Actions Triggers: post-login - Event Object

The event object for the post-login Actions trigger provides contextual information about a single user logging in via Auth0.

Property	Description
`event.authentication`	Details about authentication signals obtained during the login flow. Includes the following properties: `methods` Array of objects — Contains the authentication methods a user has completed during their session. Array elements: One of the following object schemas: An object with the following properties: `name` String — The name of the first factor that was completed. Values include: `“federated”` — A social or enterprise connection was used to authenticate the user as the first factor. `”pwd”` — A password was used to authenticate a database connection user as the first factor. `”passkey”` — A passkey was used to authenticate a database connection user as the first factor. `”sms”` — Passwordless SMS used to authenticate the user as the first factor. `”email”` — Passwordless Email used as the first factor or to verify email for password reset. `”phone_number”` — A phone number was used for password reset. `”mock”` — Used for internal testing. `string` — A custom authentication method denoted by a URL (as second or later factor). `timestamp` String An object with the following properties: `name` The value “mfa” — The user completed multi-factor authentication (second or later factors). `timestamp` String `riskAssessment` Optional object — Details about risk assessments obtained during the login or password reset flow. Includes the following properties: `assessments` Object — Includes the following properties: `ImpossibleTravel` Optional object — Determines if the user is logging in from a location signaling impossible travel. Includes the following properties: `code` String — Possible values include: `minimal_travel_from_last_login` `travel_from_last_login` `substantial_travel_from_last_login` `impossible_travel_from_last_login` `invalid_travel` `missing_geoip` `anonymous_proxy` `unknown_location` `initial_login` `location_history_not_found` `assessment_not_available` `confidence` String — Possible values include: `low` `medium` `high` `neutral` `NewDevice` Optional object — Determines if the user is logging in from a known device. Includes the following properties: `code` String — Possible values include: `match` `partial_match` `no_match` `initial_login` `unknown_device` `no_device_history` `assessment_not_available` `confidence` String — Possible values include: `low` `medium` `high` `neutral` `details` Optional object — Includes the following properties: `device` Optional string — Possible values include: `known` `unknown` `useragent` Optional string — Possible values include: `known` `unknown` `UntrustedIP` Optional object — Shows if the IP was found in Auth0’s repository of low reputation IPs. Includes the following properties: `code` String — Possible values include: `not_found_on_deny_list` `found_on_deny_list` `invalid_ip_address` `assessment_not_available` `confidence` String — Possible values include: `low` `medium` `high` `neutral` `details` Optional object — Includes the following properties: `category` Optional string `ip` Optional string — The originating IP address of the request. `matches` Optional string `source` Optional string `confidence` String — Overall risk score. Possible values include: `low` `medium` `high` `neutral` `external` Optional object — [Limited Early Access] External risk assessment. Includes the following properties: `akamai` Optional object — Includes: `akamaiBot` Optional object — The bot detection results as forwarded by Akamai Bot Manager. Includes the following properties: `action` Optional string — The action of the Akamai bot manager results. `botCategory` Optional array of strings — The bot category. `botScore` Optional number — The bot score. `botScoreResponseSegment` Optional string — The bot score response segment. `botnetId` Optional string — The botnet ID. `type` Optional string — The type. `akamaiUserRisk` Optional object — The user risk detection results as forwarded by Akamai Account Protector. Includes the following properties: `action` Optional string — The action. `allow` Optional number — The allowed status. `emailDomain` Optional string — The user’s email domain. `general` Optional string — General risk. `ouid` Optional string — The OUID. `requestid` Optional string — The request ID. `risk` Optional string — The risk. `score` Optional number — The score. `status` Optional number — The status. `trust` Optional string — The trust level. `username` Optional string — The username. `uuid` Optional string — The UUID. `supplemental` Optional object — [Limited Early Access] Supplemental risk assessment. Includes the following properties: `akamai` Optional object — Includes: `akamaiBot` Optional object — Bot detection (Akamai Bot Manager). Includes: `action` Optional string `botCategory` Optional array of strings `botScore` Optional number `botScoreResponseSegment` Optional string `botnetId` Optional string `type` Optional string `akamaiUserRisk` Optional object — User risk (Akamai Account Protector). Includes: `action` Optional string `allow` Optional number `emailDomain` Optional string `general` Optional string `ouid` Optional string `requestid` Optional string `risk` Optional string `score` Optional number `status` Optional number `trust` Optional string `username` Optional string `uuid` Optional string `version` String
`event.authorization`	An object containing information describing the authorization granted to the user who is logging in. Includes the following properties: `roles` Array of strings — An array containing the names of a user’s assigned roles.
`event.client`	Information about the Client with which this login transaction was initiated. Includes the following properties: `client_id` String — The client id of the application to which the user is logging in. `metadata` Dictionary — An object for holding other application properties. Keys are String; values are one of: String `name` String — The name of the application (as defined in the Dashboard). `refresh_token` Optional object — [Private Early Access] An object for holding refresh token configuration properties. Includes the following properties: `policies` Optional array of objects — [Private Early Access] Policies for multi-resource refresh token exchange (MRRT). Elements include: `audience` Optional string — Resource server (audience) to which this MRRT policy applies. `scope` Optional array of strings — Scopes of access authorized for the audience.
`event.connection`	Details about the Connection that was used to authenticate the user. Includes: `id` String — The connection’s unique identifier. `metadata` Optional dictionary — Metadata associated with the connection. Keys are String; values are one of: String `name` String — The name of the connection used to authenticate the user (e.g., `twitter`, `some-g-suite-domain`). `strategy` String — The type of connection. For social connections, `event.connection.strategy === event.connection.name`. For enterprise connections, examples: `waad` (Azure AD), `ad` (AD/LDAP), `auth0` (database), etc.
`event.organization`	Details about the Organization associated with the current transaction. Includes: `display_name` String — The friendly name of the Organization. `id` String — The Organization identifier. `metadata` Dictionary — Metadata associated with the Organization. Keys are String; values are one of: String `name` String — The name of the Organization.
`event.prompt`	Collected data from rendered custom prompts. Includes: `fields` Optional string — Fields and hidden fields data. `id` String — The prompt ID. `vars` Optional string — Shared variables data.
`event.refresh_token`	[Enterprise Customers] The current refresh token. Includes: `client_id` Optional string — The ID of the client associated with the refresh token. `created_at` String — Timestamp when the refresh token was created. `device` Optional object — Includes: `initial_asn` Optional string — First ASN associated with this refresh token. `initial_ip` Optional string — First IP address associated with this refresh token. `initial_user_agent` Optional string — First user agent of the device. `last_asn` Optional string — Last ASN from which this token was exchanged. `last_ip` Optional string — Last IP address from which this token was exchanged. `last_user_agent` Optional string — Last user agent of the device. `expires_at` Optional string — Absolute expiry timestamp. `id` String — The refresh token ID. `idle_expires_at` Optional string — Idle expiry timestamp. `last_exchanged_at` Optional string — Timestamp of last successful exchange. `resource_servers` Optional array of objects — Elements include: `audience` String — The audience of the refresh token. `scopes` String — Scopes of the refresh token. `rotating` Optional boolean — Whether it is a rotating refresh token. `session_id` Optional string — Session ID bound to the refresh token. `session_transfer` Optional object — [Private Early Access] Defined when the session is created from a session transfer token (Native to Web SSO). Includes: `parent_refresh_token` Optional object — Defined when the refresh token is created from a session initiated via session transfer. Includes: `id` Optional string — The ID of the parent refresh token. `user_id` Optional string — ID of the user bound to the refresh token.
`event.request`	Details about the request that initiated the transaction. Includes: `asn` Optional string — ASN of the user-agent making the request. `body` String — Body of the POST request (available in refresh token, Client Credential Exchange, Post Login Action). `geoip` Object — Includes: `cityName` Optional string `continentCode` Optional string `countryCode` Optional string `countryCode3` Optional string `countryName` Optional string `latitude` Optional number `longitude` Optional number `subdivisionCode` Optional string `subdivisionName` Optional string `timeZone` Optional string `hostname` Optional string — Hostname used for the authentication flow. `ip` String — Originating IP address. `language` Optional string — Language requested by the browser. `method` String — HTTP method. `query` String — Query string parameters sent to the authorization request. `user_agent` Optional string — Value of the `User-Agent` header.
`event.resource_server`	Details about the resource server to which access is being requested. Includes: `identifier` String — Identifier of the resource server (e.g., `https://your-api.example.com`).
`event.security_context`	An object containing fingerprint signatures. Available only when traffic is handled through the Auth0 Edge (default Auth0-managed proxy layer); may be missing in other routing scenarios. Includes: `ja3` Optional string — JA3 fingerprint signature (TLS only). `ja4` Optional string — JA4 fingerprint signature (TLS only).
`event.session`	The current login session. Includes: `authenticated_at` Optional string — [Enterprise Customers] Last authenticated time. `clients` Optional array of objects — [Enterprise Customers] List of client details for the session. Elements include: `client_id` String — ID of the client for the session. `created_at` Optional string — [Enterprise Customers] When the session was created. `device` Optional object — [Enterprise Customers] Device metadata. Includes: `initial_asn` Optional string `initial_ip` Optional string `initial_user_agent` Optional string `last_asn` Optional string `last_ip` Optional string `last_user_agent` Optional string `expires_at` Optional string — [Enterprise Customers] Expiry time. `id` String — Session ID. `idle_expires_at` Optional string — [Enterprise Customers] Idle expiry time. `last_interacted_at` Optional string — [Enterprise Customers] Last interaction time. `session_transfer` Optional object — [Private Early Access] Defined when the session is created from a session transfer token (Native to Web SSO). Includes: `parent_refresh_token` Optional object — Defined when the refresh token is created via session transfer. Includes: `id` Optional string — Parent refresh token ID. `updated_at` Optional string — [Enterprise Customers] Last update time. `user_id` Optional string — [Enterprise Customers] User ID.
`event.session_transfer_token`	[Private Early Access] Details of the current session transfer token used to establish SSO from a native app to a web app. Includes: `client_id` String — Client identifier of the application that issued the token. `request` Object — Details about the request that issued the token. Includes: `asn` Optional string — ASN associated with the issuing request. `geoip` Optional object — Includes: `cityName` Optional string `continentCode` Optional string `countryCode` Optional string `countryCode3` Optional string `countryName` Optional string `latitude` Optional number `longitude` Optional number `subdivisionCode` Optional string `subdivisionName` Optional string `timeZone` Optional string `ip` String — IP address associated with the issuing request. `user_agent` Optional string — User-Agent of the device that issued the token. `scope` Array of strings — Scopes requested when the token was issued.
`event.stats`	Login statistics for the current user. Includes: `logins_count` Number — Number of times the user has logged in.
`event.tenant`	Details about the Tenant associated with the current transaction. Includes: `id` String — The name of the tenant.
`event.transaction`	Details about the current transaction. Includes: `acr_values` Optional array of strings — Any `acr_values` provided in the original authentication request. `id` Optional string — Unique identifier for the transaction (browser-based flows). `linking_id` Optional string — Dynamic Linking ID to reference this transaction. `locale` Optional string — Locale chosen for this transaction. `login_hint` Optional string — Hint about the login identifier the end user might use. `metadata` Dictionary — [Limited Early Access] Shared data across custom Actions for the duration of a transaction. Keys are String; values are one of: String, Number, Boolean `prompt` Optional array of strings — Instructions for whether the user may be prompted for re-auth and consent. `protocol` Optional string — Possible values include: `oidc-basic-profile` — Most used, web-based login. `oidc-ciba` — Client-Initiated Backchannel Authentication. `oauth2-token-exchange` — Exchanging an assertion for an Auth0-issued token. `oidc-hybrid-profile` — Hybrid profile (ID token immediate + secure retrieval of access/refresh tokens). `samlp` — SAML protocol for SaaS apps. `wsfed` — WS-Federation (e.g., Office365). `wstrust-usernamemixed` — WS-Trust user/password (CRM/Office365). `oidc-implicit-profile` — Mobile and SPAs. `oauth2-device-code` — Device Authorization Flow. `oauth2-resource-owner` — User/password login on database connections. `oauth2-resource-owner-jwt-bearer` — Login using a bearer JWT. `oauth2-password` — Password exchange. `oauth2-webauthn` — WebAuthn exchange. `oauth2-access-token` — @deprecated Getting a token with a Social Provider’s access token (see docs). `oauth2-refresh-token` — Refreshing a token using the refresh token exchange. `redirect_uri` Optional string — Where Auth0 redirects after completion. `requested_authorization_details` Optional array of objects — Rich Authorization Requests Section 2. Elements include: `type` String — Type of authorization details. `requested_scopes` Optional array of strings — Scopes requested. `response_mode` Optional string — Mechanism for returning parameters from the Authorization Endpoint. Possible values: `query` `fragment` `form_post` `web_message` `response_type` Optional array of strings — Possible values: `code` `token` `id_token` `state` Optional string — Opaque string echoed back after redirect. `ui_locales` Optional array of strings — `ui_locales` from the original request.
`event.user`	An object describing the user on whose behalf the current transaction was initiated. Includes: `app_metadata` String — Custom fields that impact access (e.g., plan, roles, groups). `created_at` String — When the profile was created. `email` Optional string — (unique) Email address. `email_verified` Boolean — Whether the email is verified. `enrolledFactors` Optional array of objects — Authentication factors the user has enrolled. Array elements: Object describing an enrolled factor type and options. Includes: `options` Optional string — Additional options for the enrolled factor. `type` String — Factor type (e.g., `push-notification`, `phone`, `email`, `otp`, `webauthn-roaming`, `webauthn-platform`). `family_name` Optional string — Family name. `given_name` Optional string — Given name. `identities` Array of objects — Info from identity providers used by the user (including linked profiles). Elements include: `connection` Optional string — Name of the Auth0 connection. `isSocial` Optional boolean — Whether the connection is social. `profileData` Optional dictionary — User information associated with the connection (secondary accounts when linked). Keys are String; values are one of: String `provider` Optional string — Provider name (e.g., Facebook, Google, SAML). `user_id` Optional string — Unique identifier for this connection/provider. `last_password_reset` Optional string — Last time the user’s password was changed (Database connections only). `multifactor` Optional array of strings — MFA providers with which the user is enrolled. `name` Optional string — Full name. `nickname` Optional string — Nickname. `phone_number` Optional string — Phone number. `phone_verified` Optional boolean — Whether the phone number is verified. `picture` Optional string — URL to the user’s profile picture. `updated_at` String — When the profile was last updated. `user_id` String — (unique) User ID. `user_metadata` String — Custom fields that do not impact access (e.g., addresses, preferences). `username` Optional string — (unique) Username.

Actions Triggers: post-login - API Object