Auth0 Log Events - Streaming
Sync Type: Incremental
Overview
This input complements the existing Auth0 Input by providing an alternative real-time log streaming approach instead of polling the Auth0 Management API.
Key Differences from Auth0 Input
| Auth0 Input (Existing) | Auth0 Log Stream Input (This) |
|---|---|
| 🔄 Polls Management API | 📡 Receives real-time HTTP posts |
| 📚 Historical log retrieval | ⚡ Live log events as they occur |
| 🚫 Subject to API rate limits | ✅ No API rate limit concerns |
Prerequisites
- An account Auth0 portal.
- A Machine-to-Machine type application created on Auth0 portal. Click here to see the steps required to create one.
Permissions
- On the left navigation bar click on Applications under Applications menu, it will open up the Application's page.
- Click on APIs tab. Expand the Auth0 Management API option by clicking arrow icon located on extreme right.
- In the permissions section, search and select the following permissions -
- read:log_streams
- create:log_streams
- delete:log_streams
- update:log_streams
Input Mode
This input operates in one of the below two modes -
- Manual - In this mode you will be configuring everything, from creating Auth0 Log Stream to Monad's Platform API Key. This Input will just read the data that will be posted to Monad's HTTP Input.
- Automatic - Just provide all the credentials listed in the configuration table, input will handle everything and provide the data.
Authentication
The following authentication options are supported by this input:
| Authentication Method | Documentation |
|---|---|
| Client ID and Client Secret (confidential applications) | API Token Authentication |
| OAuth2 access tokens | OAuth access token authentication |
Get the credentials
- On the left navigation bar click on Applications under Applications menu, it will open up the Application's page.
- Copy the Client ID.
- Head over to Settings tab and copy the Domain value.
- Head over to Credentials tab and copy the Client Secret value.
Generate Management API Access Token (If using OAuth2 Access Token Authentication)
- To ask Auth0 for a Management API v2 token, perform a POST operation to the
https://{yourDomain}/oauth/tokenendpoint, using the credentials of the Machine-to-Machine Application you created in the prerequisite step. - The payload should be in the following format -
Replace yourDomain, yourClientId and yourClientSecret with the credentials collected in
curl --request POST \
--url 'https://{yourDomain}/oauth/token' \
--header 'content-type: application/x-www-form-urlencoded' \
--data grant_type=client_credentials \
--data 'client_id={yourClientId}' \
--data 'client_secret={yourClientSecret}' \
--data 'audience=https://{yourDomain}/api/v2/'Get the Credentialssection. - The response will contain a signed JWT, an expiration time, the scopes granted, and the token type.
{
"access_token": "eyJ...Ggg",
"expires_in": 86400,
"scope": "read:clients create:clients read:client_keys",
"token_type": "Bearer"
}- Provide this access token to the Access Token field in the Configuration of this input.
Extra configuration - Manual Mode
Create Monad API Key
- On the left navigation bar in Settings sections, click on API keys.
- On API keys page, click on Create new API key button on right.
- Fill out the required fields, Name is required. Click on Create.
- After clicking on create the API Key value will be visible, copy and store this value immediately as this won't be visible after closing the window.
Create Auth0 Log Stream
-
On the left navigation bar click on Log Streams under Monitoring menu, it will open up a Log Streams page.
-
Click on the "Create Log Stream" button on right.
-
There will be a page having different options to choose from, select "Custom Webhook".
-
Enter the name of the Log Stream and click "Create".
-
Copy and paste the below command in your terminal, replace the MONAD_API_KEY and the PIPELINE_ID with their repective values -
curl -L -g 'https://{tenantDomain}/api/v2/log-streams' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-d '{
"name": "Auth0 Test Log Stream",
"type": "http",
"sink": {
"httpEndpoint": "https://app.monad.com/api/v2/http/send/{PIPELINE_ID}",
"httpContentType": "application/json",
"httpContentFormat": "JSONLINES",
"httpAuthorization": "",
"httpCustomHeaders": [
{
"header": "x-api-key",
"value": "{MONAD_API_KEY}"
}
]
}
}'
-
Expected response -
{
"id": "id-01",
"name": "Auth0 Test Log Stream",
"type": "http",
"sink": {
"httpEndpoint": "https://app.monad.com/api/v2/http/send/{PIPELINE_ID}",
"httpContentType": "application/json",
"httpContentFormat": "JSONLINES",
"httpAuthorization": "",
"httpCustomHeaders": [
{
"header": "x-api-key",
"value": "{MONAD_API_KEY}"
}
]
}
}
Configuration
Settings
| Setting | Type | Required | Description |
|---|---|---|---|
| Base URL | string | false | Base URL for the Auth0 management console. For example - https://demo.us.auth0.com/ |
| Authentication Type | string | false | Authentication Type used by the input |
| Audience | string | false | Example - https://demo-dev.us.auth0.com/api/v2/ |
| Input Mode | string | true | Mode in which this input will operate. |
Secrets
| Secret | Type | Required | Description |
|---|---|---|---|
| Client ID | string | true if input mode is set to Automatic | Auth0 application's Client ID. |
| Client Secret | string | true if input mode is set to Automatic | Auth0 application's Client secret. |
| Access Token | string | true if input mode is set to Automatic | Auth0 Management API Access Token. |
| Monad API Key | string | true if input mode is set to Automatic | API key to access Monad's platform API |
Sample Audit Log
{
"date": "2023-02-11T11:15:36.961Z",
"type": "test",
"description": "",
"connection_id": "",
"client_id": "abcd",
"client_name": "Test App",
"ip": "127.0.0.1",
"client_ip": "127.0.0.1",
"user_agent": "Test User Agent",
"hostname": "demo-dev.us.auth0.com",
"user_id": "",
"user_name": "",
"audience": "https://demo-dev.us.auth0.com/mock/",
"scope": "read",
"$event_schema": {
"version": "1.0"
},
"environment_name": "test-env",
"log_id": "12345",
"tenant_name": "demo-dev",
"_id": "12345",
"isMobile": false,
"location_info": {}
}