Auth0 Log Events
Sync Type: Incremental
Overview
This source connector fetches log event entries from the Auth0 Management API.
Auth0 log events capture critical security and operational data including:
- User authentication attempts (successful logins, failed attempts, password resets).
- API access patterns and authorization decisions.
- Administrative actions performed in your Auth0 dashboard.
- System events and configuration changes.
- Security incidents such as blocked IPs or suspicious activities.
Prerequisites
- An account Auth0 portal.
- A Machine-to-Machine type application created on Auth0 portal. Click here to see the steps required to create one.
Limitations
- This input is restricted by rate limits.
Permissions
- On the left navigation bar click on Applications under Applications menu, it will open up the Application's page.
- Click on APIs tab. Expand the Auth0 Management API option by clicking arrow icon located on extreme right.
- In the permissions section, search and select the following permissions -
- read:logs
Authentication
The following authentication options are supported by this input:
| Authentication Method | Documentation |
|---|---|
| Client ID and Client Secret (confidential applications) | API Token Authentication |
| OAuth2 access tokens | OAuth access token authentication |
Get the credentials
- On the left navigation bar click on Applications under Applications menu, it will open up the Application's page.
- Copy the Client ID.
- Head over to Settings tab and copy the Domain value.
- Head over to Credentials tab and copy the Client Secret value.
Generate Management API Access Token (If using OAuth2 Access Token Authentication)
- To ask Auth0 for a Management API v2 token, perform a POST operation to the
https://{yourDomain}/oauth/tokenendpoint, using the credentials of the Machine-to-Machine Application you created in the prerequisite step. - The payload should be in the following format -
Replace yourDomain, yourClientId and yourClientSecret with the credentials collected in
curl --request POST \
--url 'https://{yourDomain}/oauth/token' \
--header 'content-type: application/x-www-form-urlencoded' \
--data grant_type=client_credentials \
--data 'client_id={yourClientId}' \
--data 'client_secret={yourClientSecret}' \
--data 'audience=https://{yourDomain}/api/v2/'Get the Credentialssection. - The response will contain a signed JWT, an expiration time, the scopes granted, and the token type.
{
"access_token": "eyJ...Ggg",
"expires_in": 86400,
"scope": "read:clients create:clients read:client_keys",
"token_type": "Bearer"
}- Provide this access token to the Access Token field in the Configuration of this input.
Configuration
Settings
| Setting | Type | Required | Description |
|---|---|---|---|
| Base URL | string | true | Base URL for the Auth0 management console. For example - https://demo.us.auth0.com/ |
| Authentication Type | string | true | Authentication Type used by the input |
| Audience | string | true | Example - https://demo-dev.us.auth0.com/api/v2/ |
Secrets
| Secret | Type | Required | Description |
|---|---|---|---|
| Client ID | string | true | Auth0 application's Client ID. |
| Client Secret | string | true | Auth0 application's Client secret. |
| Access Token | string | true | Auth0 Management API Access Token. |
Sample Audit Log
{
"date": "2023-02-11T11:15:36.961Z",
"type": "test",
"description": "",
"connection_id": "",
"client_id": "abcd",
"client_name": "Test App",
"ip": "127.0.0.1",
"client_ip": "127.0.0.1",
"user_agent": "Test User Agent",
"hostname": "demo-dev.us.auth0.com",
"user_id": "",
"user_name": "",
"audience": "https://demo-dev.us.auth0.com/mock/",
"scope": "read",
"$event_schema": {
"version": "1.0"
},
"environment_name": "test-env",
"log_id": "12345",
"tenant_name": "demo-dev",
"_id": "12345",
"isMobile": false,
"location_info": {}
}