Documentation Index Fetch the complete documentation index at: https://docs-staging.auth0-mintlify.app/llms.txt
Use this file to discover all available pages before exploring further.
The event object for the pre-user-registration Actions trigger provides contextual information about the trigger execution.
event.authenticationDetails about authentication obtained during the pre user registration flow. Hide authentication properties
Details about risk assessments information for different flows. Hide riskAssessment properties
Supplemental signals sent from third party providers to assist in risk assessments. Show supplemental properties
[Limited Early Access] Supplemental risk assessment. This is available only if Akamai Account Protector is enabled and Akamai forwards the headers for the transaction. The bot detection results as forwarded by Akamai Bot Manager. Show akamaiBot properties
The type of the Akamai bot manager results.
The action of the Akamai bot manager results.
The bot category of the Akamai bot manager results.
The bot score of the Akamai bot manager results.
The bot score response segment of the Akamai bot manager results.
The botnet ID of the Akamai bot manager results.
The user risk detection results as forwarded by Akamai Account Protector. Show akamaiUserRisk properties
The action of the Akamai user risk assessment.
The allowed status of the Akamai user risk assessment.
The email domain of the user.
The general risk of the Akamai user risk assessment.
The request ID of the user.
The risk of the Akamai user risk assessment.
The score of the Akamai user risk assessment.
The status of the Akamai user risk assessment.
The trust of the Akamai user risk assessment.
The username of the user.
The UUID of the Akamai user risk assessment.
event.clientInformation about the Client with which this transaction was initiated. The client id of the application the user is logging in to.
An object for holding other application properties.
The name of the application (as defined in the Dashboard).
event.connectionDetails about the Connection that was used to register the user. Hide connection properties
The connection’s unique identifier.
Metadata associated with the connection.
The name of the connection used to authenticate the user (such as twitter or some-g-suite-domain).
The type of connection. For social connections, event.connection.strategy === event.connection.name. For enterprise connections, the strategy is waad (Windows Azure AD), ad (Active Directory/LDAP), auth0 (database connections), and so on.
event.custom_domainDetails about the custom domain associated with the current transaction. Hide custom_domain properties
Custom domain metadata as key-value pairs.
event.requestDetails about the request that initiated the transaction. The body of the POST request. This data will only be available during refresh token, Client Credential Exchange flows and PreUserRegistration Action.
The hostname that is being used for the authentication flow.
The originating IP address of the request.
The language requested by the browser.
The HTTP method used for the request
The value of the User-Agent header received when initiating the transaction.
event.secretsSecret values securely associated with this Action.
event.security_contextAn object containing fingerprint signatures. This will be available only if the client is using cloudflare. The JA3/JA4 fingerprint can be null or empty in some cases. The most common case is for HTTP requests because JA3 and JA4 are calculated in TLS. It can also be empty due to the Worker sending requests within the same zone or to a zone that is not proxied (or a third party). Hide security_context properties
JA3 fingerprint signature. This will be available only if the client is using a TLS connection.
JA4 fingerprint signature. This will be available only if the client is using a TLS connection.
event.tenantDetails about the Tenant associated with the current transaction. event.transactionDetails about the current transaction. Hide transaction properties
Any acr_values provided in the original authentication request.
The locale to be used for this transaction as determined by comparing the browser’s requested languages to the tenant’s language settings.
Hint to the Authorization Server about the login identifier the End-User might use to log in (if necessary).
List of instructions indicating whether the user may be prompted for re-authentication and consent.
Possible values:
oidc-basic-profileoidc-cibaoidc-ciba-web-linkoidc-implicit-profileoauth2-device-codeoauth2-resource-owneroauth2-resource-owner-jwt-beareroauth2-passwordoauth2-webauthnoauth2-access-tokenoauth2-refresh-tokenoauth2-token-exchangeoidc-hybrid-profilesamlpwsfedwstrust-usernamemixed The URL to which Auth0 will redirect the browser after the transaction is completed.
The scopes requested (if any) when starting this authentication flow.
Informs the Authorization Server of the mechanism to be used for returning parameters from the Authorization Endpoint. Allowed values: query, fragment, form_post, web_message
Denotes the kind of credential that Auth0 will return.
An opaque arbitrary alphanumeric string your app adds to the initial request that Auth0 includes when redirecting back to your application.
The ui_locales provided in the original authentication request.
Correlation ID can be provided in the initial authentication request when the application redirects to Universal Login. You can use value to correlate logs and requests from your Action code with the user flow.
event.userAn object describing the user who is attempting to register. Custom fields that store info about a user that influences the user’s access, such as support plan, security roles, or access control groups.
(unique) User’s email address.
Custom fields that store info about a user that does not impact what they can or cannot access, such as work address, home address, or user preferences.
(unique) User’s username.
