# Auth0 Log Events **Sync Type: Incremental** ## Overview This source connector fetches log event entries from the Auth0 Management API. Auth0 log events capture critical security and operational data including: - User authentication attempts (successful logins, failed attempts, password resets). - API access patterns and authorization decisions. - Administrative actions performed in your Auth0 dashboard. - System events and configuration changes. - Security incidents such as blocked IPs or suspicious activities. ## Prerequisites 1. An account Auth0 portal. 2. A Machine-to-Machine type application created on Auth0 portal. Click [here](https://auth0.com/docs/get-started/auth0-overview/create-applications/machine-to-machine-apps) to see the steps required to create one. ## Limitations 1. This input is restricted by [rate limits](https://auth0.com/docs/troubleshoot/customer-support/operational-policies/rate-limit-policy). ## Permissions 1. On the left navigation bar click on Applications under Applications menu, it will open up the Application's page. 2. Click on APIs tab. Expand the **Auth0 Management API** option by clicking arrow icon located on extreme right. 3. In the permissions section, search and select the following permissions - - read:logs ## Authentication The following authentication options are supported by this input: | Authentication Method | Documentation |--------------------------------------------------------|-------------------------------------------------------------------------------| | Client ID and Client Secret (confidential applications)| [API Token Authentication](https://auth0.com/docs/secure/tokens/access-tokens)| | OAuth2 access tokens | [OAuth access token authentication](https://auth0.com/docs/secure/application-credentials#client-secret-authentication) | ## Get the credentials 1. On the left navigation bar click on Applications under Applications menu, it will open up the Application's page. 2. Copy the **Client ID**. 3. Head over to Settings tab and copy the **Domain** value. 4. Head over to Credentials tab and copy the **Client Secret** value. ### Generate Management API Access Token (If using OAuth2 Access Token Authentication) 1. To ask Auth0 for a Management API v2 token, perform a POST operation to the `https://{yourDomain}/oauth/token` endpoint, using the credentials of the Machine-to-Machine Application you created in the prerequisite step. 2. The payload should be in the following format - ``` curl --request POST \ --url 'https://{yourDomain}/oauth/token' \ --header 'content-type: application/x-www-form-urlencoded' \ --data grant_type=client_credentials \ --data 'client_id={yourClientId}' \ --data 'client_secret={yourClientSecret}' \ --data 'audience=https://{yourDomain}/api/v2/' ``` Replace **yourDomain**, **yourClientId** and **yourClientSecret** with the credentials collected in `Get the Credentials` section. 3. The response will contain a signed JWT, an expiration time, the scopes granted, and the token type. ``` { "access_token": "eyJ...Ggg", "expires_in": 86400, "scope": "read:clients create:clients read:client_keys", "token_type": "Bearer" } ``` - **Provide this access token to the Access Token field in the Configuration of this input.** ## Configuration ### Settings | Setting | Type | Required | Description | |---------------------|--------|----------|-------------------------------------------------------------------------------------| | Base URL | string | true | Base URL for the Auth0 management console. For example - https://demo.us.auth0.com/ | | Authentication Type | string | true | Authentication Type used by the input | | Audience | string | true | Example - https://demo-dev.us.auth0.com/api/v2/ | | API Rate Limit | object | No | Optional limit on the connector's outbound request rate to the source API. Leave blank to use the connector's default behavior. See [API Rate Limiting](../../../guides/rate-limiting) for the field format, limits, and how to choose a value. | ### Secrets | Secret | Type | Required | Description | |--------------|--------|----------|------------------------------------| | Client ID | string | true | Auth0 application's Client ID. | | Client Secret| string | true | Auth0 application's Client secret. | | Access Token | string | true | Auth0 Management API Access Token. | ## Sample Audit Log ```json { "date": "2023-02-11T11:15:36.961Z", "type": "test", "description": "", "connection_id": "", "client_id": "abcd", "client_name": "Test App", "ip": "127.0.0.1", "client_ip": "127.0.0.1", "user_agent": "Test User Agent", "hostname": "demo-dev.us.auth0.com", "user_id": "", "user_name": "", "audience": "https://demo-dev.us.auth0.com/mock/", "scope": "read", "$event_schema": { "version": "1.0" }, "environment_name": "test-env", "log_id": "12345", "tenant_name": "demo-dev", "_id": "12345", "isMobile": false, "location_info": {} } ``` ## Related Articles - [Auth0 Log Events](https://auth0.com/docs/api/management/v2/logs/get-logs) - [Auth0 Management API](https://auth0.com/docs/api/management/v2)