Event attributes

Every event carries a number of attributes that document various aspects of the event. The event attributes are structured in the following categories:

Event attributes	Description
Event object data	The core information provided by an event.
Event identification data	A unique identifier for the event.
Event source data	Information on the event producer.
Event metadata	Information about the request that caused the event to be triggered.

Event object data

Event object data are the core information provided by an event. All end-user notification events have in common that they provide the username concerned by the event as well as additional information depending on the concrete use case. This could for example be a device ID, when an Airlock 2FA device is activated, or the reason why a user has been locked.

A full list of all events including their event data is listed below:

Event	Description	Event Data
Event	Description	Attribute	Description	Example
Airlock 2FA Device Activated	User activated a new Airlock 2FA device	`event.data.userId`	Username concerned by the event	`jdoe`
		`event.data.airlock2FAAccountId`	User's Airlock 2FA account ID	`7adc0abe-4820-4ba8-b8ea-a3eaa2860eb6`
		`event.data.airlock2FADeviceId`	ID of activated Airlock 2FA device	`02286500-87c2-43da-9b32-d514a18500af`
Airlock 2FA Device Deleted	An Airlock 2FA device was deleted	`event.data.userId`	Username concerned by the event	`jdoe`
		`event.data.airlock2FAAccountId`	User's Airlock 2FA account ID	`7adc0abe-4820-4ba8-b8ea-a3eaa2860eb6`
		`event.data.airlock2FADeviceId`	ID of deleted Airlock 2FA device	`02286500-87c2-43da-9b32-d514a18500af`
Airlock 2FA Device In Cooldown Used	An Airlock 2FA device that is in cooldown was used for authentication or a transaction approval	`event.data.userId`	Username concerned by the event	`jdoe`
		`event.data.airlock2FAAccountId`	User's Airlock 2FA account ID	`7adc0abe-4820-4ba8-b8ea-a3eaa2860eb6`
		`event.data.airlock2FADeviceId`	ID of the Airlock 2FA device in cooldown	`02286500-87c2-43da-9b32-d514a18500af`
Authentication Flow Successfully Completed	User completed an authentication flow	`event.data.userId`	Username concerned by the event	`jdoe`
Authentication Flow Successfully Completed	User completed an authentication flow	`event.data.authenticationMethods`	List of authentication methods used during the authentication flow	`[PASSWORD, MTAN]`
Authentication Method Changed	The active authentication method of a user has changed	`event.data.activeAuthenticationMethod`	The currently active authentication method. This attribute has no value when the active authentication method was removed.	`AIRLOCK_2FA`
Authentication Method Changed	The active authentication method of a user has changed	`event.data.previousAuthenticationMethod`	The previous authentication method. This attribute has no value when the user did not have an active authentication method.	`PASSWORD`
Context Data Changed	Context data of a user has been changed	`event.data.userId`	Username concerned by the event	`jdoe`
		`event.data.contextDataChanged.<context-data-key>.oldValue`	Original value of the context data item	`Bridge Road`
		`event.data.contextDataChanged.<context-data-key>.newValue`	New value of the context data item	`Castle Road`
Cronto Device Activated	User activated a new Cronto device	`event.data.userId`	Username concerned by the event	`jdoe`
Cronto Device Activated	User activated a new Cronto device	`event.data.crontoDeviceId`	ID of activated Cronto device	`TCXCN`
Cronto Device Deleted	A Cronto device was deleted	`event.data.userId`	Username concerned by the event	`jdoe`
Cronto Device Deleted	A Cronto device was deleted	`event.data.crontoDeviceId`	ID of deleted Cronto device	`TCXCN`
Device Token Deleted	A device token was deleted	`event.data.userId`	Username concerned by the event	`jdoe`
Device Token Deleted	A device token was deleted	`event.data.deviceTokenId`	ID of the deleted device token	`1234`
Device Token Registered	A device token was registered	`event.data.deviceTokenId`	ID of the newly registered device token	`1234`
Email Address Added	An Email address was added to the account	`event.data.userId`	Username concerned by the event	`jdoe`
Email Address Added	An Email address was added to the account	`event.data.newEmailAddress`	Newly added email address	`test@example.com`
Email Address Changed	The email address of the account was changed	`event.data.userId`	Username concerned by the event	`jdoe`
		`event.data.oldEmailAddress`	Original value of the email address	`old@example.com`
		`event.data.newEmailAddress`	New value of the email address	`new@example.com`
Email Address Deleted	The email address of the account was removed	`event.data.userId`	Username concerned by the event	`jdoe`
Email Address Deleted	The email address of the account was removed	`event.data.oldEmailAddress`	Deleted email address	`test@example.com`
FIDO Credential Deleted	FIDO credential was deleted	`event.data.userId`	Username concerned by the event	`jdoe`
FIDO Credential Deleted	FIDO credential was deleted	`event.data.fidoCredentialId`	Internal identifier of deleted FIDO credential	`87e82979-a85b-42bb-8cb2-2c3c029fd3d7`
FIDO Credential Registered	User registered a new FIDO security key	`event.data.userId`	Username concerned by the event	`jdoe`
		`event.data.fidoRelyingPartyId`	Configured identifier of the relying party	`virtinc.com`
		`event.data.fidoPublicKeyCredentialId`	Binary data (Base64url encoded) provided by the FIDO authenticator during registration	`crnfqvenr5vvNKBn9m`[...]
Generic Step Result	This event is created by every step in the Loginapp	`event.data.stepResult.type`	Step result type	one of `SUCCESS, STAY, SKIP, GOTO, FAIL, FAIL_RETRY, FAIL_GOTO, INTERNAL_ERROR, SUBFLOW_SELECTED`
		`event.data.stepResult.nextAction`	Next step action code (if present)	`PASSWORD_REQUIRED`
		`event.data.stepResult.errorCode`	Step error code (if present)	`USER_NOT_FOUND`
		`event.data.stepResult.attributes`	Map of additional attributes. The map is of the type “String => Object”.	`{phoneNumber`}
Logged in from new Device	A user logged in from a previously unknown browser or device.	`event.data.userId`	Username concerned by the event	`jdoe`
		`event.data.browser`	Short name used of the browser	`Safari`
		`event.data.operatingSystem`	Short name of the operating system	`Mac OS X`
		`event.data.device`	Short name of the device.	`Mac`
		`event.data.countryCode`	Code of the country (if geo location available)	`CH`
		`event.data.city`	Name of the city (if geo location available)	`Bern`
MTAN Token Deleted	Mobile phone number was deleted	`event.data.userId`	Username concerned by the event	`jdoe`
		`event.data.mtanNumberId`	Identifier of the mobile phone number to be deleted	`1`
		`event.data.mtanOldPhoneNumber`	The phone number to be deleted	`0791111111`
MTAN Token Phone Number Changed	Mobile phone number was changed	`event.data.userId`	Username concerned by the event	`jdoe`
		`event.data.mtanNumberId`	Identifier for the registered mobile phone number	`1`
		`event.data.mtanOldPhoneNumber`	previously registered modile phone number	`0791111111`
		`event.data.mtanNewPhoneNumber`	newly registered mobile phone number	`0792222222`
MTAN Token Registered	User registered a new mobile phone number	`event.data.userId`	Username concerned by the event	`jdoe`
		`event.data.mtanNumberId`	Identifier for the registered mobile phone number	`1`
		`event.data.mtanNewPhoneNumber`	The phone number to be registered	`0791111111`
OATH OTP Secret Added	A new OATH OTP secret was created for a specific user. If the user already has an OATH OTP secret, it is replaced by the new secret. Existing authenticator apps of the user based on the “old” secret can no longer be used.	`event.data.userId`	Username concerned by the event	`jdoe`
OATH OTP Secret Viewed	The existing OATH OTP secret of a specific user was shown/exposed by the Loginapp, allowing the user to activate a new authenticator app. The user can continue using already existing authenticator apps.	`event.data.userId`	Username concerned by the event	`jdoe`
Password Changed	User changes his or her password	`event.data.userId`	Username concerned by the event	`jdoe`
User Created	New user was created	`event.data.userId`	Username concerned by the event.	`jdoe`
User Deleted	User was deleted	`event.data.userId`	Username concerned by the event.	`jdoe`
User Locked	User account was locked	`event.data.userId`	Username concerned by the event.	`jdoe`
User Locked	User account was locked	`event.data.lockReason`	Reason why the user's account was locked.	`TOO_MANY_LOGIN_FAILED`
User Roles Changed	There was a change in the roles of the user	`event.data.userId`	Name of the user whose roles were changed	`jdoe`
		`event.data.oldRoles`	The old roles of the user (before the change)	`[customer, employee]`
		`event.data.newRoles`	All the roles of the user after the change	`[employee]`
		`event.data.addedRoles`	The role(s) added to the user during the change	`[]`
		`event.data.removedRoles`	The role(s) removed from the user during the change	`[customer]`
User Unlocked	User account was unlocked	`event.data.userId`	Username concerned by the event	`jdoe`

Event identification data

Every event provides information to identify a concrete instance uniquely.

Event identification data
Attribute	Description	Example
`event.id`	Identifier which uniquely identifies this event.	`b0207ba5-baab-4adf-9c57-6cd29f715dff`
`event.createdAt`	The instant when the event was created.	`2021-03-18 11:43`

Event source data

Every event provides information about the source creating this particular instance. Depending on where the event originated from (e.g., Adminapp or Authentication Flow in the Loginapp), different information may be provided that we list below.

Note that every instance of an event has exactly one source.

Event source data
Source	Attribute	Description	Example
Adminapp	`event.source.adminId`	Name of the administrator who produced the event	`admin`
Authentication Flow	`event.source.configurationContext`	The configuration context in which this event was produced	`[DEFAULT]`
	`event.source.applicationId`	Configured application ID for this authentication flow	`demo`
	`event.source.flowId`	ID of this authentication flow. For non-custom authentication flows, the value is always `default`.	`default`
Non-Authentication Flow (e.g., Protected Self-Service Flow)	`event.source.configurationContext`	The configuration context in which this event was produced	`[DEFAULT]`
Non-Authentication Flow (e.g., Protected Self-Service Flow)	`event.source.flowId`	Configured identifier of this flow	`password-change`
Authentication Flow Step	`event.source.configurationContext`	The configuration context in which this event was produced	`[DEFAULT]`
	`event.source.applicationId`	Configured application ID for this authentication flow	`demo`
	`event.source.flowId`	ID of this authentication flow. For non-custom authentication flows, the value is always `default`.	`default`
	`event.source.stepId`	Identifier for this step if configured	`pwcheck`
Non-Authentication Flow Step	`event.source.configurationContext`	The configuration context in which this event was produced	`[DEFAULT]`
	`event.source.flowId`	Configured identifier of this flow	`password-change`
	`event.source.stepId`	Identifier for this step if configured	`pwchange`

Event metadata

Every event provides information about the request leading to its creation.

Event Metadata
Attribute	Description	Example
`event.metadata.userAgent`	Raw value of the User-Agent request header	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0`
`event.metadata.requestIp`	IP address of the request	`192.168.0.1`