/ Docs

Two Factor Failed Attempt

User Two Factor Failed Attempt

This feature is only available in the Enterprise plan. To learn more, see our pricing page.

This event has been available since 1.68.0

This event is generated when a two-factor failed attempt happens.

Event type 
user.two-factor.failed.attempt

Event Scope

This is a tenant scoped event.

It can be sent to all tenants or to one or more specified tenants. However, those tenants will not be sent events for other tenants, but only events related to themselves.

Transaction Compatibility

This event is non-transactional. The operation will succeed regardless of the webhook response status code.

Event Body

event.applicationId UUID

The unique Id of the Application for which the user has requested login. If the login request omits the applicationId or the user is not registered for the requested applicationId this value will not be returned in the event.

event.clientRisk String

The Intelligent MFA calculated client risk. The possible values are: LOW, MEDIUM, and HIGH.

event.createInstant Long

The instant that the event was generated.

event.id UUID

The unique Id of the event. You may receive an event more than once based upon your transaction settings. This Id may be used to identify a duplicate event.

event.messageType String

The optional MFA message type used to complete the login request. The possible values are: SMS and Voice.

event.method String

The MFA method used to complete the login request. The possible values are: authenticator, email, recoveryCode, and sms.

event.info.data Object

An object that can hold any information about the event that should be persisted.

event.info.deviceDescription String

The description of the device associated with the event.

event.info.deviceName String

The device name associated with the event.

event.info.deviceType String

The type of device associated with the event.

event.info.ipAddress String

The source IP address of the event.

event.info.location.city String

The city where the event originated.

Note: To use event location data, you'll need an Enterprise plan.

event.info.location.country String

The country where the event originated.

Note: To use event location data, you'll need an Enterprise plan.

event.info.location.latitude Double

The latitude where the event originated.

Note: To use event location data, you'll need an Enterprise plan.

event.info.location.longitude Double

The longitude where the event originated.

Note: To use event location data, you'll need an Enterprise plan.

event.info.location.region String

The geographic location where the event originated.

Note: To use event location data, you'll need an Enterprise plan.

event.info.location.zipcode String

The zip code where the event originated.

Note: To use event location data, you'll need an Enterprise plan.

event.info.os String

The operating system associated with the event.

event.info.userAgent String

The user agent associated with the event.

event.linkedObjectId UUID Available since 1.53.0

The Id of the user related to this event.

event.tenantId UUID

The unique tenant identifier. This value may not be returned if not applicable.

event.type String

The event type, this value will always be {eventType}.

event.user Object

The user that completed the login request. See the Users API for property definitions and example JSON

Example Event JSON

{
  "event": {
    "applicationId": "134f7157-0252-4100-889e-8b3084b85660",
    "clientRisk": "MEDIUM",
    "createInstant": 1630383272048,
    "id": "0f2a3e31-d7c9-48dc-841a-b47ca4830773",
    "info": {
      "deviceName": "macOS Chrome",
      "deviceType": "BROWSER",
      "ipAddress": "127.0.0.1",
      "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36"
    },
    "linkedObjectId": "afb7db63-2a73-4415-a7f1-b81a80ca4bea",
    "method": "authenticator",
    "tenantId": "30663132-6464-6665-3032-326466613934",
    "type": "user.two-factor.failed.attempt",
    "user": {
      "active": true,
      "birthDate": "1981-06-04",
      "connectorId": "e3306678-a53a-4964-9040-1c96f36dda72",
      "data": {
        "Company": "PiedPiper",
        "PreviousCompany": "Aviato",
        "user_type": "iconclast"
      },
      "email": "example@fusionauth.io",
      "firstName": "Erlich",
      "id": "00000000-0000-0000-0000-000000000001",
      "insertInstant": 1630083026349,
      "lastLoginInstant": 1630383233716,
      "lastName": "Bachman",
      "lastUpdateInstant": 1630083026349,
      "memberships": [],
      "passwordChangeRequired": false,
      "passwordLastUpdateInstant": 1630083026431,
      "preferredLanguages": [],
      "registrations": [],
      "tenantId": "30663132-6464-6665-3032-326466613934",
      "twoFactor": {
        "methods": [],
        "recoveryCodes": []
      },
      "usernameStatus": "ACTIVE",
      "verified": true
    }
  }
}