/gd_start_enroll_failed.schema.json @@ -0,0 +1,163 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "properties": { + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "allOf": [ + { + "properties": { + "authenticator": { + "properties": { + "id": { + "type": [ + "string", + "null" + ] + }, + "type": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "device_id": { + "type": "string" + }, + "enrollment": { + "properties": { + "_id": { + "type": "string" + }, + "identifier": { + "type": "string" + }, + "name": { + "type": "string" + }, + "phone_number": { + "type": [ + "string", + "null" + ] + }, + "tenant": { + "type": "string" + }, + "user_id": { + "type": "string" + } + }, + "required": [ + "_id", + "tenant", + "user_id" + ], + "type": "object" + }, + "failure_details": { + "properties": { + "errorCode": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "errorCode", + "message" + ], + "type": "object" + }, + "first_factor": { + "type": "boolean" + }, + "provider_error": { + "properties": { + "errorCode": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "errorCode", + "message" + ], + "type": "object" + }, + "request": { + "type": "object" + }, + "response": { + "type": "object" + }, + "session_id": { + "type": "string" + } + }, + "type": "object" + } + ] + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "gd_start_enroll_failed", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/gd_tenant_update.schema.json b/logs/log-types/gd_tenant_update.schema.json new file mode 100644 index 0000000..21ea540 --- /dev/null +++ b/logs/log-types/gd_tenant_update.schema.json @@ -0,0 +1,163 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "properties": { + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "allOf": [ + { + "properties": { + "authenticator": { + "properties": { + "id": { + "type": [ + "string", + "null" + ] + }, + "type": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "device_id": { + "type": "string" + }, + "enrollment": { + "properties": { + "_id": { + "type": "string" + }, + "identifier": { + "type": "string" + }, + "name": { + "type": "string" + }, + "phone_number": { + "type": [ + "string", + "null" + ] + }, + "tenant": { + "type": "string" + }, + "user_id": { + "type": "string" + } + }, + "required": [ + "_id", + "tenant", + "user_id" + ], + "type": "object" + }, + "failure_details": { + "properties": { + "errorCode": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "errorCode", + "message" + ], + "type": "object" + }, + "first_factor": { + "type": "boolean" + }, + "provider_error": { + "properties": { + "errorCode": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "errorCode", + "message" + ], + "type": "object" + }, + "request": { + "type": "object" + }, + "response": { + "type": "object" + }, + "session_id": { + "type": "string" + } + }, + "type": "object" + } + ] + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "gd_tenant_update", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/gd_unenroll.schema.json b/logs/log-types/gd_unenroll.schema.json new file mode 100644 index 0000000..76ae968 --- /dev/null +++ b/logs/log-types/gd_unenroll.schema.json @@ -0,0 +1,163 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "properties": { + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "allOf": [ + { + "properties": { + "authenticator": { + "properties": { + "id": { + "type": [ + "string", + "null" + ] + }, + "type": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "device_id": { + "type": "string" + }, + "enrollment": { + "properties": { + "_id": { + "type": "string" + }, + "identifier": { + "type": "string" + }, + "name": { + "type": "string" + }, + "phone_number": { + "type": [ + "string", + "null" + ] + }, + "tenant": { + "type": "string" + }, + "user_id": { + "type": "string" + } + }, + "required": [ + "_id", + "tenant", + "user_id" + ], + "type": "object" + }, + "failure_details": { + "properties": { + "errorCode": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "errorCode", + "message" + ], + "type": "object" + }, + "first_factor": { + "type": "boolean" + }, + "provider_error": { + "properties": { + "errorCode": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "errorCode", + "message" + ], + "type": "object" + }, + "request": { + "type": "object" + }, + "response": { + "type": "object" + }, + "session_id": { + "type": "string" + } + }, + "type": "object" + } + ] + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "gd_unenroll", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/gd_update_device_account.schema.json b/logs/log-types/gd_update_device_account.schema.json new file mode 100644 index 0000000..d1a9360 --- /dev/null +++ b/logs/log-types/gd_update_device_account.schema.json @@ -0,0 +1,163 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "properties": { + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "allOf": [ + { + "properties": { + "authenticator": { + "properties": { + "id": { + "type": [ + "string", + "null" + ] + }, + "type": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "device_id": { + "type": "string" + }, + "enrollment": { + "properties": { + "_id": { + "type": "string" + }, + "identifier": { + "type": "string" + }, + "name": { + "type": "string" + }, + "phone_number": { + "type": [ + "string", + "null" + ] + }, + "tenant": { + "type": "string" + }, + "user_id": { + "type": "string" + } + }, + "required": [ + "_id", + "tenant", + "user_id" + ], + "type": "object" + }, + "failure_details": { + "properties": { + "errorCode": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "errorCode", + "message" + ], + "type": "object" + }, + "first_factor": { + "type": "boolean" + }, + "provider_error": { + "properties": { + "errorCode": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "errorCode", + "message" + ], + "type": "object" + }, + "request": { + "type": "object" + }, + "response": { + "type": "object" + }, + "session_id": { + "type": "string" + } + }, + "type": "object" + } + ] + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "gd_update_device_account", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/gd_webauthn_challenge_failed.schema.json b/logs/log-types/gd_webauthn_challenge_failed.schema.json new file mode 100644 index 0000000..c265b72 --- /dev/null +++ b/logs/log-types/gd_webauthn_challenge_failed.schema.json @@ -0,0 +1,171 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "properties": { + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "allOf": [ + { + "properties": { + "authenticator": { + "properties": { + "id": { + "type": [ + "string", + "null" + ] + }, + "type": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "device_id": { + "type": "string" + }, + "enrollment": { + "properties": { + "_id": { + "type": "string" + }, + "identifier": { + "type": "string" + }, + "name": { + "type": "string" + }, + "phone_number": { + "type": [ + "string", + "null" + ] + }, + "tenant": { + "type": "string" + }, + "user_id": { + "type": "string" + } + }, + "required": [ + "_id", + "tenant", + "user_id" + ], + "type": "object" + }, + "failure_details": { + "properties": { + "errorCode": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "errorCode", + "message" + ], + "type": "object" + }, + "first_factor": { + "type": "boolean" + }, + "provider_error": { + "properties": { + "errorCode": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "errorCode", + "message" + ], + "type": "object" + }, + "request": { + "type": "object" + }, + "response": { + "type": "object" + }, + "session_id": { + "type": "string" + } + }, + "type": "object" + } + ] + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "gd_webauthn_challenge_failed", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/gd_webauthn_enrollment_failed.schema.json b/logs/log-types/gd_webauthn_enrollment_failed.schema.json new file mode 100644 index 0000000..7fe9262 --- /dev/null +++ b/logs/log-types/gd_webauthn_enrollment_failed.schema.json @@ -0,0 +1,171 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "properties": { + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "allOf": [ + { + "properties": { + "authenticator": { + "properties": { + "id": { + "type": [ + "string", + "null" + ] + }, + "type": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "device_id": { + "type": "string" + }, + "enrollment": { + "properties": { + "_id": { + "type": "string" + }, + "identifier": { + "type": "string" + }, + "name": { + "type": "string" + }, + "phone_number": { + "type": [ + "string", + "null" + ] + }, + "tenant": { + "type": "string" + }, + "user_id": { + "type": "string" + } + }, + "required": [ + "_id", + "tenant", + "user_id" + ], + "type": "object" + }, + "failure_details": { + "properties": { + "errorCode": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "errorCode", + "message" + ], + "type": "object" + }, + "first_factor": { + "type": "boolean" + }, + "provider_error": { + "properties": { + "errorCode": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "errorCode", + "message" + ], + "type": "object" + }, + "request": { + "type": "object" + }, + "response": { + "type": "object" + }, + "session_id": { + "type": "string" + } + }, + "type": "object" + } + ] + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "gd_webauthn_enrollment_failed", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/limit_delegation.schema.json b/logs/log-types/limit_delegation.schema.json new file mode 100644 index 0000000..6f15826 --- /dev/null +++ b/logs/log-types/limit_delegation.schema.json @@ -0,0 +1,76 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "A user is temporarily prevented from logging in because of too many delegation requests", + "properties": { + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "limit_delegation", + "description": "Blocked Account - Too many Delegation requests", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/limit_mu.schema.json b/logs/log-types/limit_mu.schema.json new file mode 100644 index 0000000..f564c20 --- /dev/null +++ b/logs/log-types/limit_mu.schema.json @@ -0,0 +1,88 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "An IP address is blocked because it attempted too many failed logins without a successful login. Or an IP address is blocked because it attempted too many sign-ups, whether successful or failed.", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "limit_mu", + "description": "Blocked Account - Too many attempts or signups", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/limit_sul.schema.json b/logs/log-types/limit_sul.schema.json new file mode 100644 index 0000000..2144725 --- /dev/null +++ b/logs/log-types/limit_sul.schema.json @@ -0,0 +1,88 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "A user is temporarily prevented from logging in because they reached the maximum logins per time period from the same IP address", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "limit_sul", + "description": "Blocked Account - Logins per IP", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/limit_wc.schema.json b/logs/log-types/limit_wc.schema.json new file mode 100644 index 0000000..f64784e --- /dev/null +++ b/logs/log-types/limit_wc.schema.json @@ -0,0 +1,88 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "An IP address is blocked because it reached the maximum failed login attempts into a single account.", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "limit_wc", + "description": "Blocked Account - Failed Logins", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/mfar.schema.json b/logs/log-types/mfar.schema.json new file mode 100644 index 0000000..ab3925c --- /dev/null +++ b/logs/log-types/mfar.schema.json @@ -0,0 +1,225 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "A user has been prompted for multi-factor authentication (MFA). When using Adaptive MFA, Auth0 includes details about the risk assessment", + "properties": { + "auth0_client": { + "anyOf": [ + { + "properties": { + "env": { + "type": "object" + }, + "name": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP from which we got the request. Note that this does not follow forwarded-for headers unlike the `ip` field which aims at describing the IP of the end user." + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "assessments": { + "properties": { + "ImpossibleTravel": { + "properties": { + "code": { + "type": "string" + }, + "confidence": { + "type": "string" + } + }, + "required": [ + "code", + "confidence" + ], + "type": "object" + }, + "UntrustedIP": { + "properties": { + "code": { + "type": "string" + }, + "confidence": { + "type": "string" + }, + "details": { + "properties": { + "ip": { + "type": "string" + }, + "matches": { + "type": "string" + }, + "source": { + "type": "string" + } + }, + "required": [ + "ip", + "matches", + "source" + ], + "type": "object" + } + }, + "required": [ + "code", + "confidence", + "details" + ], + "type": "object" + } + }, + "type": "object" + }, + "confidence": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "confidence", + "version" + ], + "type": "object" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "mfar", + "description": "MFA Required", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "auth0_client", + "client_name", + "description", + "hostname", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/mgmt_api_read.schema.json b/logs/log-types/mgmt_api_read.schema.json new file mode 100644 index 0000000..4431ab4 --- /dev/null +++ b/logs/log-types/mgmt_api_read.schema.json @@ -0,0 +1,245 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Successful GET request on the management API. This event will only be emitted if a secret is returned.", + "properties": { + "auth0_client": { + "anyOf": [ + { + "properties": { + "env": { + "type": "object" + }, + "name": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "accessedSecrets": { + "items": { + "type": "string" + }, + "type": "array" + }, + "request": { + "properties": { + "auth": { + "properties": { + "credentials": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + }, + { + "properties": { + "jti": { + "type": "string" + } + }, + "type": "object" + } + ] + }, + "strategy": { + "type": "string" + }, + "user": { + "anyOf": [ + { + "type": "string" + }, + { + "properties": { + "email": { + "type": "string" + }, + "name": { + "type": "string" + }, + "user_id": { + "type": "string" + } + }, + "required": [ + "email", + "name" + ], + "type": "object" + } + ] + } + }, + "required": [ + "credentials", + "strategy", + "user" + ], + "type": "object" + }, + "channel": { + "type": "string" + }, + "ip": { + "type": "string" + }, + "method": { + "type": "string" + }, + "path": { + "type": "string" + }, + "query": { + "type": "object" + }, + "userAgent": { + "type": "string" + } + }, + "required": [ + "auth", + "channel", + "ip", + "method", + "path", + "query", + "userAgent" + ], + "type": "object" + }, + "response": { + "properties": { + "body": { + "anyOf": [ + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ] + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "statusCode", + "body" + ], + "type": "object" + } + }, + "required": [ + "accessedSecrets", + "request", + "response" + ], + "type": "object" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "references": { + "description": "Content of the `x-correlation-id` header associated with the management API call, if the feature is enabled", + "properties": { + "correlation_id": { + "maxLength": 64, + "type": "string" + } + }, + "required": [ + "correlation_id" + ], + "type": "object" + }, + "type": { + "const": "mgmt_api_read", + "description": "Management API Read Operation", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "auth0_client", + "client_name", + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/oidc_backchannel_logout_failed.schema.json b/logs/log-types/oidc_backchannel_logout_failed.schema.json new file mode 100644 index 0000000..90f7f25 --- /dev/null +++ b/logs/log-types/oidc_backchannel_logout_failed.schema.json @@ -0,0 +1,104 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "errors": { + "items": { + "type": "string" + }, + "type": "array" + }, + "initiator": { + "type": "string" + }, + "request": { + "properties": { + "backchannel_logout_uri": { + "type": "string" + }, + "method": { + "type": "string" + } + }, + "required": [ + "method", + "backchannel_logout_uri" + ], + "type": "object" + }, + "response": { + "properties": { + "statusCode": { + "type": "number" + } + }, + "required": [ + "statusCode" + ], + "type": "object" + } + }, + "required": [ + "request", + "response", + "initiator" + ], + "type": "object" + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "oidc_backchannel_logout_failed", + "description": "Failed OIDC Back-Channel Logout request", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/oidc_backchannel_logout_succeeded.schema.json b/logs/log-types/oidc_backchannel_logout_succeeded.schema.json new file mode 100644 index 0000000..4960c7f --- /dev/null +++ b/logs/log-types/oidc_backchannel_logout_succeeded.schema.json @@ -0,0 +1,104 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "errors": { + "items": { + "type": "string" + }, + "type": "array" + }, + "initiator": { + "type": "string" + }, + "request": { + "properties": { + "backchannel_logout_uri": { + "type": "string" + }, + "method": { + "type": "string" + } + }, + "required": [ + "method", + "backchannel_logout_uri" + ], + "type": "object" + }, + "response": { + "properties": { + "statusCode": { + "type": "number" + } + }, + "required": [ + "statusCode" + ], + "type": "object" + } + }, + "required": [ + "request", + "response", + "initiator" + ], + "type": "object" + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "oidc_backchannel_logout_succeeded", + "description": "Successful OIDC Back-Channel Logout request", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/pla.schema.json b/logs/log-types/pla.schema.json new file mode 100644 index 0000000..0d66a2d --- /dev/null +++ b/logs/log-types/pla.schema.json @@ -0,0 +1,137 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Generated before a login and helps in monitoring the behavior of bot detection without having to enable it.", + "properties": { + "auth0_client": { + "anyOf": [ + { + "properties": { + "env": { + "type": "object" + }, + "name": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "ipOnAllowlist": { + "type": "boolean" + }, + "requiresVerification": { + "type": "boolean" + }, + "session_id": { + "type": "string" + } + }, + "required": [ + "ipOnAllowlist", + "requiresVerification", + "session_id" + ], + "type": "object" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "pla", + "description": "Pre-Login Assessment", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "auth0_client", + "client_name", + "description", + "details", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/pwd_leak.schema.json b/logs/log-types/pwd_leak.schema.json new file mode 100644 index 0000000..16b2d47 --- /dev/null +++ b/logs/log-types/pwd_leak.schema.json @@ -0,0 +1,88 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Someone behind the IP address ip attempted to login with a leaked password", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "pwd_leak", + "description": "Breached Password - Login", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/resource_cleanup.schema.json b/logs/log-types/resource_cleanup.schema.json new file mode 100644 index 0000000..b6aa7b4 --- /dev/null +++ b/logs/log-types/resource_cleanup.schema.json @@ -0,0 +1,82 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Emitted when resources exceeding defined limits were removed. Normally related to refresh tokens", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "endCount": { + "type": "number" + }, + "removedCount": { + "type": "number" + }, + "resource": { + "type": "string" + }, + "start": { + "type": "number" + } + }, + "required": [ + "start", + "removedCount", + "endCount" + ], + "type": "object" + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "resource_cleanup", + "description": "Refresh Token Excess Warning", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/s.schema.json b/logs/log-types/s.schema.json new file mode 100644 index 0000000..77142c8 --- /dev/null +++ b/logs/log-types/s.schema.json @@ -0,0 +1,436 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Successful Login", + "properties": { + "auth0_client": { + "anyOf": [ + { + "properties": { + "env": { + "type": "object" + }, + "name": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "allOf": [ + { + "properties": { + "actions": { + "properties": { + "executions": { + "description": "List of executions triggered by this auth flow. Executions can be retrieved with https://auth0.com/docs/api/management/v2/actions/get-execution", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "executions" + ], + "type": "object" + }, + "completedAt": { + "type": "number" + }, + "elapsedTime": { + "type": [ + "number", + "null" + ] + }, + "initiatedAt": { + "type": "number" + }, + "prompts": { + "items": { + "properties": { + "coi": { + "type": "string" + }, + "completedAt": { + "type": "number" + }, + "connection": { + "type": "string" + }, + "connection_id": { + "type": "string" + }, + "cov": { + "type": "string" + }, + "elapsedTime": { + "type": [ + "number", + "null" + ] + }, + "flow": { + "type": "string" + }, + "grantInfo": { + "properties": { + "audience": { + "type": "string" + }, + "expiration": { + "type": "string" + }, + "id": { + "type": "string" + }, + "scope": { + "type": "string" + } + }, + "type": "object" + }, + "identity": { + "type": [ + "string", + "number" + ] + }, + "initiatedAt": { + "type": "number" + }, + "name": { + "type": "string" + }, + "passwordless_amr": { + "type": "string" + }, + "performed_acr": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "performed_amr": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "provider": { + "type": [ + "string", + "null" + ] + }, + "requiredCaptcha": { + "type": "boolean" + }, + "session": { + "type": "boolean" + }, + "session_id": { + "type": "string" + }, + "stats": { + "properties": { + "loginsCount": { + "description": "The number of logins this user has done, if available. Logins done with a valid username and password always increment this count, even if further steps in the process cause the login to fail (MFA, extensibility, etc.) Null values should be treated as missing data and not as 0.", + "type": [ + "number", + "null" + ] + } + }, + "required": [ + "loginsCount" + ], + "type": "object" + }, + "strategy": { + "type": "string" + }, + "timers": { + "properties": { + "rules": { + "type": "number" + } + }, + "type": "object" + }, + "url": { + "type": "string" + }, + "user_id": { + "type": "string" + }, + "user_name": { + "type": "string" + } + }, + "required": [ + "requiredCaptcha", + "session_id" + ], + "type": "object" + }, + "type": "array" + }, + "riskAssessment": { + "properties": { + "assessments": { + "properties": { + "ImpossibleTravel": { + "properties": { + "code": { + "type": "string" + }, + "confidence": { + "type": "string" + } + }, + "required": [ + "code", + "confidence" + ], + "type": "object" + }, + "NewDevice": { + "properties": { + "code": { + "type": "string" + }, + "confidence": { + "type": "string" + }, + "details": { + "properties": { + "device": { + "type": "string" + }, + "useragent": { + "type": "string" + } + }, + "required": [ + "device" + ], + "type": "object" + } + }, + "required": [ + "code", + "confidence" + ], + "type": "object" + }, + "UntrustedIP": { + "properties": { + "code": { + "type": "string" + }, + "confidence": { + "type": "string" + }, + "details": { + "properties": { + "ip": { + "type": "string" + }, + "matches": { + "type": "string" + }, + "source": { + "type": "string" + } + }, + "required": [ + "ip", + "matches", + "source" + ], + "type": "object" + } + }, + "required": [ + "code", + "confidence" + ], + "type": "object" + } + }, + "required": [ + "UntrustedIP" + ], + "type": "object" + }, + "confidence": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "assessments", + "confidence", + "version" + ], + "type": "object" + }, + "session_id": { + "type": "string" + } + }, + "type": "object" + } + ] + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "organization_id": { + "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.", + "type": "string" + }, + "organization_name": { + "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "s", + "description": "Successful Login", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "auth0_client", + "client_name", + "description", + "details", + "hostname", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/sapi.schema.json b/logs/log-types/sapi.schema.json new file mode 100644 index 0000000..94f916f --- /dev/null +++ b/logs/log-types/sapi.schema.json @@ -0,0 +1,139 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Successful API Operation Only emitted by the Management API on POST, DELETE, PATCH, and PUT", + "properties": { + "auth0_client": { + "anyOf": [ + { + "properties": { + "env": { + "type": "object" + }, + "name": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "accessedSecrets": { + "items": { + "type": "string" + }, + "type": "array" + }, + "request": { + "type": "object" + }, + "response": { + "type": "object" + } + }, + "required": [ + "request", + "response" + ], + "type": "object" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "references": { + "description": "Content of the `x-correlation-id` header associated with the management API call, if the feature is enabled", + "properties": { + "correlation_id": { + "maxLength": 64, + "type": "string" + } + }, + "required": [ + "correlation_id" + ], + "type": "object" + }, + "type": { + "const": "sapi", + "description": "Successful API Operation", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "auth0_client", + "client_name", + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/sce.schema.json b/logs/log-types/sce.schema.json new file mode 100644 index 0000000..f879ba8 --- /dev/null +++ b/logs/log-types/sce.schema.json @@ -0,0 +1,154 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Successful Change Email", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "body": { + "properties": { + "client_id": { + "type": "string" + }, + "connection": { + "type": "string" + }, + "email": { + "type": "string" + }, + "email_verified": { + "type": "string" + }, + "newEmail": { + "type": "string" + }, + "tenant": { + "type": "string" + }, + "user_id": { + "type": "string" + }, + "verify": { + "type": "boolean" + } + }, + "required": [ + "client_id", + "connection", + "email", + "email_verified", + "newEmail", + "user_id", + "tenant", + "verify" + ], + "type": "object" + } + }, + "required": [ + "body" + ], + "type": "object" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "sce", + "description": "Successful Change Email", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/scoa.schema.json b/logs/log-types/scoa.schema.json new file mode 100644 index 0000000..32fe4c9 --- /dev/null +++ b/logs/log-types/scoa.schema.json @@ -0,0 +1,424 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Successful Cross-Origin Authentication", + "properties": { + "auth0_client": { + "anyOf": [ + { + "properties": { + "env": { + "type": "object" + }, + "name": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "actions": { + "properties": { + "executions": { + "description": "List of executions triggered by this auth flow. Executions can be retrieved with https://auth0.com/docs/api/management/v2/actions/get-execution", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "executions" + ], + "type": "object" + }, + "completedAt": { + "type": "number" + }, + "elapsedTime": { + "type": [ + "number", + "null" + ] + }, + "initiatedAt": { + "type": "number" + }, + "prompts": { + "items": { + "properties": { + "coi": { + "type": "string" + }, + "completedAt": { + "type": "number" + }, + "connection": { + "type": "string" + }, + "connection_id": { + "type": "string" + }, + "cov": { + "type": "string" + }, + "elapsedTime": { + "type": [ + "number", + "null" + ] + }, + "flow": { + "type": "string" + }, + "grantInfo": { + "properties": { + "audience": { + "type": "string" + }, + "expiration": { + "type": "string" + }, + "id": { + "type": "string" + }, + "scope": { + "type": "string" + } + }, + "type": "object" + }, + "identity": { + "type": [ + "string", + "number" + ] + }, + "initiatedAt": { + "type": "number" + }, + "name": { + "type": "string" + }, + "passwordless_amr": { + "type": "string" + }, + "performed_acr": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "performed_amr": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "provider": { + "type": [ + "string", + "null" + ] + }, + "requiredCaptcha": { + "type": "boolean" + }, + "session": { + "type": "boolean" + }, + "session_id": { + "type": "string" + }, + "stats": { + "properties": { + "loginsCount": { + "description": "The number of logins this user has done, if available. Logins done with a valid username and password always increment this count, even if further steps in the process cause the login to fail (MFA, extensibility, etc.) Null values should be treated as missing data and not as 0.", + "type": [ + "number", + "null" + ] + } + }, + "required": [ + "loginsCount" + ], + "type": "object" + }, + "strategy": { + "type": "string" + }, + "timers": { + "properties": { + "rules": { + "type": "number" + } + }, + "type": "object" + }, + "url": { + "type": "string" + }, + "user_id": { + "type": "string" + }, + "user_name": { + "type": "string" + } + }, + "required": [ + "requiredCaptcha", + "session_id" + ], + "type": "object" + }, + "type": "array" + }, + "riskAssessment": { + "properties": { + "assessments": { + "properties": { + "ImpossibleTravel": { + "properties": { + "code": { + "type": "string" + }, + "confidence": { + "type": "string" + } + }, + "required": [ + "code", + "confidence" + ], + "type": "object" + }, + "NewDevice": { + "properties": { + "code": { + "type": "string" + }, + "confidence": { + "type": "string" + }, + "details": { + "properties": { + "device": { + "type": "string" + }, + "useragent": { + "type": "string" + } + }, + "required": [ + "device" + ], + "type": "object" + } + }, + "required": [ + "code", + "confidence" + ], + "type": "object" + }, + "UntrustedIP": { + "properties": { + "code": { + "type": "string" + }, + "confidence": { + "type": "string" + }, + "details": { + "properties": { + "ip": { + "type": "string" + }, + "matches": { + "type": "string" + }, + "source": { + "type": "string" + } + }, + "required": [ + "ip", + "matches", + "source" + ], + "type": "object" + } + }, + "required": [ + "code", + "confidence" + ], + "type": "object" + } + }, + "required": [ + "UntrustedIP" + ], + "type": "object" + }, + "confidence": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "assessments", + "confidence", + "version" + ], + "type": "object" + }, + "session_id": { + "type": "string" + } + }, + "type": "object" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "scoa", + "description": "Successful Cross-Origin Authentication", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "auth0_client", + "client_name", + "description", + "details", + "hostname", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/scp.schema.json b/logs/log-types/scp.schema.json new file mode 100644 index 0000000..338fc18 --- /dev/null +++ b/logs/log-types/scp.schema.json @@ -0,0 +1,127 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Successful Change Password", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "body": { + "type": "object" + }, + "email": { + "type": "string" + }, + "query": { + "type": "object" + }, + "title": { + "type": "string" + } + }, + "required": [ + "body" + ], + "type": "object" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "scp", + "description": "Successful Change Password", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/scph.schema.json b/logs/log-types/scph.schema.json new file mode 100644 index 0000000..56e2808 --- /dev/null +++ b/logs/log-types/scph.schema.json @@ -0,0 +1,148 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Successful Post Change Password Hook", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "context": { + "properties": { + "connection": { + "properties": { + "id": { + "type": "string" + }, + "name": { + "type": "string" + }, + "tenant": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "user": { + "properties": { + "email": { + "type": "string" + }, + "id": { + "type": "string" + }, + "last_password_reset": { + "type": "string" + }, + "user_id": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "scph", + "description": "Successful Post Change Password Hook", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/scpn.schema.json b/logs/log-types/scpn.schema.json new file mode 100644 index 0000000..926cd63 --- /dev/null +++ b/logs/log-types/scpn.schema.json @@ -0,0 +1,144 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Successful Change Phone Number", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "body": { + "properties": { + "client_id": { + "type": "string" + }, + "connection": { + "type": "string" + }, + "new_phone_number": { + "type": "string" + }, + "old_phone_number": { + "type": "string" + }, + "phone_verified": { + "type": "boolean" + }, + "tenant": { + "type": "string" + }, + "user_id": { + "type": "string" + }, + "verify": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [ + "body" + ], + "type": "object" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "scpn", + "description": "Successful Change Phone Number", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/scpr.schema.json b/logs/log-types/scpr.schema.json new file mode 100644 index 0000000..c723d40 --- /dev/null +++ b/logs/log-types/scpr.schema.json @@ -0,0 +1,162 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Successful Change Password Request", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "body": { + "properties": { + "client_id": { + "type": [ + "string", + "null" + ] + }, + "connection": { + "type": "string" + }, + "debug": { + "type": "boolean" + }, + "email": { + "type": "string" + }, + "includeEmailInRedirect": { + "type": "boolean" + }, + "markEmailAsVerified": { + "type": "boolean" + }, + "newPassword": { + "type": "string" + }, + "resultUrl": { + "type": "string" + }, + "tenant": { + "type": "string" + }, + "ttl_sec": { + "type": "string" + }, + "username": { + "type": "string" + }, + "verify": { + "type": "boolean" + } + }, + "type": "object" + }, + "resetUrl": { + "type": "string" + } + }, + "required": [ + "body" + ], + "type": "object" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "scpr", + "description": "Successful Change Password Request", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/scu.schema.json b/logs/log-types/scu.schema.json new file mode 100644 index 0000000..12be1fb --- /dev/null +++ b/logs/log-types/scu.schema.json @@ -0,0 +1,145 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Successful Change Username", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "body": { + "properties": { + "clientId": { + "type": "string" + }, + "connection": { + "type": "string" + }, + "email": { + "type": "string" + }, + "newUsername": { + "type": "string" + }, + "oldUsername": { + "type": "string" + }, + "tenant": { + "type": "string" + }, + "user_id": { + "type": "string" + } + }, + "required": [ + "newUsername", + "oldUsername" + ], + "type": "object" + } + }, + "required": [ + "body" + ], + "type": "object" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "scu", + "description": "Successful Change Username", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/sd.schema.json b/logs/log-types/sd.schema.json new file mode 100644 index 0000000..fbee273 --- /dev/null +++ b/logs/log-types/sd.schema.json @@ -0,0 +1,141 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Successful Delegation", + "properties": { + "auth0_client": { + "anyOf": [ + { + "properties": { + "env": { + "type": "object" + }, + "name": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "api_type": { + "type": "string" + }, + "device": { + "type": "string" + }, + "grant_type": { + "type": "string" + }, + "scope": { + "type": [ + "string", + "null" + ] + }, + "target": { + "type": "string" + } + }, + "type": "object" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "sd", + "description": "Successful Delegation", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "auth0_client", + "client_name", + "description", + "details", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/sdu.schema.json b/logs/log-types/sdu.schema.json new file mode 100644 index 0000000..c3de7a5 --- /dev/null +++ b/logs/log-types/sdu.schema.json @@ -0,0 +1,114 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Successful User Deletion", + "properties": { + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "body": { + "properties": { + "connection": { + "type": "string" + }, + "tenant": { + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "body" + ], + "type": "object" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "sdu", + "description": "Successful User Deletion", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/seacft.schema.json b/logs/log-types/seacft.schema.json new file mode 100644 index 0000000..05c41dd --- /dev/null +++ b/logs/log-types/seacft.schema.json @@ -0,0 +1,143 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Successful Exchange of Authorization Code for Access Token", + "properties": { + "auth0_client": { + "anyOf": [ + { + "properties": { + "env": { + "type": "object" + }, + "name": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "code": { + "type": "string" + } + }, + "type": "object" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "mtls_thumbprint_sha256": { + "description": "Representation of the client certificate used to authenticate the client as per RFC 8705 section 3.1. Only included in authorization and token exchanges using mtls as a client authentication method.", + "type": "string" + }, + "organization_id": { + "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.", + "type": "string" + }, + "organization_name": { + "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.", + "type": "string" + }, + "transaction_linking_id": { + "description": "Reflects the transaction linking ID provided at the start of the auth flow, if any. Only available when using decoupled authorization flows.", + "pattern": "^[A-Za-z0-9-_]{27}$", + "type": "string" + }, + "type": { + "const": "seacft", + "description": "Successful Exchange of Authorization Code for Access Token", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "auth0_client", + "client_name", + "description", + "details", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/seccft.schema.json b/logs/log-types/seccft.schema.json new file mode 100644 index 0000000..22eefdd --- /dev/null +++ b/logs/log-types/seccft.schema.json @@ -0,0 +1,171 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Successful Exchange of Access Token for a Client Credentials Grant", + "properties": { + "audience": { + "description": "The audience in the JWT associated with the request.", + "type": "string" + }, + "auth0_client": { + "anyOf": [ + { + "properties": { + "env": { + "type": "object" + }, + "name": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "actions": { + "properties": { + "executions": { + "description": "List of executions triggered by this auth flow. Executions can be retrieved with https://auth0.com/docs/api/management/v2/actions/get-execution", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "executions" + ], + "type": "object" + } + }, + "required": [ + "actions" + ], + "type": "object" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "mtls_thumbprint_sha256": { + "description": "Representation of the client certificate used to authenticate the client as per RFC 8705 section 3.1. Only included in authorization and token exchanges using mtls as a client authentication method.", + "type": "string" + }, + "organization_id": { + "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.", + "type": "string" + }, + "organization_name": { + "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.", + "type": "string" + }, + "scope": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ], + "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`" + }, + "type": { + "const": "seccft", + "description": "Successful Exchange of Access Token for a Client Credentials Grant", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "audience", + "auth0_client", + "client_name", + "description", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/sede.schema.json b/logs/log-types/sede.schema.json new file mode 100644 index 0000000..0bedcfa --- /dev/null +++ b/logs/log-types/sede.schema.json @@ -0,0 +1,111 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Successful Exchange of Device Code for Access Token", + "properties": { + "audience": { + "description": "The audience in the JWT associated with the request.", + "type": "string" + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "mtls_thumbprint_sha256": { + "description": "Representation of the client certificate used to authenticate the client as per RFC 8705 section 3.1. Only included in authorization and token exchanges using mtls as a client authentication method.", + "type": "string" + }, + "scope": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ], + "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`" + }, + "type": { + "const": "sede", + "description": "Successful Exchange of Device Code for Access Token", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "audience", + "client_name", + "description", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/sens.schema.json b/logs/log-types/sens.schema.json new file mode 100644 index 0000000..5e66186 --- /dev/null +++ b/logs/log-types/sens.schema.json @@ -0,0 +1,140 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Successful Exchange - Native Social Login", + "properties": { + "audience": { + "description": "The audience in the JWT associated with the request.", + "type": "string" + }, + "auth0_client": { + "anyOf": [ + { + "properties": { + "env": { + "type": "object" + }, + "name": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "subject_token_type": { + "type": "string" + } + }, + "type": "object" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "scope": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ], + "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`" + }, + "type": { + "const": "sens", + "description": "Successful Exchange Native Login", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "audience", + "auth0_client", + "client_name", + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/seoobft.schema.json b/logs/log-types/seoobft.schema.json new file mode 100644 index 0000000..73f5703 --- /dev/null +++ b/logs/log-types/seoobft.schema.json @@ -0,0 +1,172 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Successful Exchange of Password and OOB Challenge for Access Token", + "properties": { + "audience": { + "description": "The audience in the JWT associated with the request.", + "type": "string" + }, + "auth0_client": { + "anyOf": [ + { + "properties": { + "env": { + "type": "object" + }, + "name": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP from which we got the request. Note that this does not follow forwarded-for headers unlike the `ip` field which aims at describing the IP of the end user." + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "actions": { + "properties": { + "executions": { + "description": "List of executions triggered by this auth flow. Executions can be retrieved with https://auth0.com/docs/api/management/v2/actions/get-execution", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "executions" + ], + "type": "object" + } + }, + "required": [ + "actions" + ], + "type": "object" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "scope": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ], + "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`" + }, + "type": { + "const": "seoobft", + "description": "Successful Exchange of Password and OOB Challenge for Access Token", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "audience", + "auth0_client", + "client_name", + "description", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/seotpft.schema.json b/logs/log-types/seotpft.schema.json new file mode 100644 index 0000000..887912d --- /dev/null +++ b/logs/log-types/seotpft.schema.json @@ -0,0 +1,125 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Successful Exchange of Password and OTP Challenge for Access Token", + "properties": { + "audience": { + "description": "The audience in the JWT associated with the request.", + "type": "string" + }, + "auth0_client": { + "anyOf": [ + { + "properties": { + "env": { + "type": "object" + }, + "name": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP from which we got the request. Note that this does not follow forwarded-for headers unlike the `ip` field which aims at describing the IP of the end user." + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "scope": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ], + "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "audience", + "auth0_client", + "client_name", + "hostname", + "ip" + ], + "type": "object" +} diff --git a/logs/log-types/sepft.schema.json b/logs/log-types/sepft.schema.json new file mode 100644 index 0000000..ad6df9a --- /dev/null +++ b/logs/log-types/sepft.schema.json @@ -0,0 +1,169 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Successful Exchange of Password for Access Token", + "properties": { + "audience": { + "description": "The audience in the JWT associated with the request.", + "type": "string" + }, + "auth0_client": { + "anyOf": [ + { + "properties": { + "env": { + "type": "object" + }, + "name": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP from which we got the request. Note that this does not follow forwarded-for headers unlike the `ip` field which aims at describing the IP of the end user." + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "actions": { + "properties": { + "executions": { + "description": "List of executions triggered by this auth flow. Executions can be retrieved with https://auth0.com/docs/api/management/v2/actions/get-execution", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "executions" + ], + "type": "object" + } + }, + "type": "object" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "mtls_thumbprint_sha256": { + "description": "Representation of the client certificate used to authenticate the client as per RFC 8705 section 3.1. Only included in authorization and token exchanges using mtls as a client authentication method.", + "type": "string" + }, + "scope": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ], + "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`" + }, + "type": { + "const": "sepft", + "description": "Successful Exchange of Password for Access Token", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "audience", + "auth0_client", + "client_name", + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/sercft.schema.json b/logs/log-types/sercft.schema.json new file mode 100644 index 0000000..5e64d6c --- /dev/null +++ b/logs/log-types/sercft.schema.json @@ -0,0 +1,120 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Successful Exchange of Password and MFA Recovery Codeode for Access Token", + "properties": { + "audience": { + "description": "The audience in the JWT associated with the request.", + "type": "string" + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP from which we got the request. Note that this does not follow forwarded-for headers unlike the `ip` field which aims at describing the IP of the end user." + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "scope": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ], + "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`" + }, + "type": { + "const": "sercft", + "description": "Successful Exchange of Password and MFA Recovery Code for Access Token", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "audience", + "client_name", + "description", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/sertft.schema.json b/logs/log-types/sertft.schema.json new file mode 100644 index 0000000..9b7ea33 --- /dev/null +++ b/logs/log-types/sertft.schema.json @@ -0,0 +1,170 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Successful Exchange of Refresh Token for Access Token", + "properties": { + "audience": { + "description": "The audience in the JWT associated with the request.", + "type": "string" + }, + "auth0_client": { + "anyOf": [ + { + "properties": { + "env": { + "type": "object" + }, + "name": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "actions": { + "properties": { + "executions": { + "description": "List of executions triggered by this auth flow. Executions can be retrieved with https://auth0.com/docs/api/management/v2/actions/get-execution", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "executions" + ], + "type": "object" + }, + "familyId": { + "type": "string" + }, + "tokenCounter": { + "type": "number" + } + }, + "type": "object" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "mtls_thumbprint_sha256": { + "description": "Representation of the client certificate used to authenticate the client as per RFC 8705 section 3.1. Only included in authorization and token exchanges using mtls as a client authentication method.", + "type": "string" + }, + "organization_id": { + "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.", + "type": "string" + }, + "organization_name": { + "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.", + "type": "string" + }, + "scope": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ], + "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`" + }, + "type": { + "const": "sertft", + "description": "Successful Exchange of Refresh Token for Access Token", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "audience", + "auth0_client", + "client_name", + "description", + "details", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/si.schema.json b/logs/log-types/si.schema.json new file mode 100644 index 0000000..5b87ae3 --- /dev/null +++ b/logs/log-types/si.schema.json @@ -0,0 +1,151 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Successfully accepted a user invitation", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "invitation": { + "properties": { + "client_id": { + "type": "string" + }, + "created_at": { + "type": "string" + }, + "expires_at": { + "type": "string" + }, + "id": { + "type": "string" + }, + "invitee": { + "properties": { + "email": { + "type": "string" + } + }, + "required": [ + "email" + ], + "type": "object" + }, + "inviter": { + "properties": { + "name": { + "type": "string" + }, + "organization_id": { + "type": "string" + } + }, + "type": "object" + }, + "roles": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ticket_id": { + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "invitation" + ], + "type": "object" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "organization_id": { + "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.", + "type": "string" + }, + "organization_name": { + "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.", + "type": "string" + }, + "type": { + "const": "si", + "description": "Successful Invite Accept", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/slo.schema.json b/logs/log-types/slo.schema.json new file mode 100644 index 0000000..687db88 --- /dev/null +++ b/logs/log-types/slo.schema.json @@ -0,0 +1,141 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Successful Logout", + "properties": { + "auth0_client": { + "anyOf": [ + { + "properties": { + "env": { + "type": "object" + }, + "name": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "allowed_logout_url": { + "items": { + "type": "string" + }, + "type": "array" + }, + "initiated_by": { + "type": "string" + }, + "protocol": { + "type": "string" + }, + "return_to": { + "type": "string" + }, + "session_id": { + "type": "string" + } + }, + "type": "object" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "slo", + "description": "Successful Logout", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "auth0_client", + "client_name", + "description", + "details", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/srrt.schema.json b/logs/log-types/srrt.schema.json new file mode 100644 index 0000000..5601cad --- /dev/null +++ b/logs/log-types/srrt.schema.json @@ -0,0 +1,156 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Successfully revoked a refresh token", + "properties": { + "auth0_client": { + "anyOf": [ + { + "properties": { + "env": { + "type": "object" + }, + "name": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "audience": { + "type": "string" + }, + "credential_id": { + "type": "string" + }, + "grant_id": { + "type": [ + "string", + "null" + ] + }, + "host": { + "type": "string" + }, + "method": { + "type": "string" + }, + "origin": { + "type": "string" + }, + "originUrl": { + "type": "string" + }, + "originalUrl": { + "type": "string" + }, + "xhr": { + "type": "string" + } + }, + "required": [ + "credential_id" + ], + "type": "object" + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "srrt", + "description": "Successful Refresh Token Revocation", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "auth0_client", + "client_name", + "description", + "details", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/ss.schema.json b/logs/log-types/ss.schema.json new file mode 100644 index 0000000..9f264dd --- /dev/null +++ b/logs/log-types/ss.schema.json @@ -0,0 +1,617 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Successful Signup", + "properties": { + "auth0_client": { + "anyOf": [ + { + "properties": { + "env": { + "type": "object" + }, + "name": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "allOf": [ + { + "properties": { + "actions": { + "properties": { + "executions": { + "description": "List of executions triggered by this auth flow. Executions can be retrieved with https://auth0.com/docs/api/management/v2/actions/get-execution", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "executions" + ], + "type": "object" + }, + "body": { + "properties": { + "app_metadata": { + "type": "object" + }, + "blocked": { + "type": "boolean" + }, + "client_id": { + "type": "string" + }, + "connection": { + "type": "string" + }, + "email": { + "type": "string" + }, + "email_verified": { + "type": "boolean" + }, + "family_name": { + "type": "string" + }, + "given_name": { + "type": "string" + }, + "ip": { + "type": "string" + }, + "name": { + "type": "string" + }, + "nickname": { + "type": "string" + }, + "organization": { + "properties": { + "branding": { + "type": [ + "string", + "null" + ] + }, + "display_name": { + "type": "string" + }, + "id": { + "type": "string" + }, + "metadata": { + "anyOf": [ + {}, + { + "type": "null" + } + ] + }, + "name": { + "type": "string" + } + }, + "type": "object" + }, + "password": { + "type": "string" + }, + "phone_number": { + "type": "string" + }, + "phone_verified": { + "type": "boolean" + }, + "picture": { + "type": "string" + }, + "request_language": { + "type": "string" + }, + "tenant": { + "type": "string" + }, + "transaction": { + "properties": { + "acr_values": { + "anyOf": [ + { + "type": "string" + }, + { + "items": { + "type": "string" + }, + "type": "array" + } + ] + }, + "id": { + "type": "string" + }, + "locale": { + "type": "string" + }, + "login_hint": { + "type": [ + "string", + "null" + ] + }, + "prompt": { + "items": { + "type": "string" + }, + "type": "array" + }, + "protocol": { + "type": "string" + }, + "redirect_uri": { + "type": [ + "string", + "null" + ] + }, + "requested_scopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "response_mode": { + "type": [ + "string", + "null" + ] + }, + "response_type": { + "items": { + "type": "string" + }, + "type": "array" + }, + "state": { + "type": [ + "string", + "null" + ] + }, + "ui_locales": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "user-agent": { + "type": "string" + }, + "user_id": { + "type": "string" + }, + "user_metadata": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "username": { + "type": "string" + } + }, + "type": "object" + }, + "completedAt": { + "type": "number" + }, + "elapsedTime": { + "type": [ + "number", + "null" + ] + }, + "initiatedAt": { + "type": "number" + }, + "prompts": { + "items": { + "properties": { + "coi": { + "type": "string" + }, + "completedAt": { + "type": "number" + }, + "connection": { + "type": "string" + }, + "connection_id": { + "type": "string" + }, + "cov": { + "type": "string" + }, + "elapsedTime": { + "type": [ + "number", + "null" + ] + }, + "flow": { + "type": "string" + }, + "grantInfo": { + "properties": { + "audience": { + "type": "string" + }, + "expiration": { + "type": "string" + }, + "id": { + "type": "string" + }, + "scope": { + "type": "string" + } + }, + "type": "object" + }, + "identity": { + "type": [ + "string", + "number" + ] + }, + "initiatedAt": { + "type": "number" + }, + "name": { + "type": "string" + }, + "passwordless_amr": { + "type": "string" + }, + "performed_acr": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "performed_amr": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "provider": { + "type": [ + "string", + "null" + ] + }, + "requiredCaptcha": { + "type": "boolean" + }, + "session": { + "type": "boolean" + }, + "session_id": { + "type": "string" + }, + "stats": { + "properties": { + "loginsCount": { + "description": "The number of logins this user has done, if available. Logins done with a valid username and password always increment this count, even if further steps in the process cause the login to fail (MFA, extensibility, etc.) Null values should be treated as missing data and not as 0.", + "type": [ + "number", + "null" + ] + } + }, + "required": [ + "loginsCount" + ], + "type": "object" + }, + "strategy": { + "type": "string" + }, + "timers": { + "properties": { + "rules": { + "type": "number" + } + }, + "type": "object" + }, + "url": { + "type": "string" + }, + "user_id": { + "type": "string" + }, + "user_name": { + "type": "string" + } + }, + "required": [ + "requiredCaptcha", + "session_id" + ], + "type": "object" + }, + "type": "array" + }, + "riskAssessment": { + "properties": { + "assessments": { + "properties": { + "ImpossibleTravel": { + "properties": { + "code": { + "type": "string" + }, + "confidence": { + "type": "string" + } + }, + "required": [ + "code", + "confidence" + ], + "type": "object" + }, + "NewDevice": { + "properties": { + "code": { + "type": "string" + }, + "confidence": { + "type": "string" + }, + "details": { + "properties": { + "device": { + "type": "string" + }, + "useragent": { + "type": "string" + } + }, + "required": [ + "device" + ], + "type": "object" + } + }, + "required": [ + "code", + "confidence" + ], + "type": "object" + }, + "UntrustedIP": { + "properties": { + "code": { + "type": "string" + }, + "confidence": { + "type": "string" + }, + "details": { + "properties": { + "ip": { + "type": "string" + }, + "matches": { + "type": "string" + }, + "source": { + "type": "string" + } + }, + "required": [ + "ip", + "matches", + "source" + ], + "type": "object" + } + }, + "required": [ + "code", + "confidence" + ], + "type": "object" + } + }, + "required": [ + "UntrustedIP" + ], + "type": "object" + }, + "confidence": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "assessments", + "confidence", + "version" + ], + "type": "object" + }, + "session_id": { + "type": "string" + } + }, + "required": [ + "body" + ], + "type": "object" + } + ] + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "organization_id": { + "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.", + "type": "string" + }, + "organization_name": { + "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "ss", + "description": "Successful Signup", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "auth0_client", + "client_name", + "description", + "details", + "hostname", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/ssa.schema.json b/logs/log-types/ssa.schema.json new file mode 100644 index 0000000..86042ba --- /dev/null +++ b/logs/log-types/ssa.schema.json @@ -0,0 +1,406 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Successful Silent Auth", + "properties": { + "auth0_client": { + "anyOf": [ + { + "properties": { + "env": { + "type": "object" + }, + "name": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + { + "type": "object" + }, + { + "items": {}, + "type": "array" + } + ], + "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "allOf": [ + { + "properties": { + "actions": { + "properties": { + "executions": { + "description": "List of executions triggered by this auth flow. Executions can be retrieved with https://auth0.com/docs/api/management/v2/actions/get-execution", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "executions" + ], + "type": "object" + }, + "completedAt": { + "type": "number" + }, + "elapsedTime": { + "type": [ + "number", + "null" + ] + }, + "initiatedAt": { + "type": "number" + }, + "prompts": { + "items": { + "properties": { + "coi": { + "type": "string" + }, + "completedAt": { + "type": "number" + }, + "connection": { + "type": "string" + }, + "connection_id": { + "type": "string" + }, + "cov": { + "type": "string" + }, + "elapsedTime": { + "type": [ + "number", + "null" + ] + }, + "flow": { + "type": "string" + }, + "grantInfo": { + "properties": { + "audience": { + "type": "string" + }, + "expiration": { + "type": "string" + }, + "id": { + "type": "string" + }, + "scope": { + "type": "string" + } + }, + "type": "object" + }, + "identity": { + "type": [ + "string", + "number" + ] + }, + "initiatedAt": { + "type": "number" + }, + "name": { + "type": "string" + }, + "passwordless_amr": { + "type": "string" + }, + "performed_acr": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "performed_amr": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "provider": { + "type": [ + "string", + "null" + ] + }, + "requiredCaptcha": { + "type": "boolean" + }, + "session": { + "type": "boolean" + }, + "session_id": { + "type": "string" + }, + "stats": { + "properties": { + "loginsCount": { + "description": "The number of logins this user has done, if available. Logins done with a valid username and password always increment this count, even if further steps in the process cause the login to fail (MFA, extensibility, etc.) Null values should be treated as missing data and not as 0.", + "type": [ + "number", + "null" + ] + } + }, + "required": [ + "loginsCount" + ], + "type": "object" + }, + "strategy": { + "type": "string" + }, + "timers": { + "properties": { + "rules": { + "type": "number" + } + }, + "type": "object" + }, + "url": { + "type": "string" + }, + "user_id": { + "type": "string" + }, + "user_name": { + "type": "string" + } + }, + "required": [ + "requiredCaptcha", + "session_id" + ], + "type": "object" + }, + "type": "array" + }, + "riskAssessment": { + "properties": { + "assessments": { + "properties": { + "ImpossibleTravel": { + "properties": { + "code": { + "type": "string" + }, + "confidence": { + "type": "string" + } + }, + "required": [ + "code", + "confidence" + ], + "type": "object" + }, + "NewDevice": { + "properties": { + "code": { + "type": "string" + }, + "confidence": { + "type": "string" + }, + "details": { + "properties": { + "device": { + "type": "string" + }, + "useragent": { + "type": "string" + } + }, + "required": [ + "device" + ], + "type": "object" + } + }, + "required": [ + "code", + "confidence" + ], + "type": "object" + }, + "UntrustedIP": { + "properties": { + "code": { + "type": "string" + }, + "confidence": { + "type": "string" + }, + "details": { + "properties": { + "ip": { + "type": "string" + }, + "matches": { + "type": "string" + }, + "source": { + "type": "string" + } + }, + "required": [ + "ip", + "matches", + "source" + ], + "type": "object" + } + }, + "required": [ + "code", + "confidence" + ], + "type": "object" + } + }, + "required": [ + "UntrustedIP" + ], + "type": "object" + }, + "confidence": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "assessments", + "confidence", + "version" + ], + "type": "object" + }, + "session_id": { + "type": "string" + } + }, + "type": "object" + } + ] + }, + "hostname": { + "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", + "type": "string" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "organization_id": { + "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.", + "type": "string" + }, + "organization_name": { + "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.", + "type": "string" + }, + "session_connection": { + "type": "string" + }, + "type": { + "const": "ssa", + "description": "Successful Silent Auth", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "auth0_client", + "client_name", + "description", + "details", + "hostname", + "ip", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/sui.schema.json b/logs/log-types/sui.schema.json new file mode 100644 index 0000000..b8adf4d --- /dev/null +++ b/logs/log-types/sui.schema.json @@ -0,0 +1,53 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Successful Users Import", + "properties": { + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "connection": { + "type": "string" + }, + "tenant": { + "type": "string" + } + }, + "type": "object" + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "type": { + "const": "sui", + "description": "Successful Users Import", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + } + }, + "required": [ + "description", + "details", + "log_id", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/sv.schema.json b/logs/log-types/sv.schema.json new file mode 100644 index 0000000..1e1180b --- /dev/null +++ b/logs/log-types/sv.schema.json @@ -0,0 +1,172 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Successfully consumed email verification link", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "body": { + "properties": { + "tenant": { + "type": "string" + }, + "ticket": { + "type": "string" + } + }, + "required": [ + "tenant", + "ticket" + ], + "type": "object" + }, + "email": { + "type": "string" + }, + "query": { + "properties": { + "client_id": { + "type": "string" + }, + "connection": { + "type": "string" + }, + "email": { + "type": "string" + }, + "idp_user_id": { + "type": "string" + }, + "includeEmailInRedirect": { + "type": "boolean" + }, + "resultUrl": { + "type": "string" + }, + "tenant": { + "type": "string" + }, + "user_id": { + "type": "string" + } + }, + "required": [ + "client_id", + "connection", + "email", + "idp_user_id", + "includeEmailInRedirect", + "resultUrl", + "tenant", + "user_id" + ], + "type": "object" + }, + "title": { + "type": "string" + } + }, + "type": "object" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "sv", + "description": "Successful Verification Email", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/svr.schema.json b/logs/log-types/svr.schema.json new file mode 100644 index 0000000..f46c923 --- /dev/null +++ b/logs/log-types/svr.schema.json @@ -0,0 +1,173 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Successfully called verification email endpoint. Verification email has been queued for sending.", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "body": { + "properties": { + "client_id": { + "type": "string" + }, + "connection": { + "type": "string" + }, + "email": { + "type": "string" + }, + "idp_user_id": { + "type": [ + "string", + "number" + ] + }, + "includeEmailInRedirect": { + "type": "boolean" + }, + "job_id": { + "type": "string" + }, + "provider": { + "type": "string" + }, + "resultUrl": { + "type": "string" + }, + "template": { + "properties": { + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "tenant": { + "type": "string" + }, + "to": { + "type": "string" + }, + "ttl_sec": { + "type": "number" + }, + "user_id": { + "type": "string" + }, + "verificationUrl": { + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "body" + ], + "type": "object" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "svr", + "description": "Successful Verification Email Request", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/ublkdu.schema.json b/logs/log-types/ublkdu.schema.json new file mode 100644 index 0000000..53c4df4 --- /dev/null +++ b/logs/log-types/ublkdu.schema.json @@ -0,0 +1,127 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "User block setup by anomaly detection has been released", + "properties": { + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "email": { + "type": "string" + }, + "query": { + "type": "object" + }, + "request": { + "type": "object" + }, + "response": { + "type": "object" + }, + "title": { + "type": "string" + } + }, + "type": "object" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "type": { + "const": "ublkdu", + "description": "User login block released", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "client_name", + "description", + "details", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" +} diff --git a/logs/log-types/w.schema.json b/logs/log-types/w.schema.json new file mode 100644 index 0000000..8bddca7 --- /dev/null +++ b/logs/log-types/w.schema.json @@ -0,0 +1,173 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "A warning has happened during a login flow", + "properties": { + "audience": { + "description": "The audience in the JWT associated with the request.", + "type": "string" + }, + "client_id": { + "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", + "type": [ + "string", + "null" + ] + }, + "client_name": { + "description": "Client name associated with the client_id, when available. May be empty string.", + "type": "string" + }, + "connection": { + "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", + "type": "string" + }, + "connection_id": { + "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", + "type": "string" + }, + "description": { + "description": "Description of the event. This can also contain a description of the issue for failure logs.", + "type": "string" + }, + "details": { + "description": "Log details", + "properties": { + "credentials_tenant": { + "type": "string" + }, + "host_tenant": { + "type": "string" + }, + "method": { + "type": "string" + }, + "opts": { + "properties": { + "search": { + "type": "string" + } + }, + "type": "object" + }, + "original_profile": { + "type": "string" + }, + "path": { + "type": "string" + }, + "referer": { + "type": "string" + }, + "request": { + "type": "object" + }, + "response": { + "type": "object" + }, + "session_id": { + "type": "string" + } + }, + "type": "object" + }, + "ip": { + "anyOf": [ + { + "format": "ipv4", + "type": "string" + }, + { + "format": "ipv6", + "type": "string" + } + ], + "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." + }, + "log_id": { + "description": "Log id", + "type": "string" + }, + "mtls_thumbprint_sha256": { + "description": "Representation of the client certificate used to authenticate the client as per RFC 8705 section 3.1. Only included in authorization and token exchanges using mtls as a client authentication method.", + "type": "string" + }, + "scope": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ], + "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`" + }, + "strategy": { + "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", + "examples": [ + [ + "auth0", + "waad", + "oktawic", + "google-oauth2" + ] + ], + "type": "string" + }, + "strategy_type": { + "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", + "examples": [ + [ + "database", + "social", + "enterprise" + ] + ], + "type": "string" + }, + "tracking_id": { + "type": "string" + }, + "type": { + "const": "w", + "description": "Warning", + "type": "string" + }, + "user_agent": { + "description": "The user_agent behind this log, when available", + "examples": [ + "Chrome 120.0.0 / Mac OS X 10.15.7" + ], + "type": "string" + }, + "user_id": { + "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", + "type": "string" + }, + "user_name": { + "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", + "examples": [ + [ + "example@example.com", + "+14155554321" + ] + ], + "type": "string" + } + }, + "required": [ + "audience", + "client_name", + "description", + "details", + "ip", + "log_id", + "strategy", + "strategy_type", + "type" + ], + "type": "object" +}