User Login Failed

User Login Failed

This event has been available since 1.6.0

This event is generated when a user login request fails due to invalid credentials. It is not generated when a login attempt is made and the user doesn't exist.

Event type
user.login.failed

Event Scope

Prior to version 1.37.0 this was a tenant or application scoped event. It can be sent to all applications or to one or more specified applications.

The ability to limit the generation of an event for only certain applications is legacy functionality and is removed as of version 1.37.0. In earlier versions, you almost certainly want to enable this event at the tenant level and optionally filter on the tenantId when consuming the event.

In version 1.37.0 and later this is a tenant scoped event. It can be sent to all tenants or to one or more specified tenants. Those tenants will only be sent events related to their tenant. You can optionally also filter on the applicationId when consuming the event.

Transaction Compatibility

This event is transactional. The final state of the operation which caused the webhook is not persisted to FusionAuth until after the webhook finishes; learn more

Event Body

event.applicationIdUUID

The unique Id of the Application for which the user has requested login. If the login request omits the applicationId or the user is not registered for the requested applicationId this value will not be returned in the event.

event.authenticationTypeString

The type of authentication used in the login request. The possible values are:

  • APPLE - The User was authenticated using Apple. Available since 1.17.0
  • APPLICATION_TOKEN - The User was authenticated using an Application Authentication Token.
  • EpicGames -The User was authenticated using Epic Games. Available since 1.28.0
  • FACEBOOK - The User was authenticated using Facebook.
  • FEDERATED_JWT - The User was authenticated using a JWT from an external Identity Provider.
  • GENERIC_CONNECTOR - The user was authenticated using a generic connector. Available since 1.18.0
  • GOOGLE - The User was authenticated using Google.
  • HYPR - The User was authenticated using the HYPR provider. Available since 1.12.0
  • JWT_SSO - A valid JWT authorized to one Application was exchanged for another JWT authorized to a different Application.
  • LDAP_CONNECTOR - The user was authenticated using an LDAP connector. Available since 1.18.0
  • LINKEDIN - The user was authenticated using LinkedIn. Available since 1.23.0
  • Nintendo - The User was authenticated using Nintendo. Available since 1.36.0
  • ONE_TIME_PASSWORD The User was authenticated using a one time password.
  • OPENID_CONNECT - The User was authenticated using an external OpenID Connect provider.
  • PASSWORD - The User was authenticated using a loginId and password combination.
  • PASSWORDLESS - The user was authenticated using a passwordless login link.
  • PING - The user was authenticated using a PUT request on the Login API. This is used to record a login event without prompting for credentials, such as when the FusionAuth SSO session is used.
  • REFRESH_TOKEN - The User requested a new JWT using a Refresh Token.
  • REGISTRATION - The user was created using the Registration API. Available since 1.16.0
  • SAMLv2 - The User was authenticated using an external SAMLv2 provider.
  • SAMLv2IdpInitiated - The User was authenticated using an external SAMLv2 provider using an IdP Initiated login. Available since 1.28.0
  • SonyPSN - The User was authenticated using Sony Available since 1.28.0
  • Steam - The User was authenticated using Steam Available since 1.28.0
  • TWITTER - The User was authenticated using Twitter.
  • Twitch - The User was authenticated using Twitch Available since 1.28.0
  • USER_CREATE - The user was created using the User API. Available since 1.16.0
  • Xbox - The User was authenticated using Xbox Available since 1.28.0
event.createInstantLong

The instant that the event was generated.

event.idUUID

The unique Id of the event. You may receive an event more than once based upon your transaction settings. This Id may be used to identify a duplicate event.

event.ipAddressStringDEPRECATED

The ip address provided in the login request.

Moved to event.info in 1.30.0

event.info.dataObjectAvailable since 1.30.0

An object that can hold any information about the event that should be persisted.

event.info.deviceDescriptionStringAvailable since 1.30.0

The description of the device associated with the event.

event.info.deviceNameStringAvailable since 1.30.0

The device name associated with the event.

event.info.deviceTypeStringAvailable since 1.30.0

The type of device associated with the event.

event.info.ipAddressStringAvailable since 1.27.0

The source IP address of the event.

event.info.location.cityStringAvailable since 1.30.0

The city where the event originated.

Note: An Enterprise plan is required to utilize event location data.

event.info.location.countryStringAvailable since 1.30.0

The country where the event originated.

Note: An Enterprise plan is required to utilize event location data.

event.info.location.latitudeDoubleAvailable since 1.30.0

The latitude where the event originated.

Note: An Enterprise plan is required to utilize event location data.

event.info.location.longitudeDoubleAvailable since 1.30.0

The longitude where the event originated.

Note: An Enterprise plan is required to utilize event location data.

event.info.location.regionStringAvailable since 1.30.0

The geographic location where the event originated.

Note: An Enterprise plan is required to utilize event location data.

event.info.location.zipcodeStringAvailable since 1.30.0

The zip code where the event originated.

Note: An Enterprise plan is required to utilize event location data.

event.info.osStringAvailable since 1.30.0

The operating system associated with the event.

event.info.userAgentStringAvailable since 1.30.0

The user agent associated with the event.

event.reasonObjectAvailable since 1.53.0

An object containing data on the reason the login failed.

event.reason.codeStringAvailable since 1.53.0

The cause of the event. The possible values are:

  • credentials
  • lambdaValidation
event.reason.lambdaIdUUIDAvailable since 1.53.0

This is the unique Id of the lambda that caused the login to fail.

This field is only present if reason.code is lambdaValidation.

event.reason.lambdaResultErrorsAvailable since 1.53.0

The Errors object returned by the lambda function which caused the login to fail.

This field is only present if reason.code is lambdaValidation.

event.tenantIdUUIDAvailable since 1.8.0

The unique tenant identifier. This value may not be returned if not applicable.

event.typeString

The event type, this value will always be user.login.failed.

event.userObject

The user that failed the login request. See the Users API for property definitions and example JSON.

Example Event JSON

{
  "event": {
    "applicationId": "10000000-0000-0002-0000-000000000001",
    "authenticationType": "PASSWORD",
    "createInstant": 1505762615056,
    "id": "e502168a-b469-45d9-a079-fd45f83e0406",
    "info": {
      "ipAddress": "42.42.42.42",
      "location": {
        "city": "Denver",
        "country": "US",
        "displayString": "Denver, CO, US",
        "latitude": 39.77777,
        "longitude": -104.9191,
        "region": "CO"
      },
      "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36"
    },
    "tenantId": "e872a880-b14f-6d62-c312-cb40f22af465",
    "type": "user.login.failed",
    "user": {
      "active": true,
      "connectorId": "e3306678-a53a-4964-9040-1c96f36dda72",
      "email": "example@fusionauth.io",
      "id": "00000000-0000-0001-0000-000000000000",
      "passwordChangeRequired": false,
      "registrations": [
        {
          "applicationId": "10000000-0000-0002-0000-000000000001",
          "id": "00000000-0000-0002-0000-000000000000",
          "insertInstant": 1446064706250,
          "roles": [
            "user"
          ],
          "usernameStatus": "ACTIVE"
        }
      ],
      "tenantId": "f24aca2b-ce4a-4dad-951a-c9d690e71415",
      "twoFactorEnabled": false,
      "usernameStatus": "ACTIVE",
      "verified": true
    }
  }
}