├── .github ├── PULL_REQUEST_TEMPLATE.md └── CODEOWNERS ├── README.md └── schemas └── log-types ├── kms_key_management_failure.schema.json ├── kms_key_management_success.schema.json ├── kms_key_state_changed.schema.json ├── sui.schema.json ├── custom_domain_verification_failed.schema.json ├── wum.schema.json ├── rich_consents_access_error.schema.json ├── ss_sso_info.schema.json ├── universal_logout_succeeded.schema.json ├── acls_summary.schema.json ├── resource_cleanup.schema.json ├── fn.schema.json ├── ss_sso_success.schema.json ├── federated_logout_failed.schema.json ├── fdecc.schema.json ├── limit_delegation.schema.json ├── wn.schema.json ├── universal_logout_failed.schema.json ├── oidc_backchannel_logout_failed.schema.json ├── oidc_backchannel_logout_succeeded.schema.json ├── fcpro.schema.json ├── ss_sso_failure.schema.json ├── fdu.schema.json ├── sdu.schema.json ├── pwd_leak.schema.json ├── reset_pwd_leak.schema.json ├── limit_wc.schema.json ├── fpurh.schema.json ├── limit_sul.schema.json ├── limit_mu.schema.json ├── acul_sdk_notice.schema.json ├── fecte.schema.json ├── organization_member_added.schema.json ├── fede.schema.json ├── scp.schema.json ├── appi.schema.json ├── ublkdu.schema.json ├── sapi.schema.json ├── ciba_exchange_succeeded.schema.json ├── fce.schema.json ├── fcph.schema.json ├── ciba_exchange_failed.schema.json ├── fui.schema.json ├── sd.schema.json ├── api_limit.schema.json ├── fd.schema.json ├── slo.schema.json ├── flo.schema.json ├── pla.schema.json ├── scu.schema.json ├── scpn.schema.json └── cls.schema.json /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | * @auth0/project-iam-insights-engineer-codeowner -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Logs Schemas for [Auth0](https://auth0.com) 2 | 3 | This repository contains schemas for Log events documented here https://auth0.com/docs/deploy-monitor/logs. Maintenance and publishing is performed by Auth0 employees from different organizations. 4 | 5 | ## Feedback 6 | We appreciate feedback and would love to hear from you. Please use our [issue tracker](https://github.com/auth0/auth0-log-schemas/issues) to report bugs or provide general feedback. 7 | -------------------------------------------------------------------------------- /schemas/log-types/kms_key_management_failure.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "description": "Failed KMS API operation", 4 | "properties": { 5 | "$event_schema": { 6 | "description": "Event schema meta", 7 | "allOf": [ 8 | { 9 | "properties": { 10 | "version": { 11 | "type": "string" 12 | } 13 | }, 14 | "required": [ 15 | "version" 16 | ], 17 | "type": "object" 18 | } 19 | ] 20 | }, 21 | "description": { 22 | "description": "Description of the event. This can also contain a description of the issue for failure logs.", 23 | "type": "string" 24 | }, 25 | "details": { 26 | "description": "Log details" 27 | }, 28 | "log_id": { 29 | "description": "Log id", 30 | "type": "string" 31 | }, 32 | "tenant_name": { 33 | "description": "Tenant name", 34 | "type": "string" 35 | }, 36 | "type": { 37 | "const": "kms_key_management_failure", 38 | "description": "Failed KMS API operation", 39 | "type": "string" 40 | }, 41 | "user_agent": { 42 | "description": "The user_agent behind this log, when available", 43 | "examples": [ 44 | "Chrome 120.0.0 / Mac OS X 10.15.7" 45 | ], 46 | "type": "string" 47 | } 48 | }, 49 | "required": [ 50 | "description", 51 | "log_id", 52 | "tenant_name", 53 | "type" 54 | ], 55 | "type": "object" 56 | } 57 | -------------------------------------------------------------------------------- /schemas/log-types/kms_key_management_success.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "description": "Successful KMS API operation", 4 | "properties": { 5 | "$event_schema": { 6 | "description": "Event schema meta", 7 | "allOf": [ 8 | { 9 | "properties": { 10 | "version": { 11 | "type": "string" 12 | } 13 | }, 14 | "required": [ 15 | "version" 16 | ], 17 | "type": "object" 18 | } 19 | ] 20 | }, 21 | "description": { 22 | "description": "Description of the event. This can also contain a description of the issue for failure logs.", 23 | "type": "string" 24 | }, 25 | "details": { 26 | "description": "Log details", 27 | "properties": { 28 | "id": { 29 | "type": "string" 30 | }, 31 | "state": { 32 | "type": "string" 33 | }, 34 | "type": { 35 | "type": "string" 36 | } 37 | }, 38 | "type": "object" 39 | }, 40 | "log_id": { 41 | "description": "Log id", 42 | "type": "string" 43 | }, 44 | "tenant_name": { 45 | "description": "Tenant name", 46 | "type": "string" 47 | }, 48 | "type": { 49 | "const": "kms_key_management_success", 50 | "description": "Successful KMS API operation", 51 | "type": "string" 52 | }, 53 | "user_agent": { 54 | "description": "The user_agent behind this log, when available", 55 | "examples": [ 56 | "Chrome 120.0.0 / Mac OS X 10.15.7" 57 | ], 58 | "type": "string" 59 | } 60 | }, 61 | "required": [ 62 | "description", 63 | "log_id", 64 | "tenant_name", 65 | "type" 66 | ], 67 | "type": "object" 68 | } 69 | -------------------------------------------------------------------------------- /schemas/log-types/kms_key_state_changed.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "description": "KMS key state change", 4 | "properties": { 5 | "$event_schema": { 6 | "description": "Event schema meta", 7 | "allOf": [ 8 | { 9 | "properties": { 10 | "version": { 11 | "type": "string" 12 | } 13 | }, 14 | "required": [ 15 | "version" 16 | ], 17 | "type": "object" 18 | } 19 | ] 20 | }, 21 | "description": { 22 | "description": "Description of the event. This can also contain a description of the issue for failure logs.", 23 | "type": "string" 24 | }, 25 | "details": { 26 | "description": "Log details", 27 | "properties": { 28 | "id": { 29 | "type": "string" 30 | }, 31 | "state": { 32 | "type": "string" 33 | }, 34 | "type": { 35 | "type": "string" 36 | } 37 | }, 38 | "required": [ 39 | "id", 40 | "type", 41 | "state" 42 | ], 43 | "type": "object" 44 | }, 45 | "log_id": { 46 | "description": "Log id", 47 | "type": "string" 48 | }, 49 | "tenant_name": { 50 | "description": "Tenant name", 51 | "type": "string" 52 | }, 53 | "type": { 54 | "const": "kms_key_state_changed", 55 | "description": "KMS key state change", 56 | "type": "string" 57 | }, 58 | "user_agent": { 59 | "description": "The user_agent behind this log, when available", 60 | "examples": [ 61 | "Chrome 120.0.0 / Mac OS X 10.15.7" 62 | ], 63 | "type": "string" 64 | } 65 | }, 66 | "required": [ 67 | "description", 68 | "details", 69 | "log_id", 70 | "tenant_name", 71 | "type" 72 | ], 73 | "type": "object" 74 | } 75 | -------------------------------------------------------------------------------- /schemas/log-types/sui.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "description": "Successful Users Import", 4 | "properties": { 5 | "$event_schema": { 6 | "description": "Event schema meta", 7 | "allOf": [ 8 | { 9 | "properties": { 10 | "version": { 11 | "type": "string" 12 | } 13 | }, 14 | "required": [ 15 | "version" 16 | ], 17 | "type": "object" 18 | } 19 | ] 20 | }, 21 | "connection": { 22 | "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", 23 | "type": "string" 24 | }, 25 | "connection_id": { 26 | "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", 27 | "type": "string" 28 | }, 29 | "description": { 30 | "description": "Description of the event. This can also contain a description of the issue for failure logs.", 31 | "type": "string" 32 | }, 33 | "details": { 34 | "description": "Log details", 35 | "properties": { 36 | "connection": { 37 | "type": "string" 38 | }, 39 | "tenant": { 40 | "type": "string" 41 | } 42 | }, 43 | "type": "object" 44 | }, 45 | "log_id": { 46 | "description": "Log id", 47 | "type": "string" 48 | }, 49 | "tenant_name": { 50 | "description": "Tenant name", 51 | "type": "string" 52 | }, 53 | "type": { 54 | "const": "sui", 55 | "description": "Successful Users Import", 56 | "type": "string" 57 | }, 58 | "user_agent": { 59 | "description": "The user_agent behind this log, when available", 60 | "examples": [ 61 | "Chrome 120.0.0 / Mac OS X 10.15.7" 62 | ], 63 | "type": "string" 64 | } 65 | }, 66 | "required": [ 67 | "description", 68 | "details", 69 | "log_id", 70 | "tenant_name", 71 | "type" 72 | ], 73 | "type": "object" 74 | } 75 | -------------------------------------------------------------------------------- /schemas/log-types/custom_domain_verification_failed.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "properties": { 4 | "$event_schema": { 5 | "description": "Event schema meta", 6 | "allOf": [ 7 | { 8 | "properties": { 9 | "version": { 10 | "type": "string" 11 | } 12 | }, 13 | "required": [ 14 | "version" 15 | ], 16 | "type": "object" 17 | } 18 | ] 19 | }, 20 | "description": { 21 | "description": "Description of the event. This can also contain a description of the issue for failure logs.", 22 | "type": "string" 23 | }, 24 | "details": { 25 | "description": "Log details", 26 | "properties": { 27 | "created_at": { 28 | "type": "string" 29 | }, 30 | "custom_domain_id": { 31 | "type": "string" 32 | }, 33 | "domain": { 34 | "type": "string" 35 | }, 36 | "error": { 37 | "type": "string" 38 | }, 39 | "errorMsg": { 40 | "type": "string" 41 | }, 42 | "status": { 43 | "type": "string" 44 | }, 45 | "type": { 46 | "type": "string" 47 | } 48 | }, 49 | "required": [ 50 | "custom_domain_id", 51 | "domain", 52 | "status", 53 | "type" 54 | ], 55 | "type": "object" 56 | }, 57 | "log_id": { 58 | "description": "Log id", 59 | "type": "string" 60 | }, 61 | "tenant_name": { 62 | "description": "Tenant name", 63 | "type": "string" 64 | }, 65 | "type": { 66 | "const": "custom_domain_verification_failed", 67 | "description": "Custom Domain Verification Failed", 68 | "type": "string" 69 | }, 70 | "user_agent": { 71 | "description": "The user_agent behind this log, when available", 72 | "examples": [ 73 | "Chrome 120.0.0 / Mac OS X 10.15.7" 74 | ], 75 | "type": "string" 76 | } 77 | }, 78 | "required": [ 79 | "description", 80 | "details", 81 | "log_id", 82 | "tenant_name", 83 | "type" 84 | ], 85 | "type": "object" 86 | } 87 | -------------------------------------------------------------------------------- /schemas/log-types/wum.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "description": "A warning has happened during user management related tasks", 4 | "properties": { 5 | "$event_schema": { 6 | "description": "Event schema meta", 7 | "allOf": [ 8 | { 9 | "properties": { 10 | "version": { 11 | "type": "string" 12 | } 13 | }, 14 | "required": [ 15 | "version" 16 | ], 17 | "type": "object" 18 | } 19 | ] 20 | }, 21 | "description": { 22 | "description": "Description of the event. This can also contain a description of the issue for failure logs.", 23 | "type": "string" 24 | }, 25 | "details": { 26 | "description": "Log details", 27 | "properties": { 28 | "tenant": { 29 | "type": "string" 30 | }, 31 | "user_id": { 32 | "type": "string" 33 | } 34 | }, 35 | "type": "object" 36 | }, 37 | "identity_user_id": { 38 | "description": "ID for the user as reported by the IdP.", 39 | "type": "string" 40 | }, 41 | "log_id": { 42 | "description": "Log id", 43 | "type": "string" 44 | }, 45 | "tenant_name": { 46 | "description": "Tenant name", 47 | "type": "string" 48 | }, 49 | "type": { 50 | "const": "wum", 51 | "description": "Warning User Management", 52 | "type": "string" 53 | }, 54 | "user_agent": { 55 | "description": "The user_agent behind this log, when available", 56 | "examples": [ 57 | "Chrome 120.0.0 / Mac OS X 10.15.7" 58 | ], 59 | "type": "string" 60 | }, 61 | "user_id": { 62 | "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", 63 | "type": "string" 64 | }, 65 | "user_name": { 66 | "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", 67 | "examples": [ 68 | [ 69 | "example@example.com", 70 | "+14155554321" 71 | ] 72 | ], 73 | "type": "string" 74 | } 75 | }, 76 | "required": [ 77 | "description", 78 | "details", 79 | "log_id", 80 | "tenant_name", 81 | "type" 82 | ], 83 | "type": "object" 84 | } 85 | -------------------------------------------------------------------------------- /schemas/log-types/rich_consents_access_error.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "properties": { 4 | "$event_schema": { 5 | "description": "Event schema meta", 6 | "allOf": [ 7 | { 8 | "properties": { 9 | "version": { 10 | "type": "string" 11 | } 12 | }, 13 | "required": [ 14 | "version" 15 | ], 16 | "type": "object" 17 | } 18 | ] 19 | }, 20 | "description": { 21 | "description": "Description of the event. This can also contain a description of the issue for failure logs.", 22 | "type": "string" 23 | }, 24 | "details": { 25 | "description": "Log details", 26 | "properties": { 27 | "error": { 28 | "properties": { 29 | "message": { 30 | "type": "string" 31 | } 32 | }, 33 | "required": [ 34 | "message" 35 | ], 36 | "type": "object" 37 | }, 38 | "requestedRichConsentId": { 39 | "type": "string" 40 | } 41 | }, 42 | "required": [ 43 | "error", 44 | "requestedRichConsentId" 45 | ], 46 | "type": "object" 47 | }, 48 | "hostname": { 49 | "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", 50 | "type": "string" 51 | }, 52 | "ip": { 53 | "anyOf": [ 54 | { 55 | "format": "ipv4", 56 | "type": "string" 57 | }, 58 | { 59 | "format": "ipv6", 60 | "type": "string" 61 | } 62 | ], 63 | "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." 64 | }, 65 | "log_id": { 66 | "description": "Log id", 67 | "type": "string" 68 | }, 69 | "tenant_name": { 70 | "description": "Tenant name", 71 | "type": "string" 72 | }, 73 | "type": { 74 | "const": "rich_consents_access_error", 75 | "description": "Failed get rich consent record request", 76 | "type": "string" 77 | }, 78 | "user_agent": { 79 | "description": "The user_agent behind this log, when available", 80 | "examples": [ 81 | "Chrome 120.0.0 / Mac OS X 10.15.7" 82 | ], 83 | "type": "string" 84 | } 85 | }, 86 | "required": [ 87 | "description", 88 | "details", 89 | "hostname", 90 | "ip", 91 | "log_id", 92 | "tenant_name", 93 | "type" 94 | ], 95 | "type": "object" 96 | } 97 | -------------------------------------------------------------------------------- /schemas/log-types/ss_sso_info.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "description": "Information from a Self-Service Single Sign-On Operation Only emitted by snake-server", 4 | "properties": { 5 | "$event_schema": { 6 | "description": "Event schema meta", 7 | "allOf": [ 8 | { 9 | "properties": { 10 | "version": { 11 | "type": "string" 12 | } 13 | }, 14 | "required": [ 15 | "version" 16 | ], 17 | "type": "object" 18 | } 19 | ] 20 | }, 21 | "description": { 22 | "description": "Description of the event. This can also contain a description of the issue for failure logs.", 23 | "type": "string" 24 | }, 25 | "details": { 26 | "description": "Log details", 27 | "properties": { 28 | "connection_name": { 29 | "type": "string" 30 | }, 31 | "custom_domain": { 32 | "type": "string" 33 | }, 34 | "flow_type": { 35 | "enum": [ 36 | "create", 37 | "update" 38 | ], 39 | "type": "string" 40 | }, 41 | "ss_sso_event_name": { 42 | "enum": [ 43 | "ss_sso_try_connection_start", 44 | "ss_sso_try_connection_end", 45 | "ss_sso_flow_end" 46 | ], 47 | "type": "string" 48 | }, 49 | "ss_sso_tracing_id": { 50 | "type": "string" 51 | } 52 | }, 53 | "required": [ 54 | "ss_sso_event_name", 55 | "ss_sso_tracing_id", 56 | "connection_name", 57 | "flow_type" 58 | ], 59 | "type": "object" 60 | }, 61 | "ip": { 62 | "anyOf": [ 63 | { 64 | "format": "ipv4", 65 | "type": "string" 66 | }, 67 | { 68 | "format": "ipv6", 69 | "type": "string" 70 | } 71 | ], 72 | "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." 73 | }, 74 | "log_id": { 75 | "description": "Log id", 76 | "type": "string" 77 | }, 78 | "tenant_name": { 79 | "description": "Tenant name", 80 | "type": "string" 81 | }, 82 | "type": { 83 | "const": "ss_sso_info", 84 | "description": "Information from an SS-SSO Operation", 85 | "type": "string" 86 | }, 87 | "user_agent": { 88 | "description": "The user_agent behind this log, when available", 89 | "examples": [ 90 | "Chrome 120.0.0 / Mac OS X 10.15.7" 91 | ], 92 | "type": "string" 93 | } 94 | }, 95 | "required": [ 96 | "description", 97 | "details", 98 | "ip", 99 | "log_id", 100 | "tenant_name", 101 | "type" 102 | ], 103 | "type": "object" 104 | } 105 | -------------------------------------------------------------------------------- /schemas/log-types/universal_logout_succeeded.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "properties": { 4 | "$event_schema": { 5 | "description": "Event schema meta", 6 | "allOf": [ 7 | { 8 | "properties": { 9 | "version": { 10 | "type": "string" 11 | } 12 | }, 13 | "required": [ 14 | "version" 15 | ], 16 | "type": "object" 17 | } 18 | ] 19 | }, 20 | "connection": { 21 | "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", 22 | "type": "string" 23 | }, 24 | "connection_id": { 25 | "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", 26 | "type": "string" 27 | }, 28 | "description": { 29 | "description": "Description of the event. This can also contain a description of the issue for failure logs.", 30 | "type": "string" 31 | }, 32 | "details": { 33 | "description": "Log details" 34 | }, 35 | "identity_user_id": { 36 | "description": "ID for the user as reported by the IdP.", 37 | "type": "string" 38 | }, 39 | "ip": { 40 | "anyOf": [ 41 | { 42 | "format": "ipv4", 43 | "type": "string" 44 | }, 45 | { 46 | "format": "ipv6", 47 | "type": "string" 48 | } 49 | ], 50 | "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." 51 | }, 52 | "log_id": { 53 | "description": "Log id", 54 | "type": "string" 55 | }, 56 | "tenant_name": { 57 | "description": "Tenant name", 58 | "type": "string" 59 | }, 60 | "type": { 61 | "const": "universal_logout_succeeded", 62 | "description": "Successful Universal Logout request", 63 | "type": "string" 64 | }, 65 | "user_agent": { 66 | "description": "The user_agent behind this log, when available", 67 | "examples": [ 68 | "Chrome 120.0.0 / Mac OS X 10.15.7" 69 | ], 70 | "type": "string" 71 | }, 72 | "user_id": { 73 | "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", 74 | "type": "string" 75 | }, 76 | "user_name": { 77 | "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", 78 | "examples": [ 79 | [ 80 | "example@example.com", 81 | "+14155554321" 82 | ] 83 | ], 84 | "type": "string" 85 | } 86 | }, 87 | "required": [ 88 | "description", 89 | "ip", 90 | "log_id", 91 | "tenant_name", 92 | "type" 93 | ], 94 | "type": "object" 95 | } 96 | -------------------------------------------------------------------------------- /schemas/log-types/acls_summary.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "properties": { 4 | "$event_schema": { 5 | "description": "Event schema meta", 6 | "allOf": [ 7 | { 8 | "properties": { 9 | "version": { 10 | "type": "string" 11 | } 12 | }, 13 | "required": [ 14 | "version" 15 | ], 16 | "type": "object" 17 | } 18 | ] 19 | }, 20 | "description": { 21 | "description": "Description of the event. This can also contain a description of the issue for failure logs.", 22 | "type": "string" 23 | }, 24 | "details": { 25 | "description": "Log details", 26 | "properties": { 27 | "end_time": { 28 | "format": "date-time", 29 | "type": "string" 30 | }, 31 | "start_time": { 32 | "format": "date-time", 33 | "type": "string" 34 | }, 35 | "stats": { 36 | "items": { 37 | "properties": { 38 | "acl_id": { 39 | "type": "string" 40 | }, 41 | "action": { 42 | "type": "string" 43 | }, 44 | "description": { 45 | "type": "string" 46 | }, 47 | "match": { 48 | "properties": { 49 | "successes": { 50 | "type": "number" 51 | } 52 | }, 53 | "required": [ 54 | "successes" 55 | ], 56 | "type": "object" 57 | }, 58 | "priority": { 59 | "type": "number" 60 | }, 61 | "total_request_count": { 62 | "properties": { 63 | "successes": { 64 | "type": "number" 65 | } 66 | }, 67 | "required": [ 68 | "successes" 69 | ], 70 | "type": "object" 71 | } 72 | }, 73 | "required": [ 74 | "acl_id", 75 | "description", 76 | "priority", 77 | "action" 78 | ], 79 | "type": "object" 80 | }, 81 | "type": "array" 82 | } 83 | }, 84 | "required": [ 85 | "start_time", 86 | "end_time", 87 | "stats" 88 | ], 89 | "type": "object" 90 | }, 91 | "log_id": { 92 | "description": "Log id", 93 | "type": "string" 94 | }, 95 | "tenant_name": { 96 | "description": "Tenant name", 97 | "type": "string" 98 | }, 99 | "type": { 100 | "const": "acls_summary", 101 | "description": "Network ACLs summary", 102 | "type": "string" 103 | }, 104 | "user_agent": { 105 | "description": "The user_agent behind this log, when available", 106 | "examples": [ 107 | "Chrome 120.0.0 / Mac OS X 10.15.7" 108 | ], 109 | "type": "string" 110 | } 111 | }, 112 | "required": [ 113 | "description", 114 | "details", 115 | "log_id", 116 | "tenant_name", 117 | "type" 118 | ], 119 | "type": "object" 120 | } 121 | -------------------------------------------------------------------------------- /schemas/log-types/resource_cleanup.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "description": "Emitted when resources exceeding defined limits were removed. Normally related to refresh tokens", 4 | "properties": { 5 | "$event_schema": { 6 | "description": "Event schema meta", 7 | "allOf": [ 8 | { 9 | "properties": { 10 | "version": { 11 | "type": "string" 12 | } 13 | }, 14 | "required": [ 15 | "version" 16 | ], 17 | "type": "object" 18 | } 19 | ] 20 | }, 21 | "client_id": { 22 | "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", 23 | "type": [ 24 | "string", 25 | "null" 26 | ] 27 | }, 28 | "client_name": { 29 | "description": "Client name associated with the client_id, when available. May be empty string.", 30 | "type": "string" 31 | }, 32 | "description": { 33 | "description": "Description of the event. This can also contain a description of the issue for failure logs.", 34 | "type": "string" 35 | }, 36 | "details": { 37 | "description": "Log details", 38 | "properties": { 39 | "endCount": { 40 | "type": "number" 41 | }, 42 | "removedCount": { 43 | "type": "number" 44 | }, 45 | "resource": { 46 | "type": "string" 47 | }, 48 | "start": { 49 | "type": "number" 50 | } 51 | }, 52 | "required": [ 53 | "start", 54 | "removedCount", 55 | "endCount" 56 | ], 57 | "type": "object" 58 | }, 59 | "identity_user_id": { 60 | "description": "ID for the user as reported by the IdP.", 61 | "type": "string" 62 | }, 63 | "log_id": { 64 | "description": "Log id", 65 | "type": "string" 66 | }, 67 | "tenant_name": { 68 | "description": "Tenant name", 69 | "type": "string" 70 | }, 71 | "type": { 72 | "const": "resource_cleanup", 73 | "description": "Refresh Token Excess Warning", 74 | "type": "string" 75 | }, 76 | "user_agent": { 77 | "description": "The user_agent behind this log, when available", 78 | "examples": [ 79 | "Chrome 120.0.0 / Mac OS X 10.15.7" 80 | ], 81 | "type": "string" 82 | }, 83 | "user_id": { 84 | "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", 85 | "type": "string" 86 | }, 87 | "user_name": { 88 | "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", 89 | "examples": [ 90 | [ 91 | "example@example.com", 92 | "+14155554321" 93 | ] 94 | ], 95 | "type": "string" 96 | } 97 | }, 98 | "required": [ 99 | "client_name", 100 | "description", 101 | "details", 102 | "log_id", 103 | "tenant_name", 104 | "type" 105 | ], 106 | "type": "object" 107 | } 108 | -------------------------------------------------------------------------------- /schemas/log-types/fn.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "description": "Failed Notification", 4 | "properties": { 5 | "$event_schema": { 6 | "description": "Event schema meta", 7 | "allOf": [ 8 | { 9 | "properties": { 10 | "version": { 11 | "type": "string" 12 | } 13 | }, 14 | "required": [ 15 | "version" 16 | ], 17 | "type": "object" 18 | } 19 | ] 20 | }, 21 | "client_id": { 22 | "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", 23 | "type": [ 24 | "string", 25 | "null" 26 | ] 27 | }, 28 | "client_name": { 29 | "description": "Client name associated with the client_id, when available. May be empty string.", 30 | "type": "string" 31 | }, 32 | "connection": { 33 | "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", 34 | "type": "string" 35 | }, 36 | "connection_id": { 37 | "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", 38 | "type": "string" 39 | }, 40 | "description": { 41 | "description": "Description of the event. This can also contain a description of the issue for failure logs.", 42 | "type": "string" 43 | }, 44 | "details": { 45 | "description": "Log details", 46 | "properties": { 47 | "email_type": { 48 | "type": "string" 49 | }, 50 | "error": { 51 | "type": "string" 52 | }, 53 | "notification_type": { 54 | "type": "string" 55 | }, 56 | "to": { 57 | "type": "string" 58 | } 59 | }, 60 | "required": [ 61 | "email_type", 62 | "notification_type", 63 | "to" 64 | ], 65 | "type": "object" 66 | }, 67 | "ip": { 68 | "anyOf": [ 69 | { 70 | "format": "ipv4", 71 | "type": "string" 72 | }, 73 | { 74 | "format": "ipv6", 75 | "type": "string" 76 | } 77 | ], 78 | "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." 79 | }, 80 | "log_id": { 81 | "description": "Log id", 82 | "type": "string" 83 | }, 84 | "tenant_name": { 85 | "description": "Tenant name", 86 | "type": "string" 87 | }, 88 | "type": { 89 | "const": "fn", 90 | "description": "Failed Notification", 91 | "type": "string" 92 | }, 93 | "user_agent": { 94 | "description": "The user_agent behind this log, when available", 95 | "examples": [ 96 | "Chrome 120.0.0 / Mac OS X 10.15.7" 97 | ], 98 | "type": "string" 99 | } 100 | }, 101 | "required": [ 102 | "client_name", 103 | "description", 104 | "details", 105 | "ip", 106 | "log_id", 107 | "tenant_name", 108 | "type" 109 | ], 110 | "type": "object" 111 | } 112 | -------------------------------------------------------------------------------- /schemas/log-types/ss_sso_success.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "description": "Successful Self-Service Single Sign-On Operation Only emitted by snake-server", 4 | "properties": { 5 | "$event_schema": { 6 | "description": "Event schema meta", 7 | "allOf": [ 8 | { 9 | "properties": { 10 | "version": { 11 | "type": "string" 12 | } 13 | }, 14 | "required": [ 15 | "version" 16 | ], 17 | "type": "object" 18 | } 19 | ] 20 | }, 21 | "description": { 22 | "description": "Description of the event. This can also contain a description of the issue for failure logs.", 23 | "type": "string" 24 | }, 25 | "details": { 26 | "description": "Log details", 27 | "properties": { 28 | "connection_name": { 29 | "type": "string" 30 | }, 31 | "custom_domain": { 32 | "type": "string" 33 | }, 34 | "flow_type": { 35 | "enum": [ 36 | "create", 37 | "update" 38 | ], 39 | "type": "string" 40 | }, 41 | "ss_sso_event_name": { 42 | "enum": [ 43 | "ss_sso_ticket_generation", 44 | "ss_sso_ticket_consumption", 45 | "ss_sso_connection_creation", 46 | "ss_sso_connection_update", 47 | "ss_sso_enable_connection", 48 | "ss_sso_add_domain", 49 | "ss_sso_delete_pending_domain", 50 | "ss_sso_domain_verification_unsuccessful", 51 | "ss_sso_domain_verification_successful", 52 | "ss_sso_provisioning_token_creation", 53 | "ss_sso_provisioning_token_deletion", 54 | "ss_sso_provisioning_attribute_update", 55 | "ss_sso_missing_configuration" 56 | ], 57 | "type": "string" 58 | }, 59 | "ss_sso_tracing_id": { 60 | "type": "string" 61 | } 62 | }, 63 | "required": [ 64 | "ss_sso_event_name", 65 | "ss_sso_tracing_id", 66 | "connection_name", 67 | "flow_type" 68 | ], 69 | "type": "object" 70 | }, 71 | "ip": { 72 | "anyOf": [ 73 | { 74 | "format": "ipv4", 75 | "type": "string" 76 | }, 77 | { 78 | "format": "ipv6", 79 | "type": "string" 80 | } 81 | ], 82 | "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." 83 | }, 84 | "log_id": { 85 | "description": "Log id", 86 | "type": "string" 87 | }, 88 | "tenant_name": { 89 | "description": "Tenant name", 90 | "type": "string" 91 | }, 92 | "type": { 93 | "const": "ss_sso_success", 94 | "description": "Successful SS-SSO Operation", 95 | "type": "string" 96 | }, 97 | "user_agent": { 98 | "description": "The user_agent behind this log, when available", 99 | "examples": [ 100 | "Chrome 120.0.0 / Mac OS X 10.15.7" 101 | ], 102 | "type": "string" 103 | } 104 | }, 105 | "required": [ 106 | "description", 107 | "details", 108 | "ip", 109 | "log_id", 110 | "tenant_name", 111 | "type" 112 | ], 113 | "type": "object" 114 | } 115 | -------------------------------------------------------------------------------- /schemas/log-types/federated_logout_failed.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "properties": { 4 | "$event_schema": { 5 | "description": "Event schema meta", 6 | "allOf": [ 7 | { 8 | "properties": { 9 | "version": { 10 | "type": "string" 11 | } 12 | }, 13 | "required": [ 14 | "version" 15 | ], 16 | "type": "object" 17 | } 18 | ] 19 | }, 20 | "connection": { 21 | "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", 22 | "type": "string" 23 | }, 24 | "connection_id": { 25 | "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", 26 | "type": "string" 27 | }, 28 | "description": { 29 | "description": "Description of the event. This can also contain a description of the issue for failure logs.", 30 | "type": "string" 31 | }, 32 | "details": { 33 | "description": "Log details", 34 | "properties": { 35 | "errors": { 36 | "items": { 37 | "type": "string" 38 | }, 39 | "type": "array" 40 | } 41 | }, 42 | "required": [ 43 | "errors" 44 | ], 45 | "type": "object" 46 | }, 47 | "identity_user_id": { 48 | "description": "ID for the user as reported by the IdP.", 49 | "type": "string" 50 | }, 51 | "ip": { 52 | "anyOf": [ 53 | { 54 | "format": "ipv4", 55 | "type": "string" 56 | }, 57 | { 58 | "format": "ipv6", 59 | "type": "string" 60 | } 61 | ], 62 | "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." 63 | }, 64 | "log_id": { 65 | "description": "Log id", 66 | "type": "string" 67 | }, 68 | "tenant_name": { 69 | "description": "Tenant name", 70 | "type": "string" 71 | }, 72 | "type": { 73 | "const": "federated_logout_failed", 74 | "description": "Failed Federated Logout request", 75 | "type": "string" 76 | }, 77 | "user_agent": { 78 | "description": "The user_agent behind this log, when available", 79 | "examples": [ 80 | "Chrome 120.0.0 / Mac OS X 10.15.7" 81 | ], 82 | "type": "string" 83 | }, 84 | "user_id": { 85 | "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", 86 | "type": "string" 87 | }, 88 | "user_name": { 89 | "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", 90 | "examples": [ 91 | [ 92 | "example@example.com", 93 | "+14155554321" 94 | ] 95 | ], 96 | "type": "string" 97 | } 98 | }, 99 | "required": [ 100 | "description", 101 | "details", 102 | "ip", 103 | "log_id", 104 | "tenant_name", 105 | "type" 106 | ], 107 | "type": "object" 108 | } 109 | -------------------------------------------------------------------------------- /schemas/log-types/fdecc.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "description": "Failed Device Confirmation - User Canceled", 4 | "properties": { 5 | "$event_schema": { 6 | "description": "Event schema meta", 7 | "allOf": [ 8 | { 9 | "properties": { 10 | "version": { 11 | "type": "string" 12 | } 13 | }, 14 | "required": [ 15 | "version" 16 | ], 17 | "type": "object" 18 | } 19 | ] 20 | }, 21 | "client_id": { 22 | "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", 23 | "type": [ 24 | "string", 25 | "null" 26 | ] 27 | }, 28 | "client_name": { 29 | "description": "Client name associated with the client_id, when available. May be empty string.", 30 | "type": "string" 31 | }, 32 | "description": { 33 | "description": "Description of the event. This can also contain a description of the issue for failure logs.", 34 | "type": "string" 35 | }, 36 | "details": { 37 | "description": "Log details", 38 | "properties": { 39 | "session_id": { 40 | "type": "string" 41 | } 42 | }, 43 | "required": [ 44 | "session_id" 45 | ], 46 | "type": "object" 47 | }, 48 | "identity_user_id": { 49 | "description": "ID for the user as reported by the IdP.", 50 | "type": "string" 51 | }, 52 | "ip": { 53 | "anyOf": [ 54 | { 55 | "format": "ipv4", 56 | "type": "string" 57 | }, 58 | { 59 | "format": "ipv6", 60 | "type": "string" 61 | } 62 | ], 63 | "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." 64 | }, 65 | "log_id": { 66 | "description": "Log id", 67 | "type": "string" 68 | }, 69 | "tenant_name": { 70 | "description": "Tenant name", 71 | "type": "string" 72 | }, 73 | "type": { 74 | "const": "fdecc", 75 | "description": "Failed Device Confirmation - User Canceled", 76 | "type": "string" 77 | }, 78 | "user_agent": { 79 | "description": "The user_agent behind this log, when available", 80 | "examples": [ 81 | "Chrome 120.0.0 / Mac OS X 10.15.7" 82 | ], 83 | "type": "string" 84 | }, 85 | "user_id": { 86 | "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", 87 | "type": "string" 88 | }, 89 | "user_name": { 90 | "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", 91 | "examples": [ 92 | [ 93 | "example@example.com", 94 | "+14155554321" 95 | ] 96 | ], 97 | "type": "string" 98 | } 99 | }, 100 | "required": [ 101 | "client_name", 102 | "description", 103 | "details", 104 | "ip", 105 | "log_id", 106 | "tenant_name", 107 | "type" 108 | ], 109 | "type": "object" 110 | } 111 | -------------------------------------------------------------------------------- /schemas/log-types/limit_delegation.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "description": "A user is temporarily prevented from logging in because of too many delegation requests", 4 | "properties": { 5 | "$event_schema": { 6 | "description": "Event schema meta", 7 | "allOf": [ 8 | { 9 | "properties": { 10 | "version": { 11 | "type": "string" 12 | } 13 | }, 14 | "required": [ 15 | "version" 16 | ], 17 | "type": "object" 18 | } 19 | ] 20 | }, 21 | "connection": { 22 | "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", 23 | "type": "string" 24 | }, 25 | "connection_id": { 26 | "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", 27 | "type": "string" 28 | }, 29 | "description": { 30 | "description": "Description of the event. This can also contain a description of the issue for failure logs.", 31 | "type": "string" 32 | }, 33 | "details": { 34 | "description": "Log details" 35 | }, 36 | "hostname": { 37 | "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", 38 | "type": "string" 39 | }, 40 | "identity_user_id": { 41 | "description": "ID for the user as reported by the IdP.", 42 | "type": "string" 43 | }, 44 | "ip": { 45 | "anyOf": [ 46 | { 47 | "format": "ipv4", 48 | "type": "string" 49 | }, 50 | { 51 | "format": "ipv6", 52 | "type": "string" 53 | } 54 | ], 55 | "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." 56 | }, 57 | "log_id": { 58 | "description": "Log id", 59 | "type": "string" 60 | }, 61 | "tenant_name": { 62 | "description": "Tenant name", 63 | "type": "string" 64 | }, 65 | "type": { 66 | "const": "limit_delegation", 67 | "description": "Blocked Account - Too many Delegation requests", 68 | "type": "string" 69 | }, 70 | "user_agent": { 71 | "description": "The user_agent behind this log, when available", 72 | "examples": [ 73 | "Chrome 120.0.0 / Mac OS X 10.15.7" 74 | ], 75 | "type": "string" 76 | }, 77 | "user_id": { 78 | "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", 79 | "type": "string" 80 | }, 81 | "user_name": { 82 | "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", 83 | "examples": [ 84 | [ 85 | "example@example.com", 86 | "+14155554321" 87 | ] 88 | ], 89 | "type": "string" 90 | } 91 | }, 92 | "required": [ 93 | "description", 94 | "hostname", 95 | "ip", 96 | "log_id", 97 | "tenant_name", 98 | "type" 99 | ], 100 | "type": "object" 101 | } 102 | -------------------------------------------------------------------------------- /schemas/log-types/wn.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "description": "Warning Notification", 4 | "properties": { 5 | "$event_schema": { 6 | "description": "Event schema meta", 7 | "allOf": [ 8 | { 9 | "properties": { 10 | "version": { 11 | "type": "string" 12 | } 13 | }, 14 | "required": [ 15 | "version" 16 | ], 17 | "type": "object" 18 | } 19 | ] 20 | }, 21 | "client_id": { 22 | "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", 23 | "type": [ 24 | "string", 25 | "null" 26 | ] 27 | }, 28 | "client_name": { 29 | "description": "Client name associated with the client_id, when available. May be empty string.", 30 | "type": "string" 31 | }, 32 | "connection": { 33 | "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", 34 | "type": "string" 35 | }, 36 | "connection_id": { 37 | "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", 38 | "type": "string" 39 | }, 40 | "description": { 41 | "description": "Description of the event. This can also contain a description of the issue for failure logs.", 42 | "type": "string" 43 | }, 44 | "details": { 45 | "description": "Log details", 46 | "properties": { 47 | "notification_channel": { 48 | "type": "string" 49 | }, 50 | "notification_type": { 51 | "type": "string" 52 | }, 53 | "to": { 54 | "type": "string" 55 | }, 56 | "warning": { 57 | "type": "string" 58 | } 59 | }, 60 | "required": [ 61 | "notification_type", 62 | "notification_channel", 63 | "to" 64 | ], 65 | "type": "object" 66 | }, 67 | "identity_user_id": { 68 | "description": "ID for the user as reported by the IdP.", 69 | "type": "string" 70 | }, 71 | "log_id": { 72 | "description": "Log id", 73 | "type": "string" 74 | }, 75 | "tenant_name": { 76 | "description": "Tenant name", 77 | "type": "string" 78 | }, 79 | "type": { 80 | "const": "wn", 81 | "description": "Warning Notifications", 82 | "type": "string" 83 | }, 84 | "user_agent": { 85 | "description": "The user_agent behind this log, when available", 86 | "examples": [ 87 | "Chrome 120.0.0 / Mac OS X 10.15.7" 88 | ], 89 | "type": "string" 90 | }, 91 | "user_id": { 92 | "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", 93 | "type": "string" 94 | }, 95 | "user_name": { 96 | "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", 97 | "examples": [ 98 | [ 99 | "example@example.com", 100 | "+14155554321" 101 | ] 102 | ], 103 | "type": "string" 104 | } 105 | }, 106 | "required": [ 107 | "description", 108 | "details", 109 | "log_id", 110 | "tenant_name", 111 | "type" 112 | ], 113 | "type": "object" 114 | } 115 | -------------------------------------------------------------------------------- /schemas/log-types/universal_logout_failed.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "properties": { 4 | "$event_schema": { 5 | "description": "Event schema meta", 6 | "allOf": [ 7 | { 8 | "properties": { 9 | "version": { 10 | "type": "string" 11 | } 12 | }, 13 | "required": [ 14 | "version" 15 | ], 16 | "type": "object" 17 | } 18 | ] 19 | }, 20 | "connection": { 21 | "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", 22 | "type": "string" 23 | }, 24 | "connection_id": { 25 | "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", 26 | "type": "string" 27 | }, 28 | "description": { 29 | "description": "Description of the event. This can also contain a description of the issue for failure logs.", 30 | "type": "string" 31 | }, 32 | "details": { 33 | "description": "Log details", 34 | "properties": { 35 | "error": { 36 | "type": "string" 37 | }, 38 | "response": { 39 | "properties": { 40 | "statusCode": { 41 | "type": "number" 42 | } 43 | }, 44 | "required": [ 45 | "statusCode" 46 | ], 47 | "type": "object" 48 | } 49 | }, 50 | "required": [ 51 | "response", 52 | "error" 53 | ], 54 | "type": "object" 55 | }, 56 | "identity_user_id": { 57 | "description": "ID for the user as reported by the IdP.", 58 | "type": "string" 59 | }, 60 | "ip": { 61 | "anyOf": [ 62 | { 63 | "format": "ipv4", 64 | "type": "string" 65 | }, 66 | { 67 | "format": "ipv6", 68 | "type": "string" 69 | } 70 | ], 71 | "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." 72 | }, 73 | "log_id": { 74 | "description": "Log id", 75 | "type": "string" 76 | }, 77 | "tenant_name": { 78 | "description": "Tenant name", 79 | "type": "string" 80 | }, 81 | "type": { 82 | "const": "universal_logout_failed", 83 | "description": "Failed Universal Logout request", 84 | "type": "string" 85 | }, 86 | "user_agent": { 87 | "description": "The user_agent behind this log, when available", 88 | "examples": [ 89 | "Chrome 120.0.0 / Mac OS X 10.15.7" 90 | ], 91 | "type": "string" 92 | }, 93 | "user_id": { 94 | "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", 95 | "type": "string" 96 | }, 97 | "user_name": { 98 | "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", 99 | "examples": [ 100 | [ 101 | "example@example.com", 102 | "+14155554321" 103 | ] 104 | ], 105 | "type": "string" 106 | } 107 | }, 108 | "required": [ 109 | "description", 110 | "details", 111 | "ip", 112 | "log_id", 113 | "tenant_name", 114 | "type" 115 | ], 116 | "type": "object" 117 | } 118 | -------------------------------------------------------------------------------- /schemas/log-types/oidc_backchannel_logout_failed.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "properties": { 4 | "$event_schema": { 5 | "description": "Event schema meta", 6 | "allOf": [ 7 | { 8 | "properties": { 9 | "version": { 10 | "type": "string" 11 | } 12 | }, 13 | "required": [ 14 | "version" 15 | ], 16 | "type": "object" 17 | } 18 | ] 19 | }, 20 | "client_id": { 21 | "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", 22 | "type": [ 23 | "string", 24 | "null" 25 | ] 26 | }, 27 | "client_name": { 28 | "description": "Client name associated with the client_id, when available. May be empty string.", 29 | "type": "string" 30 | }, 31 | "description": { 32 | "description": "Description of the event. This can also contain a description of the issue for failure logs.", 33 | "type": "string" 34 | }, 35 | "details": { 36 | "description": "Log details", 37 | "properties": { 38 | "errors": { 39 | "items": { 40 | "type": "string" 41 | }, 42 | "type": "array" 43 | }, 44 | "initiator": { 45 | "type": "string" 46 | }, 47 | "request": { 48 | "properties": { 49 | "backchannel_logout_uri": { 50 | "type": "string" 51 | }, 52 | "method": { 53 | "type": "string" 54 | } 55 | }, 56 | "required": [ 57 | "method", 58 | "backchannel_logout_uri" 59 | ], 60 | "type": "object" 61 | }, 62 | "response": { 63 | "properties": { 64 | "statusCode": { 65 | "type": "number" 66 | } 67 | }, 68 | "required": [ 69 | "statusCode" 70 | ], 71 | "type": "object" 72 | } 73 | }, 74 | "required": [ 75 | "request", 76 | "response", 77 | "initiator" 78 | ], 79 | "type": "object" 80 | }, 81 | "identity_user_id": { 82 | "description": "ID for the user as reported by the IdP.", 83 | "type": "string" 84 | }, 85 | "log_id": { 86 | "description": "Log id", 87 | "type": "string" 88 | }, 89 | "tenant_name": { 90 | "description": "Tenant name", 91 | "type": "string" 92 | }, 93 | "type": { 94 | "const": "oidc_backchannel_logout_failed", 95 | "description": "Failed OIDC Back-Channel Logout request", 96 | "type": "string" 97 | }, 98 | "user_agent": { 99 | "description": "The user_agent behind this log, when available", 100 | "examples": [ 101 | "Chrome 120.0.0 / Mac OS X 10.15.7" 102 | ], 103 | "type": "string" 104 | }, 105 | "user_id": { 106 | "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", 107 | "type": "string" 108 | }, 109 | "user_name": { 110 | "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", 111 | "examples": [ 112 | [ 113 | "example@example.com", 114 | "+14155554321" 115 | ] 116 | ], 117 | "type": "string" 118 | } 119 | }, 120 | "required": [ 121 | "client_name", 122 | "description", 123 | "details", 124 | "log_id", 125 | "tenant_name", 126 | "type" 127 | ], 128 | "type": "object" 129 | } 130 | -------------------------------------------------------------------------------- /schemas/log-types/oidc_backchannel_logout_succeeded.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "properties": { 4 | "$event_schema": { 5 | "description": "Event schema meta", 6 | "allOf": [ 7 | { 8 | "properties": { 9 | "version": { 10 | "type": "string" 11 | } 12 | }, 13 | "required": [ 14 | "version" 15 | ], 16 | "type": "object" 17 | } 18 | ] 19 | }, 20 | "client_id": { 21 | "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", 22 | "type": [ 23 | "string", 24 | "null" 25 | ] 26 | }, 27 | "client_name": { 28 | "description": "Client name associated with the client_id, when available. May be empty string.", 29 | "type": "string" 30 | }, 31 | "description": { 32 | "description": "Description of the event. This can also contain a description of the issue for failure logs.", 33 | "type": "string" 34 | }, 35 | "details": { 36 | "description": "Log details", 37 | "properties": { 38 | "errors": { 39 | "items": { 40 | "type": "string" 41 | }, 42 | "type": "array" 43 | }, 44 | "initiator": { 45 | "type": "string" 46 | }, 47 | "request": { 48 | "properties": { 49 | "backchannel_logout_uri": { 50 | "type": "string" 51 | }, 52 | "method": { 53 | "type": "string" 54 | } 55 | }, 56 | "required": [ 57 | "method", 58 | "backchannel_logout_uri" 59 | ], 60 | "type": "object" 61 | }, 62 | "response": { 63 | "properties": { 64 | "statusCode": { 65 | "type": "number" 66 | } 67 | }, 68 | "required": [ 69 | "statusCode" 70 | ], 71 | "type": "object" 72 | } 73 | }, 74 | "required": [ 75 | "request", 76 | "response", 77 | "initiator" 78 | ], 79 | "type": "object" 80 | }, 81 | "identity_user_id": { 82 | "description": "ID for the user as reported by the IdP.", 83 | "type": "string" 84 | }, 85 | "log_id": { 86 | "description": "Log id", 87 | "type": "string" 88 | }, 89 | "tenant_name": { 90 | "description": "Tenant name", 91 | "type": "string" 92 | }, 93 | "type": { 94 | "const": "oidc_backchannel_logout_succeeded", 95 | "description": "Successful OIDC Back-Channel Logout request", 96 | "type": "string" 97 | }, 98 | "user_agent": { 99 | "description": "The user_agent behind this log, when available", 100 | "examples": [ 101 | "Chrome 120.0.0 / Mac OS X 10.15.7" 102 | ], 103 | "type": "string" 104 | }, 105 | "user_id": { 106 | "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", 107 | "type": "string" 108 | }, 109 | "user_name": { 110 | "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", 111 | "examples": [ 112 | [ 113 | "example@example.com", 114 | "+14155554321" 115 | ] 116 | ], 117 | "type": "string" 118 | } 119 | }, 120 | "required": [ 121 | "client_name", 122 | "description", 123 | "details", 124 | "log_id", 125 | "tenant_name", 126 | "type" 127 | ], 128 | "type": "object" 129 | } 130 | -------------------------------------------------------------------------------- /schemas/log-types/fcpro.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "description": "Failed to provision a AD/LDAP connector", 4 | "properties": { 5 | "$event_schema": { 6 | "description": "Event schema meta", 7 | "allOf": [ 8 | { 9 | "properties": { 10 | "version": { 11 | "type": "string" 12 | } 13 | }, 14 | "required": [ 15 | "version" 16 | ], 17 | "type": "object" 18 | } 19 | ] 20 | }, 21 | "client_id": { 22 | "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", 23 | "type": [ 24 | "string", 25 | "null" 26 | ] 27 | }, 28 | "client_name": { 29 | "description": "Client name associated with the client_id, when available. May be empty string.", 30 | "type": "string" 31 | }, 32 | "connection": { 33 | "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", 34 | "type": "string" 35 | }, 36 | "connection_id": { 37 | "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", 38 | "type": "string" 39 | }, 40 | "description": { 41 | "description": "Description of the event. This can also contain a description of the issue for failure logs.", 42 | "type": "string" 43 | }, 44 | "details": { 45 | "properties": { 46 | "details": { 47 | "type": "string" 48 | } 49 | }, 50 | "required": [ 51 | "details" 52 | ], 53 | "type": "object" 54 | }, 55 | "hostname": { 56 | "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", 57 | "type": "string" 58 | }, 59 | "identity_user_id": { 60 | "description": "ID for the user as reported by the IdP.", 61 | "type": "string" 62 | }, 63 | "ip": { 64 | "anyOf": [ 65 | { 66 | "format": "ipv4", 67 | "type": "string" 68 | }, 69 | { 70 | "format": "ipv6", 71 | "type": "string" 72 | } 73 | ], 74 | "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." 75 | }, 76 | "log_id": { 77 | "description": "Log id", 78 | "type": "string" 79 | }, 80 | "tenant_name": { 81 | "description": "Tenant name", 82 | "type": "string" 83 | }, 84 | "type": { 85 | "const": "fcpro", 86 | "description": "Failed Connector Provisioning", 87 | "type": "string" 88 | }, 89 | "user_agent": { 90 | "description": "The user_agent behind this log, when available", 91 | "examples": [ 92 | "Chrome 120.0.0 / Mac OS X 10.15.7" 93 | ], 94 | "type": "string" 95 | }, 96 | "user_id": { 97 | "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", 98 | "type": "string" 99 | }, 100 | "user_name": { 101 | "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", 102 | "examples": [ 103 | [ 104 | "example@example.com", 105 | "+14155554321" 106 | ] 107 | ], 108 | "type": "string" 109 | } 110 | }, 111 | "required": [ 112 | "client_name", 113 | "description", 114 | "details", 115 | "hostname", 116 | "ip", 117 | "log_id", 118 | "tenant_name", 119 | "type" 120 | ], 121 | "type": "object" 122 | } 123 | -------------------------------------------------------------------------------- /schemas/log-types/ss_sso_failure.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "description": "Failed Self-Service Single Sign-On Operation Only emitted by snake-server", 4 | "properties": { 5 | "$event_schema": { 6 | "description": "Event schema meta", 7 | "allOf": [ 8 | { 9 | "properties": { 10 | "version": { 11 | "type": "string" 12 | } 13 | }, 14 | "required": [ 15 | "version" 16 | ], 17 | "type": "object" 18 | } 19 | ] 20 | }, 21 | "description": { 22 | "description": "Description of the event. This can also contain a description of the issue for failure logs.", 23 | "type": "string" 24 | }, 25 | "details": { 26 | "anyOf": [ 27 | { 28 | "properties": { 29 | "connection_name": { 30 | "type": "string" 31 | }, 32 | "custom_domain": { 33 | "type": "string" 34 | }, 35 | "flow_type": { 36 | "enum": [ 37 | "create", 38 | "update" 39 | ], 40 | "type": "string" 41 | }, 42 | "ss_sso_event_name": { 43 | "const": "ss_sso_ticket_consumption", 44 | "type": "string" 45 | }, 46 | "ss_sso_tracing_id": { 47 | "type": "string" 48 | } 49 | }, 50 | "required": [ 51 | "ss_sso_event_name" 52 | ], 53 | "type": "object" 54 | }, 55 | { 56 | "properties": { 57 | "connection_name": { 58 | "type": "string" 59 | }, 60 | "custom_domain": { 61 | "type": "string" 62 | }, 63 | "flow_type": { 64 | "enum": [ 65 | "create", 66 | "update" 67 | ], 68 | "type": "string" 69 | }, 70 | "ss_sso_event_name": { 71 | "enum": [ 72 | "ss_sso_ticket_generation", 73 | "ss_sso_connection_creation", 74 | "ss_sso_connection_update", 75 | "ss_sso_enable_connection", 76 | "ss_sso_add_domain", 77 | "ss_sso_delete_pending_domain", 78 | "ss_sso_domain_verification", 79 | "ss_sso_provisioning_token_creation", 80 | "ss_sso_provisioning_token_deletion", 81 | "ss_sso_provisioning_attribute_update", 82 | "ss_sso_missing_configuration" 83 | ], 84 | "type": "string" 85 | }, 86 | "ss_sso_tracing_id": { 87 | "type": "string" 88 | } 89 | }, 90 | "required": [ 91 | "connection_name", 92 | "flow_type", 93 | "ss_sso_event_name", 94 | "ss_sso_tracing_id" 95 | ], 96 | "type": "object" 97 | } 98 | ], 99 | "description": "Log details" 100 | }, 101 | "ip": { 102 | "anyOf": [ 103 | { 104 | "format": "ipv4", 105 | "type": "string" 106 | }, 107 | { 108 | "format": "ipv6", 109 | "type": "string" 110 | } 111 | ], 112 | "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." 113 | }, 114 | "log_id": { 115 | "description": "Log id", 116 | "type": "string" 117 | }, 118 | "tenant_name": { 119 | "description": "Tenant name", 120 | "type": "string" 121 | }, 122 | "type": { 123 | "const": "ss_sso_failure", 124 | "description": "Failed SS-SSO Operation", 125 | "type": "string" 126 | }, 127 | "user_agent": { 128 | "description": "The user_agent behind this log, when available", 129 | "examples": [ 130 | "Chrome 120.0.0 / Mac OS X 10.15.7" 131 | ], 132 | "type": "string" 133 | } 134 | }, 135 | "required": [ 136 | "description", 137 | "details", 138 | "ip", 139 | "log_id", 140 | "tenant_name", 141 | "type" 142 | ], 143 | "type": "object" 144 | } 145 | -------------------------------------------------------------------------------- /schemas/log-types/fdu.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "description": "Failed User Deletion", 4 | "properties": { 5 | "$event_schema": { 6 | "description": "Event schema meta", 7 | "allOf": [ 8 | { 9 | "properties": { 10 | "version": { 11 | "type": "string" 12 | } 13 | }, 14 | "required": [ 15 | "version" 16 | ], 17 | "type": "object" 18 | } 19 | ] 20 | }, 21 | "connection": { 22 | "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", 23 | "type": "string" 24 | }, 25 | "connection_id": { 26 | "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", 27 | "type": "string" 28 | }, 29 | "description": { 30 | "description": "Description of the event. This can also contain a description of the issue for failure logs.", 31 | "type": "string" 32 | }, 33 | "details": { 34 | "description": "Log details", 35 | "properties": { 36 | "body": { 37 | "properties": { 38 | "connection": { 39 | "type": "string" 40 | }, 41 | "tenant": { 42 | "type": "string" 43 | } 44 | }, 45 | "type": "object" 46 | } 47 | }, 48 | "required": [ 49 | "body" 50 | ], 51 | "type": "object" 52 | }, 53 | "identity_user_id": { 54 | "description": "ID for the user as reported by the IdP.", 55 | "type": "string" 56 | }, 57 | "ip": { 58 | "anyOf": [ 59 | { 60 | "format": "ipv4", 61 | "type": "string" 62 | }, 63 | { 64 | "format": "ipv6", 65 | "type": "string" 66 | } 67 | ], 68 | "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." 69 | }, 70 | "log_id": { 71 | "description": "Log id", 72 | "type": "string" 73 | }, 74 | "strategy": { 75 | "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", 76 | "examples": [ 77 | [ 78 | "auth0", 79 | "waad", 80 | "oktawic", 81 | "google-oauth2" 82 | ] 83 | ], 84 | "type": "string" 85 | }, 86 | "strategy_type": { 87 | "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", 88 | "examples": [ 89 | [ 90 | "database", 91 | "social", 92 | "enterprise" 93 | ] 94 | ], 95 | "type": "string" 96 | }, 97 | "tenant_name": { 98 | "description": "Tenant name", 99 | "type": "string" 100 | }, 101 | "type": { 102 | "const": "fdu", 103 | "description": "Failed User Deletion", 104 | "type": "string" 105 | }, 106 | "user_agent": { 107 | "description": "The user_agent behind this log, when available", 108 | "examples": [ 109 | "Chrome 120.0.0 / Mac OS X 10.15.7" 110 | ], 111 | "type": "string" 112 | }, 113 | "user_id": { 114 | "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", 115 | "type": "string" 116 | }, 117 | "user_name": { 118 | "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", 119 | "examples": [ 120 | [ 121 | "example@example.com", 122 | "+14155554321" 123 | ] 124 | ], 125 | "type": "string" 126 | } 127 | }, 128 | "required": [ 129 | "description", 130 | "details", 131 | "ip", 132 | "log_id", 133 | "strategy", 134 | "strategy_type", 135 | "tenant_name", 136 | "type" 137 | ], 138 | "type": "object" 139 | } 140 | -------------------------------------------------------------------------------- /schemas/log-types/sdu.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "description": "Successful User Deletion", 4 | "properties": { 5 | "$event_schema": { 6 | "description": "Event schema meta", 7 | "allOf": [ 8 | { 9 | "properties": { 10 | "version": { 11 | "type": "string" 12 | } 13 | }, 14 | "required": [ 15 | "version" 16 | ], 17 | "type": "object" 18 | } 19 | ] 20 | }, 21 | "connection": { 22 | "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", 23 | "type": "string" 24 | }, 25 | "connection_id": { 26 | "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", 27 | "type": "string" 28 | }, 29 | "description": { 30 | "description": "Description of the event. This can also contain a description of the issue for failure logs.", 31 | "type": "string" 32 | }, 33 | "details": { 34 | "description": "Log details", 35 | "properties": { 36 | "body": { 37 | "properties": { 38 | "connection": { 39 | "type": "string" 40 | }, 41 | "tenant": { 42 | "type": "string" 43 | } 44 | }, 45 | "type": "object" 46 | } 47 | }, 48 | "required": [ 49 | "body" 50 | ], 51 | "type": "object" 52 | }, 53 | "identity_user_id": { 54 | "description": "ID for the user as reported by the IdP.", 55 | "type": "string" 56 | }, 57 | "ip": { 58 | "anyOf": [ 59 | { 60 | "format": "ipv4", 61 | "type": "string" 62 | }, 63 | { 64 | "format": "ipv6", 65 | "type": "string" 66 | } 67 | ], 68 | "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." 69 | }, 70 | "log_id": { 71 | "description": "Log id", 72 | "type": "string" 73 | }, 74 | "strategy": { 75 | "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", 76 | "examples": [ 77 | [ 78 | "auth0", 79 | "waad", 80 | "oktawic", 81 | "google-oauth2" 82 | ] 83 | ], 84 | "type": "string" 85 | }, 86 | "strategy_type": { 87 | "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", 88 | "examples": [ 89 | [ 90 | "database", 91 | "social", 92 | "enterprise" 93 | ] 94 | ], 95 | "type": "string" 96 | }, 97 | "tenant_name": { 98 | "description": "Tenant name", 99 | "type": "string" 100 | }, 101 | "type": { 102 | "const": "sdu", 103 | "description": "Successful User Deletion", 104 | "type": "string" 105 | }, 106 | "user_agent": { 107 | "description": "The user_agent behind this log, when available", 108 | "examples": [ 109 | "Chrome 120.0.0 / Mac OS X 10.15.7" 110 | ], 111 | "type": "string" 112 | }, 113 | "user_id": { 114 | "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", 115 | "type": "string" 116 | }, 117 | "user_name": { 118 | "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", 119 | "examples": [ 120 | [ 121 | "example@example.com", 122 | "+14155554321" 123 | ] 124 | ], 125 | "type": "string" 126 | } 127 | }, 128 | "required": [ 129 | "description", 130 | "details", 131 | "ip", 132 | "log_id", 133 | "strategy", 134 | "strategy_type", 135 | "tenant_name", 136 | "type" 137 | ], 138 | "type": "object" 139 | } 140 | -------------------------------------------------------------------------------- /schemas/log-types/pwd_leak.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "description": "Someone behind the IP address ip attempted to login with a leaked password", 4 | "properties": { 5 | "$event_schema": { 6 | "description": "Event schema meta", 7 | "allOf": [ 8 | { 9 | "properties": { 10 | "version": { 11 | "type": "string" 12 | } 13 | }, 14 | "required": [ 15 | "version" 16 | ], 17 | "type": "object" 18 | } 19 | ] 20 | }, 21 | "client_id": { 22 | "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", 23 | "type": [ 24 | "string", 25 | "null" 26 | ] 27 | }, 28 | "client_name": { 29 | "description": "Client name associated with the client_id, when available. May be empty string.", 30 | "type": "string" 31 | }, 32 | "connection": { 33 | "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", 34 | "type": "string" 35 | }, 36 | "connection_id": { 37 | "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", 38 | "type": "string" 39 | }, 40 | "description": { 41 | "description": "Description of the event. This can also contain a description of the issue for failure logs.", 42 | "type": "string" 43 | }, 44 | "details": { 45 | "description": "Log details" 46 | }, 47 | "hostname": { 48 | "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", 49 | "type": "string" 50 | }, 51 | "identity_user_id": { 52 | "description": "ID for the user as reported by the IdP.", 53 | "type": "string" 54 | }, 55 | "ip": { 56 | "anyOf": [ 57 | { 58 | "format": "ipv4", 59 | "type": "string" 60 | }, 61 | { 62 | "format": "ipv6", 63 | "type": "string" 64 | } 65 | ], 66 | "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." 67 | }, 68 | "log_id": { 69 | "description": "Log id", 70 | "type": "string" 71 | }, 72 | "security_context": { 73 | "properties": { 74 | "ja3": { 75 | "description": "JA3 fingerprint. Could be undefined.", 76 | "type": "string" 77 | }, 78 | "ja4": { 79 | "description": "JA4 fingerprint. Could be undefined.", 80 | "type": "string" 81 | } 82 | }, 83 | "type": "object" 84 | }, 85 | "tenant_name": { 86 | "description": "Tenant name", 87 | "type": "string" 88 | }, 89 | "type": { 90 | "const": "pwd_leak", 91 | "description": "Breached Password - Login", 92 | "type": "string" 93 | }, 94 | "user_agent": { 95 | "description": "The user_agent behind this log, when available", 96 | "examples": [ 97 | "Chrome 120.0.0 / Mac OS X 10.15.7" 98 | ], 99 | "type": "string" 100 | }, 101 | "user_id": { 102 | "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", 103 | "type": "string" 104 | }, 105 | "user_name": { 106 | "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", 107 | "examples": [ 108 | [ 109 | "example@example.com", 110 | "+14155554321" 111 | ] 112 | ], 113 | "type": "string" 114 | } 115 | }, 116 | "required": [ 117 | "client_name", 118 | "description", 119 | "hostname", 120 | "ip", 121 | "log_id", 122 | "tenant_name", 123 | "type" 124 | ], 125 | "type": "object" 126 | } 127 | -------------------------------------------------------------------------------- /schemas/log-types/reset_pwd_leak.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "description": "Someone behind the IP address ip attempted to reset with a leaked password", 4 | "properties": { 5 | "$event_schema": { 6 | "description": "Event schema meta", 7 | "allOf": [ 8 | { 9 | "properties": { 10 | "version": { 11 | "type": "string" 12 | } 13 | }, 14 | "required": [ 15 | "version" 16 | ], 17 | "type": "object" 18 | } 19 | ] 20 | }, 21 | "client_id": { 22 | "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", 23 | "type": [ 24 | "string", 25 | "null" 26 | ] 27 | }, 28 | "client_name": { 29 | "description": "Client name associated with the client_id, when available. May be empty string.", 30 | "type": "string" 31 | }, 32 | "connection": { 33 | "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", 34 | "type": "string" 35 | }, 36 | "connection_id": { 37 | "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", 38 | "type": "string" 39 | }, 40 | "description": { 41 | "description": "Description of the event. This can also contain a description of the issue for failure logs.", 42 | "type": "string" 43 | }, 44 | "details": { 45 | "description": "Log details" 46 | }, 47 | "hostname": { 48 | "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", 49 | "type": "string" 50 | }, 51 | "identity_user_id": { 52 | "description": "ID for the user as reported by the IdP.", 53 | "type": "string" 54 | }, 55 | "ip": { 56 | "anyOf": [ 57 | { 58 | "format": "ipv4", 59 | "type": "string" 60 | }, 61 | { 62 | "format": "ipv6", 63 | "type": "string" 64 | } 65 | ], 66 | "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." 67 | }, 68 | "log_id": { 69 | "description": "Log id", 70 | "type": "string" 71 | }, 72 | "security_context": { 73 | "properties": { 74 | "ja3": { 75 | "description": "JA3 fingerprint. Could be undefined.", 76 | "type": "string" 77 | }, 78 | "ja4": { 79 | "description": "JA4 fingerprint. Could be undefined.", 80 | "type": "string" 81 | } 82 | }, 83 | "type": "object" 84 | }, 85 | "tenant_name": { 86 | "description": "Tenant name", 87 | "type": "string" 88 | }, 89 | "type": { 90 | "const": "reset_pwd_leak", 91 | "description": "Breached Password - Reset", 92 | "type": "string" 93 | }, 94 | "user_agent": { 95 | "description": "The user_agent behind this log, when available", 96 | "examples": [ 97 | "Chrome 120.0.0 / Mac OS X 10.15.7" 98 | ], 99 | "type": "string" 100 | }, 101 | "user_id": { 102 | "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", 103 | "type": "string" 104 | }, 105 | "user_name": { 106 | "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", 107 | "examples": [ 108 | [ 109 | "example@example.com", 110 | "+14155554321" 111 | ] 112 | ], 113 | "type": "string" 114 | } 115 | }, 116 | "required": [ 117 | "client_name", 118 | "description", 119 | "hostname", 120 | "ip", 121 | "log_id", 122 | "tenant_name", 123 | "type" 124 | ], 125 | "type": "object" 126 | } 127 | -------------------------------------------------------------------------------- /schemas/log-types/limit_wc.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "description": "An IP address is blocked because it reached the maximum failed login attempts into a single account.", 4 | "properties": { 5 | "$event_schema": { 6 | "description": "Event schema meta", 7 | "allOf": [ 8 | { 9 | "properties": { 10 | "version": { 11 | "type": "string" 12 | } 13 | }, 14 | "required": [ 15 | "version" 16 | ], 17 | "type": "object" 18 | } 19 | ] 20 | }, 21 | "client_id": { 22 | "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", 23 | "type": [ 24 | "string", 25 | "null" 26 | ] 27 | }, 28 | "client_name": { 29 | "description": "Client name associated with the client_id, when available. May be empty string.", 30 | "type": "string" 31 | }, 32 | "connection": { 33 | "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", 34 | "type": "string" 35 | }, 36 | "connection_id": { 37 | "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", 38 | "type": "string" 39 | }, 40 | "description": { 41 | "description": "Description of the event. This can also contain a description of the issue for failure logs.", 42 | "type": "string" 43 | }, 44 | "details": { 45 | "description": "Log details" 46 | }, 47 | "hostname": { 48 | "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", 49 | "type": "string" 50 | }, 51 | "identity_user_id": { 52 | "description": "ID for the user as reported by the IdP.", 53 | "type": "string" 54 | }, 55 | "ip": { 56 | "anyOf": [ 57 | { 58 | "format": "ipv4", 59 | "type": "string" 60 | }, 61 | { 62 | "format": "ipv6", 63 | "type": "string" 64 | } 65 | ], 66 | "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." 67 | }, 68 | "log_id": { 69 | "description": "Log id", 70 | "type": "string" 71 | }, 72 | "security_context": { 73 | "properties": { 74 | "ja3": { 75 | "description": "JA3 fingerprint. Could be undefined.", 76 | "type": "string" 77 | }, 78 | "ja4": { 79 | "description": "JA4 fingerprint. Could be undefined.", 80 | "type": "string" 81 | } 82 | }, 83 | "type": "object" 84 | }, 85 | "tenant_name": { 86 | "description": "Tenant name", 87 | "type": "string" 88 | }, 89 | "type": { 90 | "const": "limit_wc", 91 | "description": "Blocked Account - Failed Logins", 92 | "type": "string" 93 | }, 94 | "user_agent": { 95 | "description": "The user_agent behind this log, when available", 96 | "examples": [ 97 | "Chrome 120.0.0 / Mac OS X 10.15.7" 98 | ], 99 | "type": "string" 100 | }, 101 | "user_id": { 102 | "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", 103 | "type": "string" 104 | }, 105 | "user_name": { 106 | "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", 107 | "examples": [ 108 | [ 109 | "example@example.com", 110 | "+14155554321" 111 | ] 112 | ], 113 | "type": "string" 114 | } 115 | }, 116 | "required": [ 117 | "client_name", 118 | "description", 119 | "hostname", 120 | "ip", 121 | "log_id", 122 | "tenant_name", 123 | "type" 124 | ], 125 | "type": "object" 126 | } 127 | -------------------------------------------------------------------------------- /schemas/log-types/fpurh.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "description": "Failed Post User Registration Hook", 4 | "properties": { 5 | "$event_schema": { 6 | "description": "Event schema meta", 7 | "allOf": [ 8 | { 9 | "properties": { 10 | "version": { 11 | "type": "string" 12 | } 13 | }, 14 | "required": [ 15 | "version" 16 | ], 17 | "type": "object" 18 | } 19 | ] 20 | }, 21 | "client_id": { 22 | "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", 23 | "type": [ 24 | "string", 25 | "null" 26 | ] 27 | }, 28 | "client_name": { 29 | "description": "Client name associated with the client_id, when available. May be empty string.", 30 | "type": "string" 31 | }, 32 | "connection": { 33 | "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", 34 | "type": "string" 35 | }, 36 | "connection_id": { 37 | "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", 38 | "type": "string" 39 | }, 40 | "description": { 41 | "description": "Description of the event. This can also contain a description of the issue for failure logs.", 42 | "type": "string" 43 | }, 44 | "details": { 45 | "description": "Log details" 46 | }, 47 | "identity_user_id": { 48 | "description": "ID for the user as reported by the IdP.", 49 | "type": "string" 50 | }, 51 | "ip": { 52 | "anyOf": [ 53 | { 54 | "format": "ipv4", 55 | "type": "string" 56 | }, 57 | { 58 | "format": "ipv6", 59 | "type": "string" 60 | } 61 | ], 62 | "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." 63 | }, 64 | "log_id": { 65 | "description": "Log id", 66 | "type": "string" 67 | }, 68 | "strategy": { 69 | "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", 70 | "examples": [ 71 | [ 72 | "auth0", 73 | "waad", 74 | "oktawic", 75 | "google-oauth2" 76 | ] 77 | ], 78 | "type": "string" 79 | }, 80 | "strategy_type": { 81 | "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", 82 | "examples": [ 83 | [ 84 | "database", 85 | "social", 86 | "enterprise" 87 | ] 88 | ], 89 | "type": "string" 90 | }, 91 | "tenant_name": { 92 | "description": "Tenant name", 93 | "type": "string" 94 | }, 95 | "type": { 96 | "const": "fpurh", 97 | "description": "Failed Post User Registration Hook", 98 | "type": "string" 99 | }, 100 | "user_agent": { 101 | "description": "The user_agent behind this log, when available", 102 | "examples": [ 103 | "Chrome 120.0.0 / Mac OS X 10.15.7" 104 | ], 105 | "type": "string" 106 | }, 107 | "user_id": { 108 | "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", 109 | "type": "string" 110 | }, 111 | "user_name": { 112 | "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", 113 | "examples": [ 114 | [ 115 | "example@example.com", 116 | "+14155554321" 117 | ] 118 | ], 119 | "type": "string" 120 | } 121 | }, 122 | "required": [ 123 | "client_name", 124 | "description", 125 | "ip", 126 | "log_id", 127 | "strategy", 128 | "strategy_type", 129 | "tenant_name", 130 | "type" 131 | ], 132 | "type": "object" 133 | } 134 | -------------------------------------------------------------------------------- /schemas/log-types/limit_sul.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "description": "A user is temporarily prevented from logging in because they reached the maximum logins per time period from the same IP address", 4 | "properties": { 5 | "$event_schema": { 6 | "description": "Event schema meta", 7 | "allOf": [ 8 | { 9 | "properties": { 10 | "version": { 11 | "type": "string" 12 | } 13 | }, 14 | "required": [ 15 | "version" 16 | ], 17 | "type": "object" 18 | } 19 | ] 20 | }, 21 | "client_id": { 22 | "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", 23 | "type": [ 24 | "string", 25 | "null" 26 | ] 27 | }, 28 | "client_name": { 29 | "description": "Client name associated with the client_id, when available. May be empty string.", 30 | "type": "string" 31 | }, 32 | "connection": { 33 | "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", 34 | "type": "string" 35 | }, 36 | "connection_id": { 37 | "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", 38 | "type": "string" 39 | }, 40 | "description": { 41 | "description": "Description of the event. This can also contain a description of the issue for failure logs.", 42 | "type": "string" 43 | }, 44 | "details": { 45 | "description": "Log details" 46 | }, 47 | "hostname": { 48 | "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", 49 | "type": "string" 50 | }, 51 | "identity_user_id": { 52 | "description": "ID for the user as reported by the IdP.", 53 | "type": "string" 54 | }, 55 | "ip": { 56 | "anyOf": [ 57 | { 58 | "format": "ipv4", 59 | "type": "string" 60 | }, 61 | { 62 | "format": "ipv6", 63 | "type": "string" 64 | } 65 | ], 66 | "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." 67 | }, 68 | "log_id": { 69 | "description": "Log id", 70 | "type": "string" 71 | }, 72 | "security_context": { 73 | "properties": { 74 | "ja3": { 75 | "description": "JA3 fingerprint. Could be undefined.", 76 | "type": "string" 77 | }, 78 | "ja4": { 79 | "description": "JA4 fingerprint. Could be undefined.", 80 | "type": "string" 81 | } 82 | }, 83 | "type": "object" 84 | }, 85 | "tenant_name": { 86 | "description": "Tenant name", 87 | "type": "string" 88 | }, 89 | "type": { 90 | "const": "limit_sul", 91 | "description": "Blocked Account - Logins per IP", 92 | "type": "string" 93 | }, 94 | "user_agent": { 95 | "description": "The user_agent behind this log, when available", 96 | "examples": [ 97 | "Chrome 120.0.0 / Mac OS X 10.15.7" 98 | ], 99 | "type": "string" 100 | }, 101 | "user_id": { 102 | "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", 103 | "type": "string" 104 | }, 105 | "user_name": { 106 | "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", 107 | "examples": [ 108 | [ 109 | "example@example.com", 110 | "+14155554321" 111 | ] 112 | ], 113 | "type": "string" 114 | } 115 | }, 116 | "required": [ 117 | "client_name", 118 | "description", 119 | "hostname", 120 | "ip", 121 | "log_id", 122 | "tenant_name", 123 | "type" 124 | ], 125 | "type": "object" 126 | } 127 | -------------------------------------------------------------------------------- /schemas/log-types/limit_mu.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "description": "An IP address is blocked because it attempted too many failed logins without a successful login. Or an IP address is blocked because it attempted too many sign-ups, whether successful or failed.", 4 | "properties": { 5 | "$event_schema": { 6 | "description": "Event schema meta", 7 | "allOf": [ 8 | { 9 | "properties": { 10 | "version": { 11 | "type": "string" 12 | } 13 | }, 14 | "required": [ 15 | "version" 16 | ], 17 | "type": "object" 18 | } 19 | ] 20 | }, 21 | "client_id": { 22 | "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", 23 | "type": [ 24 | "string", 25 | "null" 26 | ] 27 | }, 28 | "client_name": { 29 | "description": "Client name associated with the client_id, when available. May be empty string.", 30 | "type": "string" 31 | }, 32 | "connection": { 33 | "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", 34 | "type": "string" 35 | }, 36 | "connection_id": { 37 | "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", 38 | "type": "string" 39 | }, 40 | "description": { 41 | "description": "Description of the event. This can also contain a description of the issue for failure logs.", 42 | "type": "string" 43 | }, 44 | "details": { 45 | "description": "Log details" 46 | }, 47 | "hostname": { 48 | "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", 49 | "type": "string" 50 | }, 51 | "identity_user_id": { 52 | "description": "ID for the user as reported by the IdP.", 53 | "type": "string" 54 | }, 55 | "ip": { 56 | "anyOf": [ 57 | { 58 | "format": "ipv4", 59 | "type": "string" 60 | }, 61 | { 62 | "format": "ipv6", 63 | "type": "string" 64 | } 65 | ], 66 | "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." 67 | }, 68 | "log_id": { 69 | "description": "Log id", 70 | "type": "string" 71 | }, 72 | "security_context": { 73 | "properties": { 74 | "ja3": { 75 | "description": "JA3 fingerprint. Could be undefined.", 76 | "type": "string" 77 | }, 78 | "ja4": { 79 | "description": "JA4 fingerprint. Could be undefined.", 80 | "type": "string" 81 | } 82 | }, 83 | "type": "object" 84 | }, 85 | "tenant_name": { 86 | "description": "Tenant name", 87 | "type": "string" 88 | }, 89 | "type": { 90 | "const": "limit_mu", 91 | "description": "Blocked Account - Too many attempts or signups", 92 | "type": "string" 93 | }, 94 | "user_agent": { 95 | "description": "The user_agent behind this log, when available", 96 | "examples": [ 97 | "Chrome 120.0.0 / Mac OS X 10.15.7" 98 | ], 99 | "type": "string" 100 | }, 101 | "user_id": { 102 | "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", 103 | "type": "string" 104 | }, 105 | "user_name": { 106 | "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", 107 | "examples": [ 108 | [ 109 | "example@example.com", 110 | "+14155554321" 111 | ] 112 | ], 113 | "type": "string" 114 | } 115 | }, 116 | "required": [ 117 | "client_name", 118 | "description", 119 | "hostname", 120 | "ip", 121 | "log_id", 122 | "tenant_name", 123 | "type" 124 | ], 125 | "type": "object" 126 | } 127 | -------------------------------------------------------------------------------- /schemas/log-types/acul_sdk_notice.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "description": "ACUL SDK Notification", 4 | "properties": { 5 | "$event_schema": { 6 | "description": "Event schema meta", 7 | "allOf": [ 8 | { 9 | "properties": { 10 | "version": { 11 | "type": "string" 12 | } 13 | }, 14 | "required": [ 15 | "version" 16 | ], 17 | "type": "object" 18 | } 19 | ] 20 | }, 21 | "auth0_client": { 22 | "anyOf": [ 23 | { 24 | "properties": { 25 | "env": { 26 | "type": "object" 27 | }, 28 | "name": { 29 | "type": "string" 30 | }, 31 | "version": { 32 | "type": "string" 33 | } 34 | }, 35 | "required": [ 36 | "name", 37 | "version" 38 | ], 39 | "type": "object" 40 | }, 41 | { 42 | "type": "object" 43 | }, 44 | { 45 | "items": {}, 46 | "type": "array" 47 | } 48 | ], 49 | "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." 50 | }, 51 | "client_id": { 52 | "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", 53 | "type": [ 54 | "string", 55 | "null" 56 | ] 57 | }, 58 | "client_name": { 59 | "description": "Client name associated with the client_id, when available. May be empty string.", 60 | "type": "string" 61 | }, 62 | "connection": { 63 | "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", 64 | "type": "string" 65 | }, 66 | "connection_id": { 67 | "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", 68 | "type": "string" 69 | }, 70 | "description": { 71 | "description": "Description of the event. This can also contain a description of the issue for failure logs.", 72 | "type": "string" 73 | }, 74 | "details": { 75 | "description": "Log details", 76 | "properties": { 77 | "documentation": { 78 | "type": "string" 79 | }, 80 | "id": { 81 | "enum": [ 82 | "acul-sdk-deprecation", 83 | "acul-sdk-unsupported", 84 | "acul-sdk-missing-version" 85 | ], 86 | "type": "string" 87 | }, 88 | "message": { 89 | "type": "string" 90 | }, 91 | "request": { 92 | "properties": { 93 | "path": { 94 | "type": "string" 95 | } 96 | }, 97 | "required": [ 98 | "path" 99 | ], 100 | "type": "object" 101 | }, 102 | "sdk_version": { 103 | "type": "string" 104 | } 105 | }, 106 | "required": [ 107 | "id", 108 | "request", 109 | "message", 110 | "documentation" 111 | ], 112 | "type": "object" 113 | }, 114 | "ip": { 115 | "anyOf": [ 116 | { 117 | "format": "ipv4", 118 | "type": "string" 119 | }, 120 | { 121 | "format": "ipv6", 122 | "type": "string" 123 | } 124 | ], 125 | "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." 126 | }, 127 | "log_id": { 128 | "description": "Log id", 129 | "type": "string" 130 | }, 131 | "tenant_name": { 132 | "description": "Tenant name", 133 | "type": "string" 134 | }, 135 | "type": { 136 | "const": "acul_sdk_notice", 137 | "description": "Advanced Customizations for Universal Login (ACUL) SDK event type", 138 | "type": "string" 139 | }, 140 | "user_agent": { 141 | "description": "The user_agent behind this log, when available", 142 | "examples": [ 143 | "Chrome 120.0.0 / Mac OS X 10.15.7" 144 | ], 145 | "type": "string" 146 | } 147 | }, 148 | "required": [ 149 | "client_name", 150 | "description", 151 | "details", 152 | "ip", 153 | "log_id", 154 | "tenant_name", 155 | "type" 156 | ], 157 | "type": "object" 158 | } 159 | -------------------------------------------------------------------------------- /schemas/log-types/fecte.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "description": "Failed Exchange via Custom Token Exchange", 4 | "properties": { 5 | "$event_schema": { 6 | "description": "Event schema meta", 7 | "allOf": [ 8 | { 9 | "properties": { 10 | "version": { 11 | "type": "string" 12 | } 13 | }, 14 | "required": [ 15 | "version" 16 | ], 17 | "type": "object" 18 | } 19 | ] 20 | }, 21 | "audience": { 22 | "description": "The audience in the JWT associated with the request.", 23 | "type": "string" 24 | }, 25 | "auth0_client": { 26 | "anyOf": [ 27 | { 28 | "properties": { 29 | "env": { 30 | "type": "object" 31 | }, 32 | "name": { 33 | "type": "string" 34 | }, 35 | "version": { 36 | "type": "string" 37 | } 38 | }, 39 | "required": [ 40 | "name", 41 | "version" 42 | ], 43 | "type": "object" 44 | }, 45 | { 46 | "type": "object" 47 | }, 48 | { 49 | "items": {}, 50 | "type": "array" 51 | } 52 | ], 53 | "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." 54 | }, 55 | "client_id": { 56 | "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", 57 | "type": [ 58 | "string", 59 | "null" 60 | ] 61 | }, 62 | "client_name": { 63 | "description": "Client name associated with the client_id, when available. May be empty string.", 64 | "type": "string" 65 | }, 66 | "description": { 67 | "description": "Description of the event. This can also contain a description of the issue for failure logs.", 68 | "type": "string" 69 | }, 70 | "details": { 71 | "description": "Log details", 72 | "properties": { 73 | "subject_token_type": { 74 | "type": "string" 75 | } 76 | }, 77 | "required": [ 78 | "subject_token_type" 79 | ], 80 | "type": "object" 81 | }, 82 | "hostname": { 83 | "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", 84 | "type": "string" 85 | }, 86 | "ip": { 87 | "anyOf": [ 88 | { 89 | "format": "ipv4", 90 | "type": "string" 91 | }, 92 | { 93 | "format": "ipv6", 94 | "type": "string" 95 | } 96 | ], 97 | "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." 98 | }, 99 | "log_id": { 100 | "description": "Log id", 101 | "type": "string" 102 | }, 103 | "scope": { 104 | "anyOf": [ 105 | { 106 | "items": { 107 | "type": "string" 108 | }, 109 | "type": "array" 110 | }, 111 | { 112 | "type": "string" 113 | } 114 | ], 115 | "description": "List of scopes in the JWT, either as an array like `[\"read:logs\",\"read:users\"]` or a space-separated list of scopes like `read:logs read:users delete:clients`" 116 | }, 117 | "security_context": { 118 | "properties": { 119 | "ja3": { 120 | "description": "JA3 fingerprint. Could be undefined.", 121 | "type": "string" 122 | }, 123 | "ja4": { 124 | "description": "JA4 fingerprint. Could be undefined.", 125 | "type": "string" 126 | } 127 | }, 128 | "type": "object" 129 | }, 130 | "tenant_name": { 131 | "description": "Tenant name", 132 | "type": "string" 133 | }, 134 | "type": { 135 | "const": "fecte", 136 | "description": "Failed Exchange via Custom Token Exchange", 137 | "type": "string" 138 | }, 139 | "user_agent": { 140 | "description": "The user_agent behind this log, when available", 141 | "examples": [ 142 | "Chrome 120.0.0 / Mac OS X 10.15.7" 143 | ], 144 | "type": "string" 145 | } 146 | }, 147 | "required": [ 148 | "audience", 149 | "client_name", 150 | "description", 151 | "details", 152 | "hostname", 153 | "ip", 154 | "log_id", 155 | "tenant_name", 156 | "type" 157 | ], 158 | "type": "object" 159 | } 160 | -------------------------------------------------------------------------------- /schemas/log-types/organization_member_added.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "description": "Organization Member Added Operation", 4 | "properties": { 5 | "$event_schema": { 6 | "description": "Event schema meta", 7 | "allOf": [ 8 | { 9 | "properties": { 10 | "version": { 11 | "type": "string" 12 | } 13 | }, 14 | "required": [ 15 | "version" 16 | ], 17 | "type": "object" 18 | } 19 | ] 20 | }, 21 | "client_id": { 22 | "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", 23 | "type": [ 24 | "string", 25 | "null" 26 | ] 27 | }, 28 | "client_name": { 29 | "description": "Client name associated with the client_id, when available. May be empty string.", 30 | "type": "string" 31 | }, 32 | "connection": { 33 | "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", 34 | "type": "string" 35 | }, 36 | "connection_id": { 37 | "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", 38 | "type": "string" 39 | }, 40 | "description": { 41 | "description": "Description of the event. This can also contain a description of the issue for failure logs.", 42 | "type": "string" 43 | }, 44 | "details": { 45 | "description": "Log details", 46 | "properties": { 47 | "reason": { 48 | "enum": [ 49 | "invitation", 50 | "auto_membership" 51 | ], 52 | "type": "string" 53 | } 54 | }, 55 | "required": [ 56 | "reason" 57 | ], 58 | "type": "object" 59 | }, 60 | "hostname": { 61 | "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", 62 | "type": "string" 63 | }, 64 | "identity_user_id": { 65 | "description": "ID for the user as reported by the IdP.", 66 | "type": "string" 67 | }, 68 | "ip": { 69 | "anyOf": [ 70 | { 71 | "format": "ipv4", 72 | "type": "string" 73 | }, 74 | { 75 | "format": "ipv6", 76 | "type": "string" 77 | } 78 | ], 79 | "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." 80 | }, 81 | "log_id": { 82 | "description": "Log id", 83 | "type": "string" 84 | }, 85 | "organization_id": { 86 | "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.", 87 | "type": "string" 88 | }, 89 | "organization_name": { 90 | "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.", 91 | "type": "string" 92 | }, 93 | "tenant_name": { 94 | "description": "Tenant name", 95 | "type": "string" 96 | }, 97 | "type": { 98 | "const": "organization_member_added", 99 | "description": "Organization Member Added Operation *", 100 | "type": "string" 101 | }, 102 | "user_agent": { 103 | "description": "The user_agent behind this log, when available", 104 | "examples": [ 105 | "Chrome 120.0.0 / Mac OS X 10.15.7" 106 | ], 107 | "type": "string" 108 | }, 109 | "user_id": { 110 | "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", 111 | "type": "string" 112 | }, 113 | "user_name": { 114 | "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", 115 | "examples": [ 116 | [ 117 | "example@example.com", 118 | "+14155554321" 119 | ] 120 | ], 121 | "type": "string" 122 | } 123 | }, 124 | "required": [ 125 | "client_name", 126 | "description", 127 | "details", 128 | "hostname", 129 | "ip", 130 | "log_id", 131 | "tenant_name", 132 | "type" 133 | ], 134 | "type": "object" 135 | } 136 | -------------------------------------------------------------------------------- /schemas/log-types/fede.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "description": "Failed to exchange Device Code for Access Token", 4 | "properties": { 5 | "$event_schema": { 6 | "description": "Event schema meta", 7 | "allOf": [ 8 | { 9 | "properties": { 10 | "version": { 11 | "type": "string" 12 | } 13 | }, 14 | "required": [ 15 | "version" 16 | ], 17 | "type": "object" 18 | } 19 | ] 20 | }, 21 | "client_id": { 22 | "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", 23 | "type": [ 24 | "string", 25 | "null" 26 | ] 27 | }, 28 | "client_ip": { 29 | "anyOf": [ 30 | { 31 | "format": "ipv4", 32 | "type": "string" 33 | }, 34 | { 35 | "format": "ipv6", 36 | "type": "string" 37 | } 38 | ], 39 | "description": "The IP from which we got the request. Note that this does not follow forwarded-for headers unlike the `ip` field which aims at describing the IP of the end user." 40 | }, 41 | "client_name": { 42 | "description": "Client name associated with the client_id, when available. May be empty string.", 43 | "type": "string" 44 | }, 45 | "connection": { 46 | "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", 47 | "type": "string" 48 | }, 49 | "connection_id": { 50 | "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", 51 | "type": "string" 52 | }, 53 | "description": { 54 | "description": "Description of the event. This can also contain a description of the issue for failure logs.", 55 | "type": "string" 56 | }, 57 | "details": { 58 | "description": "Log details" 59 | }, 60 | "hostname": { 61 | "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", 62 | "type": "string" 63 | }, 64 | "identity_user_id": { 65 | "description": "ID for the user as reported by the IdP.", 66 | "type": "string" 67 | }, 68 | "ip": { 69 | "anyOf": [ 70 | { 71 | "format": "ipv4", 72 | "type": "string" 73 | }, 74 | { 75 | "format": "ipv6", 76 | "type": "string" 77 | } 78 | ], 79 | "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." 80 | }, 81 | "log_id": { 82 | "description": "Log id", 83 | "type": "string" 84 | }, 85 | "security_context": { 86 | "properties": { 87 | "ja3": { 88 | "description": "JA3 fingerprint. Could be undefined.", 89 | "type": "string" 90 | }, 91 | "ja4": { 92 | "description": "JA4 fingerprint. Could be undefined.", 93 | "type": "string" 94 | } 95 | }, 96 | "type": "object" 97 | }, 98 | "tenant_name": { 99 | "description": "Tenant name", 100 | "type": "string" 101 | }, 102 | "type": { 103 | "const": "fede", 104 | "description": "Failed Exchange of Device Code for Access Token", 105 | "type": "string" 106 | }, 107 | "user_agent": { 108 | "description": "The user_agent behind this log, when available", 109 | "examples": [ 110 | "Chrome 120.0.0 / Mac OS X 10.15.7" 111 | ], 112 | "type": "string" 113 | }, 114 | "user_id": { 115 | "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", 116 | "type": "string" 117 | }, 118 | "user_name": { 119 | "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", 120 | "examples": [ 121 | [ 122 | "example@example.com", 123 | "+14155554321" 124 | ] 125 | ], 126 | "type": "string" 127 | } 128 | }, 129 | "required": [ 130 | "client_name", 131 | "description", 132 | "hostname", 133 | "ip", 134 | "log_id", 135 | "tenant_name", 136 | "type" 137 | ], 138 | "type": "object" 139 | } 140 | -------------------------------------------------------------------------------- /schemas/log-types/scp.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "description": "Successful Change Password", 4 | "properties": { 5 | "$event_schema": { 6 | "description": "Event schema meta", 7 | "allOf": [ 8 | { 9 | "properties": { 10 | "version": { 11 | "type": "string" 12 | } 13 | }, 14 | "required": [ 15 | "version" 16 | ], 17 | "type": "object" 18 | } 19 | ] 20 | }, 21 | "client_id": { 22 | "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", 23 | "type": [ 24 | "string", 25 | "null" 26 | ] 27 | }, 28 | "client_name": { 29 | "description": "Client name associated with the client_id, when available. May be empty string.", 30 | "type": "string" 31 | }, 32 | "connection": { 33 | "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", 34 | "type": "string" 35 | }, 36 | "connection_id": { 37 | "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", 38 | "type": "string" 39 | }, 40 | "description": { 41 | "description": "Description of the event. This can also contain a description of the issue for failure logs.", 42 | "type": "string" 43 | }, 44 | "details": { 45 | "description": "Log details", 46 | "properties": { 47 | "body": { 48 | "type": "object" 49 | }, 50 | "email": { 51 | "type": "string" 52 | }, 53 | "query": { 54 | "type": "object" 55 | }, 56 | "title": { 57 | "type": "string" 58 | } 59 | }, 60 | "required": [ 61 | "body" 62 | ], 63 | "type": "object" 64 | }, 65 | "identity_user_id": { 66 | "description": "ID for the user as reported by the IdP.", 67 | "type": "string" 68 | }, 69 | "ip": { 70 | "anyOf": [ 71 | { 72 | "format": "ipv4", 73 | "type": "string" 74 | }, 75 | { 76 | "format": "ipv6", 77 | "type": "string" 78 | } 79 | ], 80 | "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." 81 | }, 82 | "log_id": { 83 | "description": "Log id", 84 | "type": "string" 85 | }, 86 | "strategy": { 87 | "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", 88 | "examples": [ 89 | [ 90 | "auth0", 91 | "waad", 92 | "oktawic", 93 | "google-oauth2" 94 | ] 95 | ], 96 | "type": "string" 97 | }, 98 | "strategy_type": { 99 | "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", 100 | "examples": [ 101 | [ 102 | "database", 103 | "social", 104 | "enterprise" 105 | ] 106 | ], 107 | "type": "string" 108 | }, 109 | "tenant_name": { 110 | "description": "Tenant name", 111 | "type": "string" 112 | }, 113 | "type": { 114 | "const": "scp", 115 | "description": "Successful Change Password", 116 | "type": "string" 117 | }, 118 | "user_agent": { 119 | "description": "The user_agent behind this log, when available", 120 | "examples": [ 121 | "Chrome 120.0.0 / Mac OS X 10.15.7" 122 | ], 123 | "type": "string" 124 | }, 125 | "user_id": { 126 | "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", 127 | "type": "string" 128 | }, 129 | "user_name": { 130 | "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", 131 | "examples": [ 132 | [ 133 | "example@example.com", 134 | "+14155554321" 135 | ] 136 | ], 137 | "type": "string" 138 | } 139 | }, 140 | "required": [ 141 | "client_name", 142 | "description", 143 | "details", 144 | "ip", 145 | "log_id", 146 | "strategy", 147 | "strategy_type", 148 | "tenant_name", 149 | "type" 150 | ], 151 | "type": "object" 152 | } 153 | -------------------------------------------------------------------------------- /schemas/log-types/appi.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "description": "API Peak Performance Rate is initiated", 4 | "properties": { 5 | "$event_schema": { 6 | "description": "Event schema meta", 7 | "allOf": [ 8 | { 9 | "properties": { 10 | "version": { 11 | "type": "string" 12 | } 13 | }, 14 | "required": [ 15 | "version" 16 | ], 17 | "type": "object" 18 | } 19 | ] 20 | }, 21 | "auth0_client": { 22 | "anyOf": [ 23 | { 24 | "properties": { 25 | "env": { 26 | "type": "object" 27 | }, 28 | "name": { 29 | "type": "string" 30 | }, 31 | "version": { 32 | "type": "string" 33 | } 34 | }, 35 | "required": [ 36 | "name", 37 | "version" 38 | ], 39 | "type": "object" 40 | }, 41 | { 42 | "type": "object" 43 | }, 44 | { 45 | "items": {}, 46 | "type": "array" 47 | } 48 | ], 49 | "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." 50 | }, 51 | "client_id": { 52 | "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", 53 | "type": [ 54 | "string", 55 | "null" 56 | ] 57 | }, 58 | "client_name": { 59 | "description": "Client name associated with the client_id, when available. May be empty string.", 60 | "type": "string" 61 | }, 62 | "connection": { 63 | "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", 64 | "type": "string" 65 | }, 66 | "connection_id": { 67 | "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", 68 | "type": "string" 69 | }, 70 | "description": { 71 | "description": "Description of the event. This can also contain a description of the issue for failure logs.", 72 | "type": "string" 73 | }, 74 | "details": { 75 | "description": "Log details", 76 | "properties": { 77 | "docs": { 78 | "type": "string" 79 | }, 80 | "request": { 81 | "properties": { 82 | "method": { 83 | "type": "string" 84 | }, 85 | "path": { 86 | "type": "string" 87 | } 88 | }, 89 | "type": "object" 90 | }, 91 | "response": { 92 | "type": "string" 93 | }, 94 | "total_hours_allocated": { 95 | "type": "number" 96 | }, 97 | "total_hours_consumed": { 98 | "type": "number" 99 | }, 100 | "total_hours_remaining": { 101 | "type": "number" 102 | } 103 | }, 104 | "required": [ 105 | "total_hours_allocated", 106 | "total_hours_consumed", 107 | "total_hours_remaining", 108 | "docs" 109 | ], 110 | "type": "object" 111 | }, 112 | "identity_user_id": { 113 | "description": "ID for the user as reported by the IdP.", 114 | "type": "string" 115 | }, 116 | "log_id": { 117 | "description": "Log id", 118 | "type": "string" 119 | }, 120 | "tenant_name": { 121 | "description": "Tenant name", 122 | "type": "string" 123 | }, 124 | "type": { 125 | "const": "appi", 126 | "description": "Notice for API Peak Performance Initiated", 127 | "type": "string" 128 | }, 129 | "user_agent": { 130 | "description": "The user_agent behind this log, when available", 131 | "examples": [ 132 | "Chrome 120.0.0 / Mac OS X 10.15.7" 133 | ], 134 | "type": "string" 135 | }, 136 | "user_id": { 137 | "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", 138 | "type": "string" 139 | }, 140 | "user_name": { 141 | "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", 142 | "examples": [ 143 | [ 144 | "example@example.com", 145 | "+14155554321" 146 | ] 147 | ], 148 | "type": "string" 149 | } 150 | }, 151 | "required": [ 152 | "client_name", 153 | "description", 154 | "details", 155 | "log_id", 156 | "tenant_name", 157 | "type" 158 | ], 159 | "type": "object" 160 | } 161 | -------------------------------------------------------------------------------- /schemas/log-types/ublkdu.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "description": "User block setup by anomaly detection has been released", 4 | "properties": { 5 | "$event_schema": { 6 | "description": "Event schema meta", 7 | "allOf": [ 8 | { 9 | "properties": { 10 | "version": { 11 | "type": "string" 12 | } 13 | }, 14 | "required": [ 15 | "version" 16 | ], 17 | "type": "object" 18 | } 19 | ] 20 | }, 21 | "client_id": { 22 | "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", 23 | "type": [ 24 | "string", 25 | "null" 26 | ] 27 | }, 28 | "client_name": { 29 | "description": "Client name associated with the client_id, when available. May be empty string.", 30 | "type": "string" 31 | }, 32 | "connection": { 33 | "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", 34 | "type": "string" 35 | }, 36 | "connection_id": { 37 | "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", 38 | "type": "string" 39 | }, 40 | "description": { 41 | "description": "Description of the event. This can also contain a description of the issue for failure logs.", 42 | "type": "string" 43 | }, 44 | "details": { 45 | "description": "Log details", 46 | "properties": { 47 | "email": { 48 | "type": "string" 49 | }, 50 | "query": { 51 | "type": "object" 52 | }, 53 | "request": { 54 | "type": "object" 55 | }, 56 | "response": { 57 | "type": "object" 58 | }, 59 | "title": { 60 | "type": "string" 61 | } 62 | }, 63 | "type": "object" 64 | }, 65 | "identity_user_id": { 66 | "description": "ID for the user as reported by the IdP.", 67 | "type": "string" 68 | }, 69 | "ip": { 70 | "anyOf": [ 71 | { 72 | "format": "ipv4", 73 | "type": "string" 74 | }, 75 | { 76 | "format": "ipv6", 77 | "type": "string" 78 | } 79 | ], 80 | "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." 81 | }, 82 | "log_id": { 83 | "description": "Log id", 84 | "type": "string" 85 | }, 86 | "strategy": { 87 | "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", 88 | "examples": [ 89 | [ 90 | "auth0", 91 | "waad", 92 | "oktawic", 93 | "google-oauth2" 94 | ] 95 | ], 96 | "type": "string" 97 | }, 98 | "strategy_type": { 99 | "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", 100 | "examples": [ 101 | [ 102 | "database", 103 | "social", 104 | "enterprise" 105 | ] 106 | ], 107 | "type": "string" 108 | }, 109 | "tenant_name": { 110 | "description": "Tenant name", 111 | "type": "string" 112 | }, 113 | "type": { 114 | "const": "ublkdu", 115 | "description": "User login block released", 116 | "type": "string" 117 | }, 118 | "user_agent": { 119 | "description": "The user_agent behind this log, when available", 120 | "examples": [ 121 | "Chrome 120.0.0 / Mac OS X 10.15.7" 122 | ], 123 | "type": "string" 124 | }, 125 | "user_id": { 126 | "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", 127 | "type": "string" 128 | }, 129 | "user_name": { 130 | "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", 131 | "examples": [ 132 | [ 133 | "example@example.com", 134 | "+14155554321" 135 | ] 136 | ], 137 | "type": "string" 138 | } 139 | }, 140 | "required": [ 141 | "client_name", 142 | "description", 143 | "details", 144 | "ip", 145 | "log_id", 146 | "strategy", 147 | "strategy_type", 148 | "tenant_name", 149 | "type" 150 | ], 151 | "type": "object" 152 | } 153 | -------------------------------------------------------------------------------- /schemas/log-types/sapi.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "description": "Successful API Operation Only emitted by the Management API on POST, DELETE, PATCH, and PUT", 4 | "properties": { 5 | "$event_schema": { 6 | "description": "Event schema meta", 7 | "allOf": [ 8 | { 9 | "properties": { 10 | "version": { 11 | "type": "string" 12 | } 13 | }, 14 | "required": [ 15 | "version" 16 | ], 17 | "type": "object" 18 | } 19 | ] 20 | }, 21 | "auth0_client": { 22 | "anyOf": [ 23 | { 24 | "properties": { 25 | "env": { 26 | "type": "object" 27 | }, 28 | "name": { 29 | "type": "string" 30 | }, 31 | "version": { 32 | "type": "string" 33 | } 34 | }, 35 | "required": [ 36 | "name", 37 | "version" 38 | ], 39 | "type": "object" 40 | }, 41 | { 42 | "type": "object" 43 | }, 44 | { 45 | "items": {}, 46 | "type": "array" 47 | } 48 | ], 49 | "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." 50 | }, 51 | "client_id": { 52 | "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", 53 | "type": [ 54 | "string", 55 | "null" 56 | ] 57 | }, 58 | "client_name": { 59 | "description": "Client name associated with the client_id, when available. May be empty string.", 60 | "type": "string" 61 | }, 62 | "description": { 63 | "description": "Description of the event. This can also contain a description of the issue for failure logs.", 64 | "type": "string" 65 | }, 66 | "details": { 67 | "description": "Log details", 68 | "properties": { 69 | "accessedSecrets": { 70 | "items": { 71 | "type": "string" 72 | }, 73 | "type": "array" 74 | }, 75 | "request": { 76 | "type": "object" 77 | }, 78 | "response": { 79 | "type": "object" 80 | } 81 | }, 82 | "required": [ 83 | "request", 84 | "response" 85 | ], 86 | "type": "object" 87 | }, 88 | "identity_user_id": { 89 | "description": "ID for the user as reported by the IdP.", 90 | "type": "string" 91 | }, 92 | "ip": { 93 | "anyOf": [ 94 | { 95 | "format": "ipv4", 96 | "type": "string" 97 | }, 98 | { 99 | "format": "ipv6", 100 | "type": "string" 101 | } 102 | ], 103 | "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." 104 | }, 105 | "log_id": { 106 | "description": "Log id", 107 | "type": "string" 108 | }, 109 | "references": { 110 | "description": "Content of the `x-correlation-id` header associated with the management API call, if the feature is enabled", 111 | "properties": { 112 | "correlation_id": { 113 | "maxLength": 64, 114 | "type": "string" 115 | } 116 | }, 117 | "required": [ 118 | "correlation_id" 119 | ], 120 | "type": "object" 121 | }, 122 | "tenant_name": { 123 | "description": "Tenant name", 124 | "type": "string" 125 | }, 126 | "type": { 127 | "const": "sapi", 128 | "description": "Successful API Operation", 129 | "type": "string" 130 | }, 131 | "user_agent": { 132 | "description": "The user_agent behind this log, when available", 133 | "examples": [ 134 | "Chrome 120.0.0 / Mac OS X 10.15.7" 135 | ], 136 | "type": "string" 137 | }, 138 | "user_id": { 139 | "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", 140 | "type": "string" 141 | }, 142 | "user_name": { 143 | "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", 144 | "examples": [ 145 | [ 146 | "example@example.com", 147 | "+14155554321" 148 | ] 149 | ], 150 | "type": "string" 151 | } 152 | }, 153 | "required": [ 154 | "client_name", 155 | "description", 156 | "details", 157 | "ip", 158 | "log_id", 159 | "tenant_name", 160 | "type" 161 | ], 162 | "type": "object" 163 | } 164 | -------------------------------------------------------------------------------- /schemas/log-types/ciba_exchange_succeeded.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "description": "Successful CIBA Exchange", 4 | "properties": { 5 | "$event_schema": { 6 | "description": "Event schema meta", 7 | "allOf": [ 8 | { 9 | "properties": { 10 | "version": { 11 | "type": "string" 12 | } 13 | }, 14 | "required": [ 15 | "version" 16 | ], 17 | "type": "object" 18 | } 19 | ] 20 | }, 21 | "auth0_client": { 22 | "anyOf": [ 23 | { 24 | "properties": { 25 | "env": { 26 | "type": "object" 27 | }, 28 | "name": { 29 | "type": "string" 30 | }, 31 | "version": { 32 | "type": "string" 33 | } 34 | }, 35 | "required": [ 36 | "name", 37 | "version" 38 | ], 39 | "type": "object" 40 | }, 41 | { 42 | "type": "object" 43 | }, 44 | { 45 | "items": {}, 46 | "type": "array" 47 | } 48 | ], 49 | "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." 50 | }, 51 | "client_id": { 52 | "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", 53 | "type": [ 54 | "string", 55 | "null" 56 | ] 57 | }, 58 | "client_name": { 59 | "description": "Client name associated with the client_id, when available. May be empty string.", 60 | "type": "string" 61 | }, 62 | "description": { 63 | "description": "Description of the event. This can also contain a description of the issue for failure logs.", 64 | "type": "string" 65 | }, 66 | "details": { 67 | "description": "Log details", 68 | "properties": { 69 | "transaction_linking_id": { 70 | "description": "Reflects the ID of the consent record linked to this CIBA flow. Can be used at the /rich-consents/:id endpoint to retrieve the consent record.", 71 | "pattern": "^cns_[A-Za-z0-9-_]{22}$", 72 | "type": "string" 73 | } 74 | }, 75 | "type": "object" 76 | }, 77 | "hostname": { 78 | "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", 79 | "type": "string" 80 | }, 81 | "identity_user_id": { 82 | "description": "ID for the user as reported by the IdP.", 83 | "type": "string" 84 | }, 85 | "ip": { 86 | "anyOf": [ 87 | { 88 | "format": "ipv4", 89 | "type": "string" 90 | }, 91 | { 92 | "format": "ipv6", 93 | "type": "string" 94 | } 95 | ], 96 | "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." 97 | }, 98 | "log_id": { 99 | "description": "Log id", 100 | "type": "string" 101 | }, 102 | "mtls_thumbprint_sha256": { 103 | "description": "Representation of the client certificate used to authenticate the client as per RFC 8705 section 3.1. Only included in authorization and token exchanges using mtls as a client authentication method.", 104 | "type": "string" 105 | }, 106 | "tenant_name": { 107 | "description": "Tenant name", 108 | "type": "string" 109 | }, 110 | "type": { 111 | "const": "ciba_exchange_succeeded", 112 | "description": "Successful CIBA Exchange", 113 | "type": "string" 114 | }, 115 | "user_agent": { 116 | "description": "The user_agent behind this log, when available", 117 | "examples": [ 118 | "Chrome 120.0.0 / Mac OS X 10.15.7" 119 | ], 120 | "type": "string" 121 | }, 122 | "user_id": { 123 | "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", 124 | "type": "string" 125 | }, 126 | "user_name": { 127 | "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", 128 | "examples": [ 129 | [ 130 | "example@example.com", 131 | "+14155554321" 132 | ] 133 | ], 134 | "type": "string" 135 | } 136 | }, 137 | "required": [ 138 | "client_name", 139 | "description", 140 | "details", 141 | "hostname", 142 | "ip", 143 | "log_id", 144 | "tenant_name", 145 | "type" 146 | ], 147 | "type": "object" 148 | } 149 | -------------------------------------------------------------------------------- /schemas/log-types/fce.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "description": "Failed to change user email", 4 | "properties": { 5 | "$event_schema": { 6 | "description": "Event schema meta", 7 | "allOf": [ 8 | { 9 | "properties": { 10 | "version": { 11 | "type": "string" 12 | } 13 | }, 14 | "required": [ 15 | "version" 16 | ], 17 | "type": "object" 18 | } 19 | ] 20 | }, 21 | "client_id": { 22 | "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", 23 | "type": [ 24 | "string", 25 | "null" 26 | ] 27 | }, 28 | "client_name": { 29 | "description": "Client name associated with the client_id, when available. May be empty string.", 30 | "type": "string" 31 | }, 32 | "connection": { 33 | "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", 34 | "type": "string" 35 | }, 36 | "connection_id": { 37 | "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", 38 | "type": "string" 39 | }, 40 | "description": { 41 | "description": "Description of the event. This can also contain a description of the issue for failure logs.", 42 | "type": "string" 43 | }, 44 | "details": { 45 | "description": "Log details", 46 | "properties": { 47 | "body": { 48 | "properties": { 49 | "client_id": { 50 | "type": "string" 51 | }, 52 | "connection": { 53 | "type": "string" 54 | }, 55 | "email": { 56 | "type": "string" 57 | }, 58 | "email_verified": { 59 | "type": "boolean" 60 | }, 61 | "newEmail": { 62 | "type": "string" 63 | }, 64 | "tenant": { 65 | "type": "string" 66 | }, 67 | "user_id": { 68 | "type": "string" 69 | }, 70 | "verify": { 71 | "type": "boolean" 72 | } 73 | }, 74 | "required": [ 75 | "client_id", 76 | "connection", 77 | "email", 78 | "email_verified", 79 | "newEmail", 80 | "tenant", 81 | "user_id", 82 | "verify" 83 | ], 84 | "type": "object" 85 | } 86 | }, 87 | "required": [ 88 | "body" 89 | ], 90 | "type": "object" 91 | }, 92 | "identity_user_id": { 93 | "description": "ID for the user as reported by the IdP.", 94 | "type": "string" 95 | }, 96 | "log_id": { 97 | "description": "Log id", 98 | "type": "string" 99 | }, 100 | "strategy": { 101 | "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", 102 | "examples": [ 103 | [ 104 | "auth0", 105 | "waad", 106 | "oktawic", 107 | "google-oauth2" 108 | ] 109 | ], 110 | "type": "string" 111 | }, 112 | "strategy_type": { 113 | "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", 114 | "examples": [ 115 | [ 116 | "database", 117 | "social", 118 | "enterprise" 119 | ] 120 | ], 121 | "type": "string" 122 | }, 123 | "tenant_name": { 124 | "description": "Tenant name", 125 | "type": "string" 126 | }, 127 | "type": { 128 | "const": "fce", 129 | "description": "Failed Change Email", 130 | "type": "string" 131 | }, 132 | "user_agent": { 133 | "description": "The user_agent behind this log, when available", 134 | "examples": [ 135 | "Chrome 120.0.0 / Mac OS X 10.15.7" 136 | ], 137 | "type": "string" 138 | }, 139 | "user_id": { 140 | "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", 141 | "type": "string" 142 | }, 143 | "user_name": { 144 | "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", 145 | "examples": [ 146 | [ 147 | "example@example.com", 148 | "+14155554321" 149 | ] 150 | ], 151 | "type": "string" 152 | } 153 | }, 154 | "required": [ 155 | "client_name", 156 | "description", 157 | "details", 158 | "log_id", 159 | "strategy", 160 | "strategy_type", 161 | "tenant_name", 162 | "type" 163 | ], 164 | "type": "object" 165 | } 166 | -------------------------------------------------------------------------------- /schemas/log-types/fcph.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "description": "Failed Post Change Password Hook", 4 | "properties": { 5 | "$event_schema": { 6 | "description": "Event schema meta", 7 | "allOf": [ 8 | { 9 | "properties": { 10 | "version": { 11 | "type": "string" 12 | } 13 | }, 14 | "required": [ 15 | "version" 16 | ], 17 | "type": "object" 18 | } 19 | ] 20 | }, 21 | "client_id": { 22 | "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", 23 | "type": [ 24 | "string", 25 | "null" 26 | ] 27 | }, 28 | "client_name": { 29 | "description": "Client name associated with the client_id, when available. May be empty string.", 30 | "type": "string" 31 | }, 32 | "connection": { 33 | "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", 34 | "type": "string" 35 | }, 36 | "connection_id": { 37 | "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", 38 | "type": "string" 39 | }, 40 | "description": { 41 | "description": "Description of the event. This can also contain a description of the issue for failure logs.", 42 | "type": "string" 43 | }, 44 | "details": { 45 | "description": "Log details", 46 | "properties": { 47 | "actions": { 48 | "properties": { 49 | "executions": { 50 | "description": "List of executions triggered by this auth flow. Executions can be retrieved with https://auth0.com/docs/api/management/v2/actions/get-execution", 51 | "items": { 52 | "type": "string" 53 | }, 54 | "type": "array" 55 | } 56 | }, 57 | "required": [ 58 | "executions" 59 | ], 60 | "type": "object" 61 | } 62 | }, 63 | "required": [ 64 | "actions" 65 | ], 66 | "type": "object" 67 | }, 68 | "identity_user_id": { 69 | "description": "ID for the user as reported by the IdP.", 70 | "type": "string" 71 | }, 72 | "ip": { 73 | "anyOf": [ 74 | { 75 | "format": "ipv4", 76 | "type": "string" 77 | }, 78 | { 79 | "format": "ipv6", 80 | "type": "string" 81 | } 82 | ], 83 | "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." 84 | }, 85 | "log_id": { 86 | "description": "Log id", 87 | "type": "string" 88 | }, 89 | "strategy": { 90 | "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", 91 | "examples": [ 92 | [ 93 | "auth0", 94 | "waad", 95 | "oktawic", 96 | "google-oauth2" 97 | ] 98 | ], 99 | "type": "string" 100 | }, 101 | "strategy_type": { 102 | "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", 103 | "examples": [ 104 | [ 105 | "database", 106 | "social", 107 | "enterprise" 108 | ] 109 | ], 110 | "type": "string" 111 | }, 112 | "tenant_name": { 113 | "description": "Tenant name", 114 | "type": "string" 115 | }, 116 | "type": { 117 | "const": "fcph", 118 | "description": "Failed Post Change Password Hook", 119 | "type": "string" 120 | }, 121 | "user_agent": { 122 | "description": "The user_agent behind this log, when available", 123 | "examples": [ 124 | "Chrome 120.0.0 / Mac OS X 10.15.7" 125 | ], 126 | "type": "string" 127 | }, 128 | "user_id": { 129 | "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", 130 | "type": "string" 131 | }, 132 | "user_name": { 133 | "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", 134 | "examples": [ 135 | [ 136 | "example@example.com", 137 | "+14155554321" 138 | ] 139 | ], 140 | "type": "string" 141 | } 142 | }, 143 | "required": [ 144 | "client_name", 145 | "description", 146 | "ip", 147 | "log_id", 148 | "strategy", 149 | "strategy_type", 150 | "tenant_name", 151 | "type" 152 | ], 153 | "type": "object" 154 | } 155 | -------------------------------------------------------------------------------- /schemas/log-types/ciba_exchange_failed.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "description": "Failed CIBA Exchange", 4 | "properties": { 5 | "$event_schema": { 6 | "description": "Event schema meta", 7 | "allOf": [ 8 | { 9 | "properties": { 10 | "version": { 11 | "type": "string" 12 | } 13 | }, 14 | "required": [ 15 | "version" 16 | ], 17 | "type": "object" 18 | } 19 | ] 20 | }, 21 | "auth0_client": { 22 | "anyOf": [ 23 | { 24 | "properties": { 25 | "env": { 26 | "type": "object" 27 | }, 28 | "name": { 29 | "type": "string" 30 | }, 31 | "version": { 32 | "type": "string" 33 | } 34 | }, 35 | "required": [ 36 | "name", 37 | "version" 38 | ], 39 | "type": "object" 40 | }, 41 | { 42 | "type": "object" 43 | }, 44 | { 45 | "items": {}, 46 | "type": "array" 47 | } 48 | ], 49 | "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." 50 | }, 51 | "client_id": { 52 | "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", 53 | "type": [ 54 | "string", 55 | "null" 56 | ] 57 | }, 58 | "client_name": { 59 | "description": "Client name associated with the client_id, when available. May be empty string.", 60 | "type": "string" 61 | }, 62 | "description": { 63 | "description": "Description of the event. This can also contain a description of the issue for failure logs.", 64 | "type": "string" 65 | }, 66 | "details": { 67 | "description": "Log details", 68 | "properties": { 69 | "client_authentication_error": { 70 | "type": "string" 71 | }, 72 | "error": { 73 | "properties": { 74 | "message": { 75 | "type": "string" 76 | } 77 | }, 78 | "required": [ 79 | "message" 80 | ], 81 | "type": "object" 82 | } 83 | }, 84 | "required": [ 85 | "error" 86 | ], 87 | "type": "object" 88 | }, 89 | "hostname": { 90 | "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", 91 | "type": "string" 92 | }, 93 | "identity_user_id": { 94 | "description": "ID for the user as reported by the IdP.", 95 | "type": "string" 96 | }, 97 | "ip": { 98 | "anyOf": [ 99 | { 100 | "format": "ipv4", 101 | "type": "string" 102 | }, 103 | { 104 | "format": "ipv6", 105 | "type": "string" 106 | } 107 | ], 108 | "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." 109 | }, 110 | "log_id": { 111 | "description": "Log id", 112 | "type": "string" 113 | }, 114 | "mtls_thumbprint_sha256": { 115 | "description": "Representation of the client certificate used to authenticate the client as per RFC 8705 section 3.1. Only included in authorization and token exchanges using mtls as a client authentication method.", 116 | "type": "string" 117 | }, 118 | "tenant_name": { 119 | "description": "Tenant name", 120 | "type": "string" 121 | }, 122 | "type": { 123 | "const": "ciba_exchange_failed", 124 | "description": "Failed CIBA Exchange", 125 | "type": "string" 126 | }, 127 | "user_agent": { 128 | "description": "The user_agent behind this log, when available", 129 | "examples": [ 130 | "Chrome 120.0.0 / Mac OS X 10.15.7" 131 | ], 132 | "type": "string" 133 | }, 134 | "user_id": { 135 | "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", 136 | "type": "string" 137 | }, 138 | "user_name": { 139 | "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", 140 | "examples": [ 141 | [ 142 | "example@example.com", 143 | "+14155554321" 144 | ] 145 | ], 146 | "type": "string" 147 | } 148 | }, 149 | "required": [ 150 | "client_name", 151 | "description", 152 | "details", 153 | "hostname", 154 | "ip", 155 | "log_id", 156 | "tenant_name", 157 | "type" 158 | ], 159 | "type": "object" 160 | } 161 | -------------------------------------------------------------------------------- /schemas/log-types/fui.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "description": "Failed to import users", 4 | "properties": { 5 | "$event_schema": { 6 | "description": "Event schema meta", 7 | "allOf": [ 8 | { 9 | "properties": { 10 | "version": { 11 | "type": "string" 12 | } 13 | }, 14 | "required": [ 15 | "version" 16 | ], 17 | "type": "object" 18 | } 19 | ] 20 | }, 21 | "client_id": { 22 | "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", 23 | "type": [ 24 | "string", 25 | "null" 26 | ] 27 | }, 28 | "client_name": { 29 | "description": "Client name associated with the client_id, when available. May be empty string.", 30 | "type": "string" 31 | }, 32 | "connection": { 33 | "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", 34 | "type": "string" 35 | }, 36 | "connection_id": { 37 | "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", 38 | "type": "string" 39 | }, 40 | "description": { 41 | "description": "Description of the event. This can also contain a description of the issue for failure logs.", 42 | "type": "string" 43 | }, 44 | "details": { 45 | "description": "Log details", 46 | "properties": { 47 | "connection": { 48 | "type": "string" 49 | }, 50 | "tenant": { 51 | "type": "string" 52 | } 53 | }, 54 | "required": [ 55 | "tenant", 56 | "connection" 57 | ], 58 | "type": "object" 59 | }, 60 | "identity_user_id": { 61 | "description": "ID for the user as reported by the IdP.", 62 | "type": "string" 63 | }, 64 | "ip": { 65 | "anyOf": [ 66 | { 67 | "format": "ipv4", 68 | "type": "string" 69 | }, 70 | { 71 | "format": "ipv6", 72 | "type": "string" 73 | } 74 | ], 75 | "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." 76 | }, 77 | "log_id": { 78 | "description": "Log id", 79 | "type": "string" 80 | }, 81 | "organization_id": { 82 | "description": "ID of the organization related to this auth flow or action, when applicable. For failure logs, the value may be a valid ID, and invalid ID, or any other string.", 83 | "type": "string" 84 | }, 85 | "organization_name": { 86 | "description": "Name of the organization in `organization_id`, when applicable and valid. May be an empty string.", 87 | "type": "string" 88 | }, 89 | "strategy": { 90 | "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", 91 | "examples": [ 92 | [ 93 | "auth0", 94 | "waad", 95 | "oktawic", 96 | "google-oauth2" 97 | ] 98 | ], 99 | "type": "string" 100 | }, 101 | "strategy_type": { 102 | "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", 103 | "examples": [ 104 | [ 105 | "database", 106 | "social", 107 | "enterprise" 108 | ] 109 | ], 110 | "type": "string" 111 | }, 112 | "tenant_name": { 113 | "description": "Tenant name", 114 | "type": "string" 115 | }, 116 | "type": { 117 | "const": "fui", 118 | "description": "Failed Users Import", 119 | "type": "string" 120 | }, 121 | "user_agent": { 122 | "description": "The user_agent behind this log, when available", 123 | "examples": [ 124 | "Chrome 120.0.0 / Mac OS X 10.15.7" 125 | ], 126 | "type": "string" 127 | }, 128 | "user_id": { 129 | "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", 130 | "type": "string" 131 | }, 132 | "user_name": { 133 | "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", 134 | "examples": [ 135 | [ 136 | "example@example.com", 137 | "+14155554321" 138 | ] 139 | ], 140 | "type": "string" 141 | } 142 | }, 143 | "required": [ 144 | "client_name", 145 | "description", 146 | "details", 147 | "ip", 148 | "log_id", 149 | "strategy", 150 | "strategy_type", 151 | "tenant_name", 152 | "type" 153 | ], 154 | "type": "object" 155 | } 156 | -------------------------------------------------------------------------------- /schemas/log-types/sd.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "description": "Successful Delegation", 4 | "properties": { 5 | "$event_schema": { 6 | "description": "Event schema meta", 7 | "allOf": [ 8 | { 9 | "properties": { 10 | "version": { 11 | "type": "string" 12 | } 13 | }, 14 | "required": [ 15 | "version" 16 | ], 17 | "type": "object" 18 | } 19 | ] 20 | }, 21 | "auth0_client": { 22 | "anyOf": [ 23 | { 24 | "properties": { 25 | "env": { 26 | "type": "object" 27 | }, 28 | "name": { 29 | "type": "string" 30 | }, 31 | "version": { 32 | "type": "string" 33 | } 34 | }, 35 | "required": [ 36 | "name", 37 | "version" 38 | ], 39 | "type": "object" 40 | }, 41 | { 42 | "type": "object" 43 | }, 44 | { 45 | "items": {}, 46 | "type": "array" 47 | } 48 | ], 49 | "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." 50 | }, 51 | "client_id": { 52 | "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", 53 | "type": [ 54 | "string", 55 | "null" 56 | ] 57 | }, 58 | "client_name": { 59 | "description": "Client name associated with the client_id, when available. May be empty string.", 60 | "type": "string" 61 | }, 62 | "connection": { 63 | "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", 64 | "type": "string" 65 | }, 66 | "connection_id": { 67 | "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", 68 | "type": "string" 69 | }, 70 | "description": { 71 | "description": "Description of the event. This can also contain a description of the issue for failure logs.", 72 | "type": "string" 73 | }, 74 | "details": { 75 | "description": "Log details", 76 | "properties": { 77 | "api_type": { 78 | "type": "string" 79 | }, 80 | "device": { 81 | "type": "string" 82 | }, 83 | "grant_type": { 84 | "type": "string" 85 | }, 86 | "scope": { 87 | "type": [ 88 | "string", 89 | "null" 90 | ] 91 | }, 92 | "target": { 93 | "type": "string" 94 | } 95 | }, 96 | "type": "object" 97 | }, 98 | "hostname": { 99 | "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", 100 | "type": "string" 101 | }, 102 | "identity_user_id": { 103 | "description": "ID for the user as reported by the IdP.", 104 | "type": "string" 105 | }, 106 | "ip": { 107 | "anyOf": [ 108 | { 109 | "format": "ipv4", 110 | "type": "string" 111 | }, 112 | { 113 | "format": "ipv6", 114 | "type": "string" 115 | } 116 | ], 117 | "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." 118 | }, 119 | "log_id": { 120 | "description": "Log id", 121 | "type": "string" 122 | }, 123 | "tenant_name": { 124 | "description": "Tenant name", 125 | "type": "string" 126 | }, 127 | "type": { 128 | "const": "sd", 129 | "description": "Successful Delegation", 130 | "type": "string" 131 | }, 132 | "user_agent": { 133 | "description": "The user_agent behind this log, when available", 134 | "examples": [ 135 | "Chrome 120.0.0 / Mac OS X 10.15.7" 136 | ], 137 | "type": "string" 138 | }, 139 | "user_id": { 140 | "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", 141 | "type": "string" 142 | }, 143 | "user_name": { 144 | "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", 145 | "examples": [ 146 | [ 147 | "example@example.com", 148 | "+14155554321" 149 | ] 150 | ], 151 | "type": "string" 152 | } 153 | }, 154 | "required": [ 155 | "client_name", 156 | "description", 157 | "details", 158 | "hostname", 159 | "ip", 160 | "log_id", 161 | "tenant_name", 162 | "type" 163 | ], 164 | "type": "object" 165 | } 166 | -------------------------------------------------------------------------------- /schemas/log-types/api_limit.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "description": "The maximum number of requests to the Authentication or Management APIs in given time was reached", 4 | "properties": { 5 | "$event_schema": { 6 | "description": "Event schema meta", 7 | "allOf": [ 8 | { 9 | "properties": { 10 | "version": { 11 | "type": "string" 12 | } 13 | }, 14 | "required": [ 15 | "version" 16 | ], 17 | "type": "object" 18 | } 19 | ] 20 | }, 21 | "auth0_client": { 22 | "anyOf": [ 23 | { 24 | "properties": { 25 | "env": { 26 | "type": "object" 27 | }, 28 | "name": { 29 | "type": "string" 30 | }, 31 | "version": { 32 | "type": "string" 33 | } 34 | }, 35 | "required": [ 36 | "name", 37 | "version" 38 | ], 39 | "type": "object" 40 | }, 41 | { 42 | "type": "object" 43 | }, 44 | { 45 | "items": {}, 46 | "type": "array" 47 | } 48 | ], 49 | "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." 50 | }, 51 | "client_id": { 52 | "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", 53 | "type": [ 54 | "string", 55 | "null" 56 | ] 57 | }, 58 | "client_name": { 59 | "description": "Client name associated with the client_id, when available. May be empty string.", 60 | "type": "string" 61 | }, 62 | "connection": { 63 | "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", 64 | "type": "string" 65 | }, 66 | "connection_id": { 67 | "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", 68 | "type": "string" 69 | }, 70 | "description": { 71 | "description": "Description of the event. This can also contain a description of the issue for failure logs.", 72 | "type": "string" 73 | }, 74 | "details": { 75 | "description": "Log details", 76 | "properties": { 77 | "limit": { 78 | "properties": { 79 | "bucket": { 80 | "type": "string" 81 | }, 82 | "global": { 83 | "type": "boolean" 84 | }, 85 | "size": { 86 | "type": "number" 87 | } 88 | }, 89 | "required": [ 90 | "size", 91 | "bucket", 92 | "global" 93 | ], 94 | "type": "object" 95 | }, 96 | "request": { 97 | "properties": { 98 | "method": { 99 | "type": "string" 100 | }, 101 | "path": { 102 | "type": "string" 103 | } 104 | }, 105 | "type": "object" 106 | }, 107 | "response": { 108 | "type": "string" 109 | } 110 | }, 111 | "required": [ 112 | "limit" 113 | ], 114 | "type": "object" 115 | }, 116 | "hostname": { 117 | "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", 118 | "type": "string" 119 | }, 120 | "identity_user_id": { 121 | "description": "ID for the user as reported by the IdP.", 122 | "type": "string" 123 | }, 124 | "log_id": { 125 | "description": "Log id", 126 | "type": "string" 127 | }, 128 | "tenant_name": { 129 | "description": "Tenant name", 130 | "type": "string" 131 | }, 132 | "type": { 133 | "const": "api_limit", 134 | "description": "Rate Limit notice on Authentication or Management API", 135 | "type": "string" 136 | }, 137 | "user_agent": { 138 | "description": "The user_agent behind this log, when available", 139 | "examples": [ 140 | "Chrome 120.0.0 / Mac OS X 10.15.7" 141 | ], 142 | "type": "string" 143 | }, 144 | "user_id": { 145 | "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", 146 | "type": "string" 147 | }, 148 | "user_name": { 149 | "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", 150 | "examples": [ 151 | [ 152 | "example@example.com", 153 | "+14155554321" 154 | ] 155 | ], 156 | "type": "string" 157 | } 158 | }, 159 | "required": [ 160 | "client_name", 161 | "description", 162 | "details", 163 | "hostname", 164 | "log_id", 165 | "tenant_name", 166 | "type" 167 | ], 168 | "type": "object" 169 | } 170 | -------------------------------------------------------------------------------- /schemas/log-types/fd.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "description": "Failed to generate delegation token", 4 | "properties": { 5 | "$event_schema": { 6 | "description": "Event schema meta", 7 | "allOf": [ 8 | { 9 | "properties": { 10 | "version": { 11 | "type": "string" 12 | } 13 | }, 14 | "required": [ 15 | "version" 16 | ], 17 | "type": "object" 18 | } 19 | ] 20 | }, 21 | "auth0_client": { 22 | "anyOf": [ 23 | { 24 | "properties": { 25 | "env": { 26 | "type": "object" 27 | }, 28 | "name": { 29 | "type": "string" 30 | }, 31 | "version": { 32 | "type": "string" 33 | } 34 | }, 35 | "required": [ 36 | "name", 37 | "version" 38 | ], 39 | "type": "object" 40 | }, 41 | { 42 | "type": "object" 43 | }, 44 | { 45 | "items": {}, 46 | "type": "array" 47 | } 48 | ], 49 | "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." 50 | }, 51 | "client_id": { 52 | "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", 53 | "type": [ 54 | "string", 55 | "null" 56 | ] 57 | }, 58 | "client_name": { 59 | "description": "Client name associated with the client_id, when available. May be empty string.", 60 | "type": "string" 61 | }, 62 | "connection": { 63 | "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", 64 | "type": "string" 65 | }, 66 | "connection_id": { 67 | "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", 68 | "type": "string" 69 | }, 70 | "description": { 71 | "description": "Description of the event. This can also contain a description of the issue for failure logs.", 72 | "type": "string" 73 | }, 74 | "details": { 75 | "description": "Log details", 76 | "properties": { 77 | "api_type": { 78 | "type": "string" 79 | }, 80 | "device": { 81 | "type": "string" 82 | }, 83 | "grant_type": { 84 | "type": "string" 85 | }, 86 | "scope": { 87 | "type": "string" 88 | }, 89 | "target": { 90 | "type": "string" 91 | } 92 | }, 93 | "required": [ 94 | "grant_type" 95 | ], 96 | "type": "object" 97 | }, 98 | "hostname": { 99 | "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", 100 | "type": "string" 101 | }, 102 | "identity_user_id": { 103 | "description": "ID for the user as reported by the IdP.", 104 | "type": "string" 105 | }, 106 | "ip": { 107 | "anyOf": [ 108 | { 109 | "format": "ipv4", 110 | "type": "string" 111 | }, 112 | { 113 | "format": "ipv6", 114 | "type": "string" 115 | } 116 | ], 117 | "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." 118 | }, 119 | "log_id": { 120 | "description": "Log id", 121 | "type": "string" 122 | }, 123 | "tenant_name": { 124 | "description": "Tenant name", 125 | "type": "string" 126 | }, 127 | "type": { 128 | "const": "fd", 129 | "description": "Failed Delegation", 130 | "type": "string" 131 | }, 132 | "user_agent": { 133 | "description": "The user_agent behind this log, when available", 134 | "examples": [ 135 | "Chrome 120.0.0 / Mac OS X 10.15.7" 136 | ], 137 | "type": "string" 138 | }, 139 | "user_id": { 140 | "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", 141 | "type": "string" 142 | }, 143 | "user_name": { 144 | "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", 145 | "examples": [ 146 | [ 147 | "example@example.com", 148 | "+14155554321" 149 | ] 150 | ], 151 | "type": "string" 152 | } 153 | }, 154 | "required": [ 155 | "client_name", 156 | "description", 157 | "details", 158 | "hostname", 159 | "ip", 160 | "log_id", 161 | "tenant_name", 162 | "type" 163 | ], 164 | "type": "object" 165 | } 166 | -------------------------------------------------------------------------------- /schemas/log-types/slo.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "description": "Successful Logout", 4 | "properties": { 5 | "$event_schema": { 6 | "description": "Event schema meta", 7 | "allOf": [ 8 | { 9 | "properties": { 10 | "version": { 11 | "type": "string" 12 | } 13 | }, 14 | "required": [ 15 | "version" 16 | ], 17 | "type": "object" 18 | } 19 | ] 20 | }, 21 | "auth0_client": { 22 | "anyOf": [ 23 | { 24 | "properties": { 25 | "env": { 26 | "type": "object" 27 | }, 28 | "name": { 29 | "type": "string" 30 | }, 31 | "version": { 32 | "type": "string" 33 | } 34 | }, 35 | "required": [ 36 | "name", 37 | "version" 38 | ], 39 | "type": "object" 40 | }, 41 | { 42 | "type": "object" 43 | }, 44 | { 45 | "items": {}, 46 | "type": "array" 47 | } 48 | ], 49 | "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." 50 | }, 51 | "client_id": { 52 | "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", 53 | "type": [ 54 | "string", 55 | "null" 56 | ] 57 | }, 58 | "client_name": { 59 | "description": "Client name associated with the client_id, when available. May be empty string.", 60 | "type": "string" 61 | }, 62 | "connection": { 63 | "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", 64 | "type": "string" 65 | }, 66 | "connection_id": { 67 | "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", 68 | "type": "string" 69 | }, 70 | "description": { 71 | "description": "Description of the event. This can also contain a description of the issue for failure logs.", 72 | "type": "string" 73 | }, 74 | "details": { 75 | "description": "Log details", 76 | "properties": { 77 | "allowed_logout_url": { 78 | "items": { 79 | "type": "string" 80 | }, 81 | "type": "array" 82 | }, 83 | "initiated_by": { 84 | "type": "string" 85 | }, 86 | "protocol": { 87 | "type": "string" 88 | }, 89 | "return_to": { 90 | "type": "string" 91 | }, 92 | "session_id": { 93 | "type": "string" 94 | } 95 | }, 96 | "type": "object" 97 | }, 98 | "hostname": { 99 | "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", 100 | "type": "string" 101 | }, 102 | "identity_user_id": { 103 | "description": "ID for the user as reported by the IdP.", 104 | "type": "string" 105 | }, 106 | "ip": { 107 | "anyOf": [ 108 | { 109 | "format": "ipv4", 110 | "type": "string" 111 | }, 112 | { 113 | "format": "ipv6", 114 | "type": "string" 115 | } 116 | ], 117 | "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." 118 | }, 119 | "log_id": { 120 | "description": "Log id", 121 | "type": "string" 122 | }, 123 | "tenant_name": { 124 | "description": "Tenant name", 125 | "type": "string" 126 | }, 127 | "type": { 128 | "const": "slo", 129 | "description": "Successful Logout", 130 | "type": "string" 131 | }, 132 | "user_agent": { 133 | "description": "The user_agent behind this log, when available", 134 | "examples": [ 135 | "Chrome 120.0.0 / Mac OS X 10.15.7" 136 | ], 137 | "type": "string" 138 | }, 139 | "user_id": { 140 | "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", 141 | "type": "string" 142 | }, 143 | "user_name": { 144 | "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", 145 | "examples": [ 146 | [ 147 | "example@example.com", 148 | "+14155554321" 149 | ] 150 | ], 151 | "type": "string" 152 | } 153 | }, 154 | "required": [ 155 | "client_name", 156 | "description", 157 | "details", 158 | "hostname", 159 | "ip", 160 | "log_id", 161 | "tenant_name", 162 | "type" 163 | ], 164 | "type": "object" 165 | } 166 | -------------------------------------------------------------------------------- /schemas/log-types/flo.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "description": "Failed Logout", 4 | "properties": { 5 | "$event_schema": { 6 | "description": "Event schema meta", 7 | "allOf": [ 8 | { 9 | "properties": { 10 | "version": { 11 | "type": "string" 12 | } 13 | }, 14 | "required": [ 15 | "version" 16 | ], 17 | "type": "object" 18 | } 19 | ] 20 | }, 21 | "auth0_client": { 22 | "anyOf": [ 23 | { 24 | "properties": { 25 | "env": { 26 | "type": "object" 27 | }, 28 | "name": { 29 | "type": "string" 30 | }, 31 | "version": { 32 | "type": "string" 33 | } 34 | }, 35 | "required": [ 36 | "name", 37 | "version" 38 | ], 39 | "type": "object" 40 | }, 41 | { 42 | "type": "object" 43 | }, 44 | { 45 | "items": {}, 46 | "type": "array" 47 | } 48 | ], 49 | "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." 50 | }, 51 | "client_id": { 52 | "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", 53 | "type": [ 54 | "string", 55 | "null" 56 | ] 57 | }, 58 | "client_name": { 59 | "description": "Client name associated with the client_id, when available. May be empty string.", 60 | "type": "string" 61 | }, 62 | "connection": { 63 | "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", 64 | "type": "string" 65 | }, 66 | "connection_id": { 67 | "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", 68 | "type": "string" 69 | }, 70 | "description": { 71 | "description": "Description of the event. This can also contain a description of the issue for failure logs.", 72 | "type": "string" 73 | }, 74 | "details": { 75 | "description": "Log details", 76 | "properties": { 77 | "allowed_logout_url": { 78 | "items": { 79 | "type": "string" 80 | }, 81 | "type": "array" 82 | }, 83 | "initiated_by": { 84 | "type": "string" 85 | }, 86 | "protocol": { 87 | "type": "string" 88 | }, 89 | "return_to": { 90 | "type": "string" 91 | }, 92 | "session_id": { 93 | "type": "string" 94 | } 95 | }, 96 | "required": [ 97 | "allowed_logout_url", 98 | "return_to" 99 | ], 100 | "type": "object" 101 | }, 102 | "hostname": { 103 | "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", 104 | "type": "string" 105 | }, 106 | "identity_user_id": { 107 | "description": "ID for the user as reported by the IdP.", 108 | "type": "string" 109 | }, 110 | "ip": { 111 | "anyOf": [ 112 | { 113 | "format": "ipv4", 114 | "type": "string" 115 | }, 116 | { 117 | "format": "ipv6", 118 | "type": "string" 119 | } 120 | ], 121 | "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." 122 | }, 123 | "log_id": { 124 | "description": "Log id", 125 | "type": "string" 126 | }, 127 | "tenant_name": { 128 | "description": "Tenant name", 129 | "type": "string" 130 | }, 131 | "type": { 132 | "const": "flo", 133 | "description": "Failed Logout", 134 | "type": "string" 135 | }, 136 | "user_agent": { 137 | "description": "The user_agent behind this log, when available", 138 | "examples": [ 139 | "Chrome 120.0.0 / Mac OS X 10.15.7" 140 | ], 141 | "type": "string" 142 | }, 143 | "user_id": { 144 | "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", 145 | "type": "string" 146 | }, 147 | "user_name": { 148 | "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", 149 | "examples": [ 150 | [ 151 | "example@example.com", 152 | "+14155554321" 153 | ] 154 | ], 155 | "type": "string" 156 | } 157 | }, 158 | "required": [ 159 | "client_name", 160 | "description", 161 | "details", 162 | "hostname", 163 | "ip", 164 | "log_id", 165 | "tenant_name", 166 | "type" 167 | ], 168 | "type": "object" 169 | } 170 | -------------------------------------------------------------------------------- /schemas/log-types/pla.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "description": "Generated before a login and helps in monitoring the behavior of bot detection without having to enable it.", 4 | "properties": { 5 | "$event_schema": { 6 | "description": "Event schema meta", 7 | "allOf": [ 8 | { 9 | "properties": { 10 | "version": { 11 | "type": "string" 12 | } 13 | }, 14 | "required": [ 15 | "version" 16 | ], 17 | "type": "object" 18 | } 19 | ] 20 | }, 21 | "auth0_client": { 22 | "anyOf": [ 23 | { 24 | "properties": { 25 | "env": { 26 | "type": "object" 27 | }, 28 | "name": { 29 | "type": "string" 30 | }, 31 | "version": { 32 | "type": "string" 33 | } 34 | }, 35 | "required": [ 36 | "name", 37 | "version" 38 | ], 39 | "type": "object" 40 | }, 41 | { 42 | "type": "object" 43 | }, 44 | { 45 | "items": {}, 46 | "type": "array" 47 | } 48 | ], 49 | "description": "The client or SDK used to do this request, if any. This is based on the `Auth0-Client` HTTP header." 50 | }, 51 | "client_id": { 52 | "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", 53 | "type": [ 54 | "string", 55 | "null" 56 | ] 57 | }, 58 | "client_name": { 59 | "description": "Client name associated with the client_id, when available. May be empty string.", 60 | "type": "string" 61 | }, 62 | "connection": { 63 | "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", 64 | "type": "string" 65 | }, 66 | "connection_id": { 67 | "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", 68 | "type": "string" 69 | }, 70 | "description": { 71 | "description": "Description of the event. This can also contain a description of the issue for failure logs.", 72 | "type": "string" 73 | }, 74 | "details": { 75 | "description": "Log details", 76 | "properties": { 77 | "ipOnAllowlist": { 78 | "type": "boolean" 79 | }, 80 | "requiresVerification": { 81 | "type": "boolean" 82 | }, 83 | "requiresVerificationForSignupFlow": { 84 | "type": "boolean" 85 | }, 86 | "session_id": { 87 | "type": "string" 88 | } 89 | }, 90 | "required": [ 91 | "ipOnAllowlist", 92 | "requiresVerification", 93 | "session_id" 94 | ], 95 | "type": "object" 96 | }, 97 | "hostname": { 98 | "description": "The hostname associated with the request. For forwarded requests, this should resolve to the original hostname. For failure logs, this may include invalid hostnames.", 99 | "type": "string" 100 | }, 101 | "identity_user_id": { 102 | "description": "ID for the user as reported by the IdP.", 103 | "type": "string" 104 | }, 105 | "ip": { 106 | "anyOf": [ 107 | { 108 | "format": "ipv4", 109 | "type": "string" 110 | }, 111 | { 112 | "format": "ipv6", 113 | "type": "string" 114 | } 115 | ], 116 | "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." 117 | }, 118 | "log_id": { 119 | "description": "Log id", 120 | "type": "string" 121 | }, 122 | "tenant_name": { 123 | "description": "Tenant name", 124 | "type": "string" 125 | }, 126 | "type": { 127 | "const": "pla", 128 | "description": "Pre-Login Assessment", 129 | "type": "string" 130 | }, 131 | "user_agent": { 132 | "description": "The user_agent behind this log, when available", 133 | "examples": [ 134 | "Chrome 120.0.0 / Mac OS X 10.15.7" 135 | ], 136 | "type": "string" 137 | }, 138 | "user_id": { 139 | "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", 140 | "type": "string" 141 | }, 142 | "user_name": { 143 | "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", 144 | "examples": [ 145 | [ 146 | "example@example.com", 147 | "+14155554321" 148 | ] 149 | ], 150 | "type": "string" 151 | } 152 | }, 153 | "required": [ 154 | "client_name", 155 | "description", 156 | "details", 157 | "hostname", 158 | "ip", 159 | "log_id", 160 | "tenant_name", 161 | "type" 162 | ], 163 | "type": "object" 164 | } 165 | -------------------------------------------------------------------------------- /schemas/log-types/scu.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "description": "Successful Change Username", 4 | "properties": { 5 | "$event_schema": { 6 | "description": "Event schema meta", 7 | "allOf": [ 8 | { 9 | "properties": { 10 | "version": { 11 | "type": "string" 12 | } 13 | }, 14 | "required": [ 15 | "version" 16 | ], 17 | "type": "object" 18 | } 19 | ] 20 | }, 21 | "client_id": { 22 | "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", 23 | "type": [ 24 | "string", 25 | "null" 26 | ] 27 | }, 28 | "client_name": { 29 | "description": "Client name associated with the client_id, when available. May be empty string.", 30 | "type": "string" 31 | }, 32 | "connection": { 33 | "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", 34 | "type": "string" 35 | }, 36 | "connection_id": { 37 | "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", 38 | "type": "string" 39 | }, 40 | "description": { 41 | "description": "Description of the event. This can also contain a description of the issue for failure logs.", 42 | "type": "string" 43 | }, 44 | "details": { 45 | "description": "Log details", 46 | "properties": { 47 | "body": { 48 | "properties": { 49 | "clientId": { 50 | "type": "string" 51 | }, 52 | "connection": { 53 | "type": "string" 54 | }, 55 | "email": { 56 | "type": "string" 57 | }, 58 | "newUsername": { 59 | "type": "string" 60 | }, 61 | "oldUsername": { 62 | "type": "string" 63 | }, 64 | "tenant": { 65 | "type": "string" 66 | }, 67 | "user_id": { 68 | "type": "string" 69 | } 70 | }, 71 | "required": [ 72 | "newUsername", 73 | "oldUsername" 74 | ], 75 | "type": "object" 76 | } 77 | }, 78 | "required": [ 79 | "body" 80 | ], 81 | "type": "object" 82 | }, 83 | "identity_user_id": { 84 | "description": "ID for the user as reported by the IdP.", 85 | "type": "string" 86 | }, 87 | "ip": { 88 | "anyOf": [ 89 | { 90 | "format": "ipv4", 91 | "type": "string" 92 | }, 93 | { 94 | "format": "ipv6", 95 | "type": "string" 96 | } 97 | ], 98 | "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." 99 | }, 100 | "log_id": { 101 | "description": "Log id", 102 | "type": "string" 103 | }, 104 | "strategy": { 105 | "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", 106 | "examples": [ 107 | [ 108 | "auth0", 109 | "waad", 110 | "oktawic", 111 | "google-oauth2" 112 | ] 113 | ], 114 | "type": "string" 115 | }, 116 | "strategy_type": { 117 | "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", 118 | "examples": [ 119 | [ 120 | "database", 121 | "social", 122 | "enterprise" 123 | ] 124 | ], 125 | "type": "string" 126 | }, 127 | "tenant_name": { 128 | "description": "Tenant name", 129 | "type": "string" 130 | }, 131 | "type": { 132 | "const": "scu", 133 | "description": "Successful Change Username", 134 | "type": "string" 135 | }, 136 | "user_agent": { 137 | "description": "The user_agent behind this log, when available", 138 | "examples": [ 139 | "Chrome 120.0.0 / Mac OS X 10.15.7" 140 | ], 141 | "type": "string" 142 | }, 143 | "user_id": { 144 | "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", 145 | "type": "string" 146 | }, 147 | "user_name": { 148 | "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", 149 | "examples": [ 150 | [ 151 | "example@example.com", 152 | "+14155554321" 153 | ] 154 | ], 155 | "type": "string" 156 | } 157 | }, 158 | "required": [ 159 | "client_name", 160 | "description", 161 | "details", 162 | "ip", 163 | "log_id", 164 | "strategy", 165 | "strategy_type", 166 | "tenant_name", 167 | "type" 168 | ], 169 | "type": "object" 170 | } 171 | -------------------------------------------------------------------------------- /schemas/log-types/scpn.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "description": "Successful Change Phone Number", 4 | "properties": { 5 | "$event_schema": { 6 | "description": "Event schema meta", 7 | "allOf": [ 8 | { 9 | "properties": { 10 | "version": { 11 | "type": "string" 12 | } 13 | }, 14 | "required": [ 15 | "version" 16 | ], 17 | "type": "object" 18 | } 19 | ] 20 | }, 21 | "client_id": { 22 | "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", 23 | "type": [ 24 | "string", 25 | "null" 26 | ] 27 | }, 28 | "client_name": { 29 | "description": "Client name associated with the client_id, when available. May be empty string.", 30 | "type": "string" 31 | }, 32 | "connection": { 33 | "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", 34 | "type": "string" 35 | }, 36 | "connection_id": { 37 | "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", 38 | "type": "string" 39 | }, 40 | "description": { 41 | "description": "Description of the event. This can also contain a description of the issue for failure logs.", 42 | "type": "string" 43 | }, 44 | "details": { 45 | "description": "Log details", 46 | "properties": { 47 | "body": { 48 | "properties": { 49 | "client_id": { 50 | "type": "string" 51 | }, 52 | "connection": { 53 | "type": "string" 54 | }, 55 | "new_phone_number": { 56 | "type": "string" 57 | }, 58 | "old_phone_number": { 59 | "type": "string" 60 | }, 61 | "phone_verified": { 62 | "type": "boolean" 63 | }, 64 | "tenant": { 65 | "type": "string" 66 | }, 67 | "user_id": { 68 | "type": "string" 69 | }, 70 | "verify": { 71 | "type": "boolean" 72 | } 73 | }, 74 | "type": "object" 75 | } 76 | }, 77 | "required": [ 78 | "body" 79 | ], 80 | "type": "object" 81 | }, 82 | "identity_user_id": { 83 | "description": "ID for the user as reported by the IdP.", 84 | "type": "string" 85 | }, 86 | "ip": { 87 | "anyOf": [ 88 | { 89 | "format": "ipv4", 90 | "type": "string" 91 | }, 92 | { 93 | "format": "ipv6", 94 | "type": "string" 95 | } 96 | ], 97 | "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." 98 | }, 99 | "log_id": { 100 | "description": "Log id", 101 | "type": "string" 102 | }, 103 | "strategy": { 104 | "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", 105 | "examples": [ 106 | [ 107 | "auth0", 108 | "waad", 109 | "oktawic", 110 | "google-oauth2" 111 | ] 112 | ], 113 | "type": "string" 114 | }, 115 | "strategy_type": { 116 | "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", 117 | "examples": [ 118 | [ 119 | "database", 120 | "social", 121 | "enterprise" 122 | ] 123 | ], 124 | "type": "string" 125 | }, 126 | "tenant_name": { 127 | "description": "Tenant name", 128 | "type": "string" 129 | }, 130 | "type": { 131 | "const": "scpn", 132 | "description": "Successful Change Phone Number", 133 | "type": "string" 134 | }, 135 | "user_agent": { 136 | "description": "The user_agent behind this log, when available", 137 | "examples": [ 138 | "Chrome 120.0.0 / Mac OS X 10.15.7" 139 | ], 140 | "type": "string" 141 | }, 142 | "user_id": { 143 | "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", 144 | "type": "string" 145 | }, 146 | "user_name": { 147 | "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", 148 | "examples": [ 149 | [ 150 | "example@example.com", 151 | "+14155554321" 152 | ] 153 | ], 154 | "type": "string" 155 | } 156 | }, 157 | "required": [ 158 | "client_name", 159 | "description", 160 | "details", 161 | "ip", 162 | "log_id", 163 | "strategy", 164 | "strategy_type", 165 | "tenant_name", 166 | "type" 167 | ], 168 | "type": "object" 169 | } 170 | -------------------------------------------------------------------------------- /schemas/log-types/cls.schema.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "description": "Passwordless Login Code/Link Sent", 4 | "properties": { 5 | "$event_schema": { 6 | "description": "Event schema meta", 7 | "allOf": [ 8 | { 9 | "properties": { 10 | "version": { 11 | "type": "string" 12 | } 13 | }, 14 | "required": [ 15 | "version" 16 | ], 17 | "type": "object" 18 | } 19 | ] 20 | }, 21 | "client_id": { 22 | "description": "Client related to the API call. Clients are also called applications. The underlying application may not be owned by your tenant and may not be accessible. For failure logs, this may be a valid ID, an invalid one, or any ID.", 23 | "type": [ 24 | "string", 25 | "null" 26 | ] 27 | }, 28 | "client_name": { 29 | "description": "Client name associated with the client_id, when available. May be empty string.", 30 | "type": "string" 31 | }, 32 | "connection": { 33 | "description": "Name of the connection, when available. The connection here matches the `connection_id` field.", 34 | "type": "string" 35 | }, 36 | "connection_id": { 37 | "description": "ID of the connection on which the auth flow is happening or connection of the user doing the action, when applicable. For failure logs this field may contain an invalid ID.", 38 | "type": "string" 39 | }, 40 | "description": { 41 | "description": "Description of the event. This can also contain a description of the issue for failure logs.", 42 | "type": "string" 43 | }, 44 | "details": { 45 | "description": "Log details", 46 | "properties": { 47 | "body": { 48 | "properties": { 49 | "authParams": {}, 50 | "client_id": { 51 | "type": "string" 52 | }, 53 | "connection": { 54 | "type": "string" 55 | }, 56 | "email": { 57 | "type": "string" 58 | }, 59 | "send": { 60 | "type": "string" 61 | }, 62 | "tenant": { 63 | "type": "string" 64 | }, 65 | "transaction": {} 66 | }, 67 | "required": [ 68 | "client_id", 69 | "connection", 70 | "email", 71 | "tenant" 72 | ], 73 | "type": "object" 74 | }, 75 | "link": { 76 | "type": "string" 77 | } 78 | }, 79 | "required": [ 80 | "link", 81 | "body" 82 | ], 83 | "type": "object" 84 | }, 85 | "identity_user_id": { 86 | "description": "ID for the user as reported by the IdP.", 87 | "type": "string" 88 | }, 89 | "ip": { 90 | "anyOf": [ 91 | { 92 | "format": "ipv4", 93 | "type": "string" 94 | }, 95 | { 96 | "format": "ipv6", 97 | "type": "string" 98 | } 99 | ], 100 | "description": "The IP address associated with the request. For an auth related log this should be the end user IP. For a machine-to-machine auth flow this should be the IP of the computer doing the authentication. For management logs like `sapi` and `mgmt_api_read` this should be the IP of the admin using the manage dashboard." 101 | }, 102 | "log_id": { 103 | "description": "Log id", 104 | "type": "string" 105 | }, 106 | "strategy": { 107 | "description": "Strategy of the connection in `connection_id`, when applicable and valid. This may be empty string.", 108 | "examples": [ 109 | [ 110 | "auth0", 111 | "waad", 112 | "oktawic", 113 | "google-oauth2" 114 | ] 115 | ], 116 | "type": "string" 117 | }, 118 | "strategy_type": { 119 | "description": "Category of the strategy in `strategy`, when applicable. This may be empty string.", 120 | "examples": [ 121 | [ 122 | "database", 123 | "social", 124 | "enterprise" 125 | ] 126 | ], 127 | "type": "string" 128 | }, 129 | "tenant_name": { 130 | "description": "Tenant name", 131 | "type": "string" 132 | }, 133 | "type": { 134 | "const": "cls", 135 | "description": "Code or Link Sent for Passwordless Login", 136 | "type": "string" 137 | }, 138 | "user_agent": { 139 | "description": "The user_agent behind this log, when available", 140 | "examples": [ 141 | "Chrome 120.0.0 / Mac OS X 10.15.7" 142 | ], 143 | "type": "string" 144 | }, 145 | "user_id": { 146 | "description": "ID of the user behind the auth flow, or of the user executing the action, whichever applies. For machine to machine auth flows, this field may contain an empty string. For failure logs, the value may be a valid ID, an invalid ID, or empty string", 147 | "type": "string" 148 | }, 149 | "user_name": { 150 | "description": "Username of the user related to the ID is shown in `user_id`, when available. For failure logs, the value may be a valid username, an invalid username, or empty string.", 151 | "examples": [ 152 | [ 153 | "example@example.com", 154 | "+14155554321" 155 | ] 156 | ], 157 | "type": "string" 158 | } 159 | }, 160 | "required": [ 161 | "client_name", 162 | "description", 163 | "details", 164 | "ip", 165 | "log_id", 166 | "strategy", 167 | "strategy_type", 168 | "tenant_name", 169 | "type" 170 | ], 171 | "type": "object" 172 | } 173 | --------------------------------------------------------------------------------