Events
Events
These are the events that FusionAuth generates that can be optionally consumed by your registered Webhook.
-
User Actions - when a moderator takes an action on a user
-
User Bulk Create - when multiple users are created as the result of the Import API
-
User Create - when a user is created
-
User Update - when a user is updated
-
User Deactivate - when a user is deactivated
-
User Reactivate - when a user is reactivated
-
User Delete - when a user is deleted
-
User Email Verified - when a user verifies their email address
-
User Login Success - when a user successfully completes login
-
User Login Failure - when a user fails to complete login
-
User Password Breach - when Reactor detects a user is using a potentially breached password
-
User Registration Create - when a new user registration is created
-
User Registration Update - when a user registration is update
-
User Registration Delete - when a user registration is deleted
-
User Registration Verified - when a user completes registration verification
-
JWT Public Key Update - when a JWT RSA Public / Private keypair used for signing may have been updated.
-
JWT Refresh - when an access token is refreshed using a refresh token
-
JWT Refresh Token Revoke - when a refresh token (or multiple tokens) are revoked
Tenant Scoped Events
Tenant scoped events are generated for all applications in a tenant or for none of them.
All user events are tenant scoped because a user is a tenant scoped entity. For example, the user.delete, user.create, user.update, and user.deactivate events are all tenant scoped.
A tenant scoped event can, however contain an applicationId which can be used to filter events when received. One example is user.registration.create.
Application Scoped Events
A few events can be generated for one or more specified applications, or for all applications within a tenant.
The ability to limit the generation of an event for only certain applications is legacy functionality and may be modified in the future. If you want to get events for certain applications, send events for a tenant. Filter on the applicationId when consuming the event and discard events from any applications that are not of interest.
These events can be application scoped:
-
jwt.public-key.update -
jwt.refresh-token.revoke -
user.action
User Actions
This event is generated when a User Action is taken on a user and when temporal actions transition between phases.
A temporal action is one that has a start time and and a duration, when a phase transition occurs an event will be sent to the webhook. See the event.phase in the message body.
user.actionEvent Scope
This is a tenant or application scoped event. It can be sent to all applications in a tenant or to one or more specified applications.
The ability to limit the generation of an event for only certain applications is legacy functionality and may be modified in the future. You almost certainly want to enable this event at the tenant level and optionally filter on the applicationId when consuming the event.
Event Body
- event.action [String]
-
This parameter specifies the name of the action that is occurring.
- event.actionId [UUID]
-
This parameter specifies the unique Id of the action that is occurring.
- event.actioneeUserId [UUID]
-
This parameter specifies the unique identifier of the user the action is being performed on.
- event.actionerUserId [UUID]
-
This parameter specifies the Id of the User that performed the action that resulted in the notification being sent. If the action was initiated by FusionAuth this value will not be provided.
- event.applicationIds [Array<UUID>]
-
This parameter if provided specifies the scope of the User Action. When an Action is scoped to one or more Applications the Application Ids will be provided in this parameter.
- event.comment [String]
-
An optional comment left to possibly indicate why the action was taken, modified or canceled.
- event.createInstant [Long]
-
The instant that the event was generated.
- event.email [Object]
-
When the action is configured to send the email in the event body, FusionAuth will render the email and provide the result in the event body. This can be used to send an email through a third party provider. See Example POST body below for fields.
- event.emailedUser [Boolean]
-
This parameter will indicate if FusionAuth has already sent an email to the user as a result of this event. When
truean email was sent to the user, and iffalsean email was not sent to the user. - event.expiry [Long]
-
The instant that the action will expire, if the action expires.
- event.id [UUID]
-
The unique Id of the event. You may receive an event more than once based upon your transaction settings. This Id may be used to identify a duplicate event.
- event.localizedAction [String]
-
This parameter specifies the localized version of the action field, based on the user’s preferred languages.
- event.localizedDuration [String]
-
The duration of the action in a human readable format that is localized based on the user’s preferred languages.
- event.localizedOption [String]
-
This parameter specifies the localized version of the option field, based on the user’s preferred languages.
- event.localizedReason [String]
-
This parameter specifies the localized reason of the reason field, based on the user’s preferred languages.
- event.notifyUser [Boolean]
-
This parameter specifies whether the user should be notified. FusionAuth will only set this value based upon the event configuration, it is simply an indicator to the event consumer to notify the user.
- event.option [String]
-
An optional value to provide additional context to the Action. This value is free form and defined by the User Action.
- event.phase [Boolean]
-
If the Action is temporal, this parameter will be provided to indicate the current phase of the action. The following are the possible Action states:
-
start- The event has started. -
modify- The event has been modified. -
cancel- The event has been canceled, theendphase will not be reached. -
end- The event has ended.
When the action is started by an admin, the phase will be "start". If an admin changes the duration of the action, the phase will be "modify". If an admin cancels an action it will be "cancel" or the action expires, the phase will be "end". If the action is key-based, the phase will be "start".
-
- event.reason [String]
-
The reason the admin selected. Reasons may be configured in the FusionAuth UI, navigate to . This value will be omitted when no reasons are selected (or configured).
- event.reasonCode [String]
-
The reason code the admin selected. Reasons may be configured in the FusionAuth UI, navigate to . This value will be omitted when no reasons are selected (or configured).
- event.tenantId [UUID] Available since 1.8.0
-
The unique tenant identifier. This value may not be returned if not applicable.
- event.type [String]
-
The event type, this value will always be
user.action.
{
"event": {
"action": "Mute",
"actionId": "8c10cd8d-251b-4ebc-9171-6a7a2e8ed390",
"actioneeId": "32ac49fe-1f7f-40b6-a3a1-02611a10945a",
"actionerId": "1219c8e2-c0c2-4efc-9323-6ee9062e9c1f",
"applicationIds": [
"2a6972a9-d332-458f-9c11-aa0eb74cfefc",
"a1d7c8d2-be38-4530-8c61-b32245f94f0c",
"def77957-1818-4fd5-b052-004777acb6fa",
"96ebce2f-f9c0-44f6-a92f-6f476e08b678",
"563215b9-b819-4ec5-b983-88174f26e390"
],
"comment": "a comment",
"createInstant": 1505762615056,
"email": {
"attachments": [],
"bcc": [],
"cc": [],
"from": {
"address": "moderator@yourorganization.com",
"display": "Moderator"
},
"html": "<p>Please review the code of conduct to avoid being removed from the community.</p>",
"replyTo": {
"address": "no-reply@yourorganization.com",
"display": "no-reply@yourorganization.com"
},
"subject": "You've received a Misconduct action",
"text": "Please review the code of conduct to avoid being removed from the community.",
"to": [
{
"address": "Allan249@example.com",
"display": "Allan"
}
]
},
"emailedUser": false,
"expiry": 1408554564119,
"id": "e502168a-b469-45d9-a079-fd45f83e0406",
"localizedAction": "Mute",
"localizedDuration": "2 days",
"localizedOption": "soft",
"localizedReason": "Misconduct",
"notifyUser": true,
"option": "soft",
"phase": "start",
"reason": "Misconduct",
"reasonCode": "123",
"tenantId": "e872a880-b14f-6d62-c312-cb40f22af465",
"type": "user.action"
}
}User Bulk Create
This event is generated when multiple users are created. The JSON includes each of the Users that were created.
The final state of the operation which caused the webhook is not persisted to FusionAuth until after the webhook finishes; learn more.
user.bulk.createEvent Scope
This is a tenant scoped event.
Event Body
- event.createInstant [Long]
-
The instant that the event was generated.
- event.id [UUID]
-
The unique Id of the event. You may receive an event more than once based upon your transaction settings. This Id may be used to identify a duplicate event.
- event.type [String]
-
The event type, this value will always be
user.bulk.create. - event.tenantId [UUID] Available since 1.8.0
-
The unique tenant identifier. This value may not be returned if not applicable.
- event.users [Array<Object>]
-
The users that have been created. See the Users API for property definitions and example JSON.
Event JSON
{
"event": {
"createInstant": 1505762615056,
"id": "e502168a-b469-45d9-a079-fd45f83e0406",
"tenantId": "e872a880-b14f-6d62-c312-cb40f22af465",
"type": "user.bulk.create",
"users": [
{
"active": true,
"connectorId": "e3306678-a53a-4964-9040-1c96f36dda72",
"email": "example@fusionauth.io",
"id": "00000000-0000-0001-0000-000000000000",
"lastLoginInstant": 1471786483322,
"passwordChangeRequired": false,
"passwordLastUpdateInstant": 1471786483322,
"registrations": [
{
"applicationId": "10000000-0000-0002-0000-000000000001",
"id": "00000000-0000-0002-0000-000000000000",
"insertInstant": 1446064706250,
"lastLoginInstant": 1456064601291,
"roles": [
"user"
],
"usernameStatus": "ACTIVE"
}
],
"tenantId": "f24aca2b-ce4a-4dad-951a-c9d690e71415",
"twoFactorEnabled": false,
"usernameStatus": "ACTIVE",
"verified": true
}
]
}
}User Create
This event is generated when a single user is created. The JSON includes the User that was created.
The final state of the operation which caused the webhook is not persisted to FusionAuth until after the webhook finishes; learn more.
user.createEvent Scope
This is a tenant scoped event.
Event Body
- event.createInstant [Long]
-
The instant that the event was generated.
- event.id [UUID]
-
The unique Id of the event. You may receive an event more than once based upon your transaction settings. This Id may be used to identify a duplicate event.
- event.tenantId [UUID] Available since 1.8.0
-
The unique tenant identifier. This value may not be returned if not applicable.
- event.type [String]
-
The event type, this value will always be
user.create. - event.user [Object]
-
The user that has been created. See the Users API for property definitions and example JSON.
Event JSON
{
"event": {
"createInstant": 1505762615056,
"id": "e502168a-b469-45d9-a079-fd45f83e0406",
"tenantId": "e872a880-b14f-6d62-c312-cb40f22af465",
"type": "user.create",
"user": {
"active": true,
"connectorId": "e3306678-a53a-4964-9040-1c96f36dda72",
"email": "example@fusionauth.io",
"id": "00000000-0000-0001-0000-000000000000",
"passwordChangeRequired": false,
"tenantId": "f24aca2b-ce4a-4dad-951a-c9d690e71415",
"twoFactorEnabled": false,
"usernameStatus": "ACTIVE",
"verified": true
}
}
}User Update
This event is generated when a user is updated. The event will include the before and after versions of the User being updated.
user.updateEvent Scope
This is a tenant scoped event.
Event Body
- event.createInstant [Long]
-
The instant that the event was generated.
- event.id [UUID]
-
The unique Id of the event. You may receive an event more than once based upon your transaction settings. This Id may be used to identify a duplicate event.
- event.original [Object]
-
The user before the update occurred, this is the old version of the user. See the Users API for property definitions and example JSON.
- event.tenantId [UUID] Available since 1.8.0
-
The unique tenant identifier. This value may not be returned if not applicable.
- event.type [String]
-
The event type, this value will always be
user.update. - event.user [Object]
-
The user after the update, this is the new version of the user. See the Users API for property definitions and example JSON.
Event JSON
{
"event": {
"createInstant": 1505762615056,
"id": "e502168a-b469-45d9-a079-fd45f83e0406",
"original": {
"active": true,
"connectorId": "e3306678-a53a-4964-9040-1c96f36dda72",
"email": "example@fusionauth.io",
"id": "00000000-0000-0001-0000-000000000000",
"lastLoginInstant": 1471786483322,
"passwordChangeRequired": false,
"passwordLastUpdateInstant": 1471786483322,
"registrations": [
{
"applicationId": "10000000-0000-0002-0000-000000000001",
"id": "00000000-0000-0002-0000-000000000000",
"insertInstant": 1446064706250,
"lastLoginInstant": 1456064601291,
"roles": [
"user"
],
"usernameStatus": "ACTIVE"
}
],
"twoFactorEnabled": false,
"usernameStatus": "ACTIVE",
"verified": true
},
"tenantId": "e872a880-b14f-6d62-c312-cb40f22af465",
"type": "user.update",
"user": {
"active": true,
"connectorId": "e3306678-a53a-4964-9040-1c96f36dda72",
"email": "john@fusionauth.io",
"id": "00000000-0000-0001-0000-000000000000",
"lastLoginInstant": 1471786483322,
"passwordChangeRequired": false,
"passwordLastUpdateInstant": 1471786483322,
"registrations": [
{
"applicationId": "10000000-0000-0002-0000-000000000001",
"id": "00000000-0000-0002-0000-000000000000",
"insertInstant": 1446064706250,
"lastLoginInstant": 1456064601291,
"roles": [
"user"
],
"usernameStatus": "ACTIVE"
}
],
"tenantId": "f24aca2b-ce4a-4dad-951a-c9d690e71415",
"twoFactorEnabled": false,
"usernameStatus": "ACTIVE",
"verified": true
}
}
}User Deactivate
This event is generated when a user is deactivated, also referred to as a soft delete.
user.deactivateEvent Scope
This is a tenant scoped event.
Event Body
- event.createInstant [Long]
-
The instant that the event was generated.
- event.id [UUID]
-
The unique Id of the event. You may receive an event more than once based upon your transaction settings. This Id may be used to identify a duplicate event.
- event.tenantId [UUID] Available since 1.8.0
-
The unique tenant identifier. This value may not be returned if not applicable.
- event.type [String]
-
The event type, this value will always be
user.deactivate. - event.user [Object]
-
The user that has been deactivated. See the Users API for property definitions and example JSON.
Event JSON
{
"event": {
"createInstant": 1505762615056,
"id": "e502168a-b469-45d9-a079-fd45f83e0406",
"tenantId": "e872a880-b14f-6d62-c312-cb40f22af465",
"type": "user.deactivate",
"user": {
"active": true,
"connectorId": "e3306678-a53a-4964-9040-1c96f36dda72",
"email": "example@fusionauth.io",
"id": "00000000-0000-0001-0000-000000000000",
"lastLoginInstant": 1471786483322,
"passwordChangeRequired": false,
"passwordLastUpdateInstant": 1471786483322,
"registrations": [
{
"applicationId": "10000000-0000-0002-0000-000000000001",
"id": "00000000-0000-0002-0000-000000000000",
"insertInstant": 1446064706250,
"lastLoginInstant": 1456064601291,
"roles": [
"user"
],
"usernameStatus": "ACTIVE"
}
],
"tenantId": "f24aca2b-ce4a-4dad-951a-c9d690e71415",
"twoFactorEnabled": false,
"usernameStatus": "ACTIVE",
"verified": true
}
}
}User Reactivate
This event is generated when user is re-activated, a re-activated user is one that had been soft deleted and has now been un-deleted.
user.reactivateEvent Scope
This is a tenant scoped event.
Event Body
- event.createInstant [Long]
-
The instant that the event was generated.
- event.id [UUID]
-
The unique Id of the event. You may receive an event more than once based upon your transaction settings. This Id may be used to identify a duplicate event.
- event.tenantId [UUID] Available since 1.8.0
-
The unique tenant identifier. This value may not be returned if not applicable.
- event.type [String]
-
The event type, this value will always be
user.reactivate. - event.user [Object]
-
The user that has been re-activated. See the Users API for property definitions and example JSON.
Event JSON
{
"event": {
"createInstant": 1505762615056,
"id": "e502168a-b469-45d9-a079-fd45f83e0406",
"tenantId": "e872a880-b14f-6d62-c312-cb40f22af465",
"type": "user.reactivate",
"user": {
"active": true,
"connectorId": "e3306678-a53a-4964-9040-1c96f36dda72",
"email": "example@fusionauth.io",
"id": "00000000-0000-0001-0000-000000000000",
"lastLoginInstant": 1471786483322,
"passwordChangeRequired": false,
"passwordLastUpdateInstant": 1471786483322,
"registrations": [
{
"applicationId": "10000000-0000-0002-0000-000000000001",
"id": "00000000-0000-0002-0000-000000000000",
"insertInstant": 1446064706250,
"lastLoginInstant": 1456064601291,
"roles": [
"user"
],
"usernameStatus": "ACTIVE"
}
],
"tenantId": "f24aca2b-ce4a-4dad-951a-c9d690e71415",
"twoFactorEnabled": false,
"usernameStatus": "ACTIVE",
"verified": true
}
}
}User Delete
This event is generated when a user is deleted.
user.deleteEvent Scope
This is a tenant scoped event.
Event Body
- event.createInstant [Long]
-
The instant that the event was generated.
- event.id [UUID]
-
The unique Id of the event. You may receive an event more than once based upon your transaction settings. This Id may be used to identify a duplicate event.
- event.tenantId [UUID] Available since 1.8.0
-
The unique tenant identifier. This value may not be returned if not applicable.
- event.type [String]
-
The event type, this value will always be
user.delete. - event.user [Object]
-
The user that has been deleted. See the Users API for property definitions and example JSON.
Event JSON
{
"event": {
"createInstant": 1505762615056,
"id": "e502168a-b469-45d9-a079-fd45f83e0406",
"tenantId": "e872a880-b14f-6d62-c312-cb40f22af465",
"type": "user.delete",
"user": {
"active": true,
"connectorId": "e3306678-a53a-4964-9040-1c96f36dda72",
"email": "example@fusionauth.io",
"id": "00000000-0000-0001-0000-000000000000",
"lastLoginInstant": 1471786483322,
"passwordChangeRequired": false,
"passwordLastUpdateInstant": 1471786483322,
"registrations": [
{
"applicationId": "10000000-0000-0002-0000-000000000001",
"id": "00000000-0000-0002-0000-000000000000",
"insertInstant": 1446064706250,
"lastLoginInstant": 1456064601291,
"roles": [
"user"
],
"usernameStatus": "ACTIVE"
}
],
"tenantId": "f24aca2b-ce4a-4dad-951a-c9d690e71415",
"twoFactorEnabled": false,
"usernameStatus": "ACTIVE",
"verified": true
}
}
}User Email Verified
This event has been available since 1.8.0
This event is generated when a user verifies their email address.
user.email.verifiedEvent Scope
This is a tenant scoped event.
Event Body
- event.createInstant [Long]
-
The instant that the event was generated.
- event.id [UUID]
-
The unique Id of the event. You may receive an event more than once based upon your transaction settings. This Id may be used to identify a duplicate event.
- event.tenantId [UUID] Available since 1.8.0
-
The unique tenant identifier. This value may not be returned if not applicable.
- event.type [String]
-
The event type, this value will always be
user.email.verified. - event.user [Object]
-
The user that has verified their email address. See the Users API for property definitions and example JSON.
Event JSON
{
"event" : {
"createInstant" : 1563399203743,
"id" : "a5b9cae9-aacd-4649-a0f2-50bba29039c4",
"tenantId": "e872a880-b14f-6d62-c312-cb40f22af465",
"type" : "user.email.verified",
"user": {
"active": true,
"connectorId": "e3306678-a53a-4964-9040-1c96f36dda72",
"email": "example@fusionauth.io",
"id": "00000000-0000-0001-0000-000000000000",
"passwordChangeRequired": false,
"registrations": [
{
"applicationId": "10000000-0000-0002-0000-000000000001",
"id": "00000000-0000-0002-0000-000000000000",
"insertInstant": 1446064706250,
"roles": [
"user"
],
"usernameStatus": "ACTIVE"
}
],
"tenantId": "f24aca2b-ce4a-4dad-951a-c9d690e71415",
"twoFactorEnabled": false,
"usernameStatus": "ACTIVE",
"verified": true
}
}
}User Login Success
This event has been available since 1.6.0
This event is generated when a user completes a successful login.
user.login.successEvent Scope
This is a tenant scoped event.
Event Body
- event.applicationId [UUID]
-
The unique Id of the Application for which the user has requested login. If the login request omits the applicationid or the user is not registered for the requested applicationId this value will not be returned in the event.
- event.authenticationType [String]
-
The type of authentication used in the login request.
- event.connectorId [UUID] Available since 1.18.0
-
The unique Id of the connector used to complete the login.
- event.createInstant [Long]
-
The instant that the event was generated.
- event.id [UUID]
-
The unique Id of the event. You may receive an event more than once based upon your transaction settings. This Id may be used to identify a duplicate event.
- event.identityProviderId [UUID]
-
The unique Id of the identity provider used to complete the login. This value will be omitted from the event if an identity provider was not used.
- event.identityProviderName [String]
-
The name of the identity provider used to complete the login. This value will be omitted from the event if an identity provider was not used.
- event.ipAddress [String] Available since 1.26.0
-
The ip address provided in the login request.
- event.tenantId [UUID] Available since 1.8.0
-
The unique tenant identifier. This value may not be returned if not applicable.
- event.type [String]
-
The event type, this value will always be
user.login.success. - event.user [Object]
-
The user that completed the login request. See the Users API for property definitions and example JSON.
Event JSON
{
"event": {
"applicationId": "10000000-0000-0002-0000-000000000001",
"authenticationType": "PASSWORD",
"connectorId": "e3306678-a53a-4964-9040-1c96f36dda72",
"createInstant": 1505762615056,
"id": "e502168a-b469-45d9-a079-fd45f83e0406",
"ipAddress": "11.11.11.11",
"tenantId": "e872a880-b14f-6d62-c312-cb40f22af465",
"type": "user.login.success",
"user": {
"active": true,
"connectorId": "e3306678-a53a-4964-9040-1c96f36dda72",
"email": "example@fusionauth.io",
"id": "00000000-0000-0001-0000-000000000000",
"passwordChangeRequired": false,
"registrations": [
{
"applicationId": "10000000-0000-0002-0000-000000000001",
"id": "00000000-0000-0002-0000-000000000000",
"insertInstant": 1446064706250,
"roles": [
"user"
],
"usernameStatus": "ACTIVE"
}
],
"tenantId": "f24aca2b-ce4a-4dad-951a-c9d690e71415",
"twoFactorEnabled": false,
"usernameStatus": "ACTIVE",
"verified": true
}
}
}User Login Failure
This event has been available since 1.6.0
This event is generated when a user login request fails due to invalid credentials.
user.login.failedEvent Scope
This is a tenant scoped event.
Event Body
- event.applicationId [UUID]
-
The unique Id of the Application for which the user has requested login. If the login request omits the applicationid or the user is not registered for the requested applicationId this value will not be returned in the event.
- event.authenticationType [String]
-
The type of authentication used in the login request.
- event.createInstant [Long]
-
The instant that the event was generated.
- event.id [UUID]
-
The unique Id of the event. You may receive an event more than once based upon your transaction settings. This Id may be used to identify a duplicate event.
- event.ipAddress [String] Available since 1.26.0
-
The ip address provided in the login request.
- event.tenantId [UUID] Available since 1.8.0
-
The unique tenant identifier. This value may not be returned if not applicable.
- event.type [String]
-
The event type, this value will always be
user.login.failed. - event.user [Object]
-
The user that failed the login request. See the Users API for property definitions and example JSON.
Event JSON
{
"event": {
"applicationId": "10000000-0000-0002-0000-000000000001",
"authenticationType": "PASSWORD",
"createInstant": 1505762615056,
"id": "e502168a-b469-45d9-a079-fd45f83e0406",
"ipAddress": "12.12.12.12",
"tenantId": "e872a880-b14f-6d62-c312-cb40f22af465",
"type": "user.login.failed",
"user": {
"active": true,
"connectorId": "e3306678-a53a-4964-9040-1c96f36dda72",
"email": "example@fusionauth.io",
"id": "00000000-0000-0001-0000-000000000000",
"passwordChangeRequired": false,
"registrations": [
{
"applicationId": "10000000-0000-0002-0000-000000000001",
"id": "00000000-0000-0002-0000-000000000000",
"insertInstant": 1446064706250,
"roles": [
"user"
],
"usernameStatus": "ACTIVE"
}
],
"tenantId": "f24aca2b-ce4a-4dad-951a-c9d690e71415",
"twoFactorEnabled": false,
"usernameStatus": "ACTIVE",
"verified": true
}
}
}User Password Breach
This event has been available since 1.15.0
This event is generated when Reactor detects a user is using a vulnerable, or breached password. This event will only occur during login when the Tenant is not configured to require the user to change their password. All other breached password detections will occur during password validation and because the user will not be allowed to use the password.
user.password.breachEvent Scope
This is a tenant scoped event.
Event Body
- event.createInstant [Long]
-
The instant that the event was generated.
- event.id [UUID]
-
The unique Id of the event. You may receive an event more than once based upon your transaction settings. This Id may be used to identify a duplicate event.
- event.tenantId [UUID]
-
The unique tenant identifier. This value may not be returned if not applicable.
- event.type [String]
-
The event type, this value will always be
user.password.breach. - event.user [Object]
-
The user that failed the login request. See the Users API for property definitions and example JSON.
Event JSON
{
"event": {
"createInstant": 1505762615056,
"id": "e502168a-b469-45d9-a079-fd45f83e0406",
"tenantId": "e872a880-b14f-6d62-c312-cb40f22af465",
"type": "user.password.breach",
"user": {
"active": true,
"connectorId": "e3306678-a53a-4964-9040-1c96f36dda72",
"email": "example@fusionauth.io",
"id": "00000000-0000-0001-0000-000000000000",
"breachedPasswordStatus" : "ExactMatch",
"breachedPasswordLastCheckedInstant" : 1505762615056,
"passwordChangeReason": "Breached",
"passwordChangeRequired" : true,
"registrations": [
{
"applicationId": "10000000-0000-0002-0000-000000000001",
"id": "00000000-0000-0002-0000-000000000000",
"insertInstant": 1446064706250,
"roles": [
"user"
],
"usernameStatus": "ACTIVE"
}
],
"tenantId": "f24aca2b-ce4a-4dad-951a-c9d690e71415",
"twoFactorEnabled": false,
"usernameStatus": "ACTIVE",
"verified": true
}
}
}User Registration Create
This event has been available since 1.6.0
This event is generated when a user registration is created.
The final state of the operation which caused the webhook is not persisted to FusionAuth until after the webhook finishes; learn more.
user.registration.createEvent Scope
This is a tenant scoped event.
Event Body
- event.applicationId [UUID]
-
The unique Id of the Application for which the user has now been registered.
- event.createInstant [Long]
-
The instant that the event was generated.
- event.id [UUID]
-
The unique Id of the event. You may receive an event more than once based upon your transaction settings. This Id may be used to identify a duplicate event.
- event.registration [Object]
-
The user registration that has been created. See the Registration API for property definitions and example JSON.
- event.tenantId [UUID] Available since 1.8.0
-
The unique tenant identifier. This value may not be returned if not applicable.
- event.type [String]
-
The event type, this value will always be
user.registration.create. - event.user [Object]
-
The user that owns the new registration. See the Users API for property definitions and example JSON.
Event JSON
{
"applicationId": "fed19281-1584-4db8-8b24-959e2d986904",
"createInstant": 1505762615056,
"id": "e502168a-b469-45d9-a079-fd45f83e0406",
"registration": {
"applicationId": "10000000-0000-0002-0000-000000000001",
"id": "00000000-0000-0002-0000-000000000000",
"insertInstant": 1446064706250,
"roles": [
"user"
],
"usernameStatus": "ACTIVE"
},
"tenantId": "e872a880-b14f-6d62-c312-cb40f22af465",
"type": "user.registration.create",
"user": {
"active": true,
"connectorId": "e3306678-a53a-4964-9040-1c96f36dda72",
"email": "example@fusionauth.io",
"id": "00000000-0000-0001-0000-000000000000",
"passwordChangeRequired": false,
"tenantId": "f24aca2b-ce4a-4dad-951a-c9d690e71415",
"twoFactorEnabled": false,
"usernameStatus": "ACTIVE",
"verified": true
}
}User Registration Update
This event has been available since 1.6.0
This event is generated when a user registration has been updated.
user.registration.updateEvent Scope
This is a tenant scoped event.
Event Body
- event.applicationId [UUID]
-
The unique Id of the Application for which the user registration has been updated.
- event.createInstant [Long]
-
The instant that the event was generated.
- event.id [UUID]
-
The unique Id of the event. You may receive an event more than once based upon your transaction settings. This Id may be used to identify a duplicate event.
- event.original [Object]
-
The original registration prior to being updated. See the Registration API for property definitions and example JSON.
- event.registration [Object]
-
The user registration that has been updated. See the Registration API for property definitions and example JSON.
- event.tenantId [UUID] Available since 1.8.0
-
The unique tenant identifier. This value may not be returned if not applicable.
- event.type [String]
-
The event type, this value will always be
user.registration.update. - event.user [Object]
-
The user that owns the registration being updated. See the Users API for property definitions and example JSON.
Event JSON
{
"applicationId": "fed19281-1584-4db8-8b24-959e2d986904",
"createInstant": 1505762615056,
"id": "e502168a-b469-45d9-a079-fd45f83e0406",
"original": {
"applicationId": "10000000-0000-0002-0000-000000000001",
"id": "00000000-0000-0002-0000-000000000000",
"insertInstant": 1446064706250,
"roles": [
"user"
],
"usernameStatus": "ACTIVE"
},
"registration": {
"applicationId": "10000000-0000-0002-0000-000000000001",
"id": "00000000-0000-0002-0000-000000000000",
"insertInstant": 1446064706250,
"roles": [
"admin"
],
"usernameStatus": "ACTIVE"
},
"tenantId": "e872a880-b14f-6d62-c312-cb40f22af465",
"type": "user.registration.update",
"user": {
"active": true,
"connectorId": "e3306678-a53a-4964-9040-1c96f36dda72",
"email": "example@fusionauth.io",
"id": "00000000-0000-0001-0000-000000000000",
"passwordChangeRequired": false,
"tenantId": "f24aca2b-ce4a-4dad-951a-c9d690e71415",
"twoFactorEnabled": false,
"usernameStatus": "ACTIVE",
"verified": true
}
}User Registration Delete
This event has been available since 1.6.0
This event is generated when a user registration has been deleted.
user.registration.deleteEvent Scope
This is a tenant scoped event.
Event Body
- event.applicationId [UUID]
-
The unique Id of the Application for which the user’s registration has been deleted.
- event.createInstant [Long]
-
The instant that the event was generated.
- event.id [UUID]
-
The unique Id of the event. You may receive an event more than once based upon your transaction settings. This Id may be used to identify a duplicate event.
- event.registration [Object]
-
The user registration that has been deleted. See the Registration API for property definitions and example JSON.
- event.tenantId [UUID] Available since 1.8.0
-
The unique tenant identifier. This value may not be returned if not applicable.
- event.type [String]
-
The event type, this value will always be
user.registration.delete. - event.user [Object]
-
The user that owns the registration being deleted. See the Users API for property definitions and example JSON.
Event JSON
{
"applicationId": "fed19281-1584-4db8-8b24-959e2d986904",
"createInstant": 1505762615056,
"id": "e502168a-b469-45d9-a079-fd45f83e0406",
"registration": {
"applicationId": "10000000-0000-0002-0000-000000000001",
"id": "00000000-0000-0002-0000-000000000000",
"insertInstant": 1446064706250,
"roles": [
"user"
],
"usernameStatus": "ACTIVE"
},
"tenantId": "e872a880-b14f-6d62-c312-cb40f22af465",
"type": "user.registration.delete",
"user": {
"active": true,
"connectorId": "e3306678-a53a-4964-9040-1c96f36dda72",
"email": "example@fusionauth.io",
"id": "00000000-0000-0001-0000-000000000000",
"passwordChangeRequired": false,
"tenantId": "f24aca2b-ce4a-4dad-951a-c9d690e71415",
"twoFactorEnabled": false,
"usernameStatus": "ACTIVE",
"verified": true
}
}User Registration Verified
This event has been available since 1.8.0
This event is generated when a user registration has been verified.
user.registration.verifiedEvent Scope
This is a tenant scoped event.
Event Body
- event.applicationId [UUID]
-
The unique Id of the Application for which the user registration has been updated.
- event.createInstant [Long]
-
The instant that the event was generated.
- event.id [UUID]
-
The unique Id of the event. You may receive an event more than once based upon your transaction settings. This Id may be used to identify a duplicate event.
- event.registration [Object]
-
The user registration that has been verified. See the Registration API for property definitions and example JSON.
- event.tenantId [UUID] Available since 1.8.0
-
The unique tenant identifier. This value may not be returned if not applicable.
- event.type [String]
-
The event type, this value will always be
user.registration.verified. - event.user [Object]
-
The user that owns the registration being updated. See the Users API for property definitions and example JSON.
Event JSON
{
"event" : {
"applicationId" : "dab376e7-ed33-4a41-86c9-e87de52bd8e2",
"createInstant" : 1563399203742,
"id" : "f3baaff6-2b41-4ec3-a786-6849d460b5e8",
"registration" : {
"applicationId": "10000000-0000-0002-0000-000000000001",
"id": "00000000-0000-0002-0000-000000000000",
"insertInstant": 1446064706250,
"roles": [
"admin"
],
"usernameStatus": "ACTIVE",
"verified" : true
},
"tenantId": "e872a880-b14f-6d62-c312-cb40f22af465",
"type" : "user.registration.verified",
"user": {
"active": true,
"connectorId": "e3306678-a53a-4964-9040-1c96f36dda72",
"email": "example@fusionauth.io",
"id": "00000000-0000-0001-0000-000000000000",
"passwordChangeRequired": false,
"tenantId": "f24aca2b-ce4a-4dad-951a-c9d690e71415",
"twoFactorEnabled": false,
"usernameStatus": "ACTIVE",
"verified": true
}
}
}JWT Public Key Update
This event is generated when a public key configuration used to sign a JSON web token has been updated.
jwt.public-key.updateEvent Scope
This is a tenant or application scoped event. It can be sent to all applications in a tenant or to one or more specified applications.
The ability to limit the generation of an event for only certain applications is legacy functionality and may be modified in the future. You almost certainly want to enable this event at the tenant level and optionally filter on the applicationId when consuming the event.
Event Body
- event.applicationIds [Array<UUID>]
-
A list of Application Ids that may have been affected by a configuration change in which affect the public key used to sign JWTs.
- event.createInstant [Long]
-
The instant that the event was generated.
- event.id [UUID]
-
The unique Id of the event. You may receive an event more than once based upon your transaction settings. This Id may be used to identify a duplicate event.
- event.tenantId [UUID] Available since 1.8.0
-
The unique tenant identifier. This value may not be returned if not applicable.
- event.type [String]
-
The event type, this value will always be
jwt.public-key.update.
Event JSON
{
"event": {
"applicationIds": [
"ecbe454c-3b52-46c3-87f7-b3e00c5636e6"
],
"createInstant": 1505762615056,
"id": "e502168a-b469-45d9-a079-fd45f83e0406",
"tenantId": "e872a880-b14f-6d62-c312-cb40f22af465",
"type": "jwt.public-key.update"
}
}JWT Refresh
This event has been available since 1.16.0
This event is generated when an access token is refreshed using a refresh token. This event is initiated from both the OAuth2 Refresh Token Grant, and the Refresh a JWT API.
jwt.refreshEvent Scope
This is a tenant scoped event.
Event Body
- event.applicationId [UUID]
-
The unique Id of the Application for which the token provides access.
- event.createInstant [Long]
-
The instant that the event was generated.
- event.id [UUID]
-
The unique Id of the event. You may receive an event more than once based upon your transaction settings. This Id may be used to identify a duplicate event.
- event.original [String]
-
The original encoded access token which was provided on the JWT refresh request. This field will be omitted if the token parameter was not provided on the initiating request.
- event.refreshToken [String]
-
The refresh token which was provided on the JWT refresh request, used in refreshing the JWT.
- event.token [String]
-
The new encoded access token.
- event.tenantId [UUID]
-
The unique tenant identifier.
- event.type [String]
-
The event type, this value will always be
jwt.refresh.
Event JSON
{
"event": {
"type" : "jwt.refresh",
"createInstant" : 1566842908643,
"id" : "ef73f801-0efb-4b3d-91e9-99888d792137",
"tenantId" : "800d17be-ad77-4f3d-93e1-ef73dfa50cf2",
"applicationId" : "79360eaa-2c25-429b-b8c7-0ba353127e9b",
"original": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IkFuYV91STRWbWxiMU5YVXZ0cV83SjZKZFNtTSJ9.eyJleHAiOjE1ODgzNTM0NjAsImlhdCI6MTU4ODM1MzQwMCwiaXNzIjoiZnVzaW9uYXV0aC5pbyIsInN1YiI6IjAwMDAwMDAwLTAwMDAtMDAwMS0wMDAwLTAwMDAwMDAwMDAwMCIsImF1dGhlbnRpY2F0aW9uVHlwZSI6IlBBU1NXT1JEIiwiZW1haWwiOiJ0ZXN0MEBmdXNpb25hdXRoLmlvIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsInByZWZlcnJlZF91c2VybmFtZSI6InVzZXJuYW1lMCJ9.ZoIHTo3Pv0DpcELeX_wu-ZB_rd988jefZc2Ozu9_p59kttwqMm5PV8IDbgxJw9xcq9TFoNG8e_B6renoc11JC54UbiyeXBjF7EH01n9LDz-zTGqu9U72470Z4E7IPAHcyvJIBx4Mp9sgsEYAUm9Tb8ChudqNHhn6ZnXYI7Sew7CtGlu62f10wdBYGX0soYARHBv9CwhJC3-gsD2HLmqHAP_XhrpaYPNr5EAvmCHlM-JlTiEQ9bXwSc4gv-XbPQWamwy8Kcdb-g0EEAml_dC_b2CduwwYg0EoPQB3tQxzTUQzADi7K6q0CtQXv2_1VrRi6aQ4lt7v7t-Na39wGry_pA",
"token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE0ODc5NzU0NTgsImlhdCI6MTQ4Nzk3MTg1OCwiaXNzIjoiYWNtZS5jb20iLCJzdWIiOiI4NThhNGIwMS02MmM4LTRjMmYtYmZhNy02ZDAxODgzM2JlYTciLCJhcHBsaWNhdGlvbklkIjoiM2MyMTllNTgtZWQwZS00YjE4LWFkNDgtZjRmOTI3OTNhZTMyIiwicm9sZXMiOlsiYWRtaW4iXX0.O29_m_NDa8Cj7kcpV7zw5BfFmVGsK1n3EolCj5u1M9hZ09EnkaOl5n68OLsIcpCrX0Ue58qsabag3MCNS6H4ldt6kMnH6k4bVg4TvIjoR8WE-yGcu_xDUObYKZYaHWiNeuDL1EuQQI_8HajQLND-c9juy5ILuz6Fhx8CLfHCziEHX_aQPt7jQ2IIasVzprKkgvWS07Hiv2Oskryx49wqCesl46b-30c6nfttHUDEQrVq9gaepca3Nhjj_cPtC400JgLCN9DOYIbtd69zvD8vDUOvVzMr2HGdWtKthqa35NF-3xMZKD8CShe8ZT74fNd9YZ0WRE-YeIf3T_Hv5p5V2w",
"refreshToken": "xRxGGEpVawiUak6He367W3oeOfh+3irw+1G1h1jc",
"userId": "73cf557a-394a-455d-898a-d77bb0432c2e"
}
}JWT Refresh Token Revoke
This event is generated when a refresh token is revoked. The JSON includes either the User Id and User or the Application Id depending on what was revoked. It will also include the time to live duration (in seconds) for each Application. This value is used to determine if JWTs are valid or not based on their expiration instants.
The following scenarios will cause this event to be generated:
-
A single Refresh Token is revoked
-
All Refresh Tokens owned by a single User are revoked
-
All Refresh Tokens for an Application are revoked
jwt.refresh-token.revokeEvent Scope
This is a tenant or application scoped event. It can be sent to all applications in a tenant or to one or more specified applications.
The ability to limit the generation of an event for only certain applications is legacy functionality and may be modified in the future. You almost certainly want to enable this event at the tenant level and optionally filter on the applicationId when consuming the event.
A single Refresh Token is revoked
This example JSON would reflect a scenario where a single refresh token is revoked for a single user for a single application.
Event Body
- event.applicationId [UUID]
-
The unique Id of the Application for which the refresh token have been revoked.
- event.applicationTimeToLiveInSeconds [Map<UUID, Integer>]
-
A map of Application Id to the configured time to live (TTL) for the access token (JWT). This can be used to identify the maximum amount of time after this event occurred where an un-expired access token may be held by a user.
If you take the createInstant of this event and add the number of seconds for a specific application TTL you come up with an instant in time where you should consider all access tokens issued before this time invalid. This is because the access token will have been issued on or before the instant the refresh token was revoked.
This map will contain a single entry for the application represented by the applicationId field.
- event.createInstant [Long]
-
The instant that the event was generated.
- event.id [UUID]
-
The unique Id of the event. You may receive an event more than once based upon your transaction settings. This Id may be used to identify a duplicate event.
- event.tenantId [UUID] Available since 1.8.0
-
The unique tenant identifier. This value may not be returned if not applicable.
- event.type [String]
-
The event type, this value will always be
jwt.refresh-token.revoke. - event.userId [UUID]
-
The unique Id of the User for which a refresh token has been revoked.
- event.user [Object] Available since 1.8.0
-
The user for which a refresh token has been revoked. See the Users API for property definitions and example JSON.
{
"event": {
"applicationId": "21a8893c-51b3-4964-8a50-6afb66ee8acd",
"applicationTimeToLiveInSeconds": {
"21a8893c-51b3-4964-8a50-6afb66ee8acd": 600
},
"createInstant": 1505762615056,
"id": "e502168a-b469-45d9-a079-fd45f83e0406",
"tenantId": "e872a880-b14f-6d62-c312-cb40f22af465",
"type": "jwt.refresh-token.revoke",
"userId": "dfdbae16-4e65-42c2-9773-23dfd6f5671d",
"user": {
"active": true,
"email": "example@fusionauth.io",
"id": "00000000-0000-0001-0000-000000000000",
"passwordChangeRequired": false,
"tenantId": "f24aca2b-ce4a-4dad-951a-c9d690e71415",
"twoFactorEnabled": false,
"usernameStatus": "ACTIVE",
"verified": true
}
}
}All Refresh Tokens owned by a single User are revoked
This example JSON would reflect a scenario where all refresh tokens owned by a single user are revoked.
Event Body
- event.applicationTimeToLiveInSeconds [Map<UUID, Integer>]
-
A map of Application Id to the configured time to live (TTL) for the access token (JWT). This can be used to identify the maximum amount of time after this event occurred where an un-expired access token may be held by a user.
If you take the createInstant of this event and add the number of seconds for a specific application TTL you come up with an instant in time where you should consider all access tokens issued before this time invalid. This is because the access token will have been issued on or before the instant the refresh token was revoked.
This map will contain an entry for each application for which the user has a refresh token.
- event.createInstant [Long]
-
The instant that the event was generated.
- event.id [UUID]
-
The unique Id of the event. You may receive an event more than once based upon your transaction settings. This Id may be used to identify a duplicate event.
- event.tenantId [UUID] Available since 1.8.0
-
The unique tenant identifier. This value may not be returned if not applicable.
- event.type [String]
-
The event type, this value will always be
jwt.refresh-token.revoke. - event.userId [UUID]
-
The unique Id of the User for which all refresh tokens have been revoked.
- event.user [Object] Available since 1.8.0
-
The user for which a refresh token has been revoked. See the Users API for property definitions and example JSON.
{
"event": {
"applicationTimeToLiveInSeconds": {
"21a8893c-51b3-4964-8a50-6afb66ee8acd": 600
},
"createInstant": 1505762615056,
"id": "e502168a-b469-45d9-a079-fd45f83e0406",
"tenantId": "e872a880-b14f-6d62-c312-cb40f22af465",
"type": "jwt.refresh-token.revoke",
"userId": "dfdbae16-4e65-42c2-9773-23dfd6f5671d",
"user": {
"active": true,
"email": "example@fusionauth.io",
"id": "00000000-0000-0001-0000-000000000000",
"passwordChangeRequired": false,
"twoFactorEnabled": false,
"usernameStatus": "ACTIVE",
"verified": true
}
}
}All Refresh Tokens for an Application are revoked
This example JSON would reflect a scenario where all refresh tokens issued for a specific application are revoked.
Event Body
- event.applicationId [UUID]
-
The unique Id of the Application for which all of the refresh tokens have been revoked.
- event.applicationTimeToLiveInSeconds [Map<UUID, Integer>]
-
A map of Application Id to the configured time to live (TTL) for the access token (JWT). This can be used to identify the maximum amount of time after this event occurred where an un-expired access token may be held by a user.
If you take the createInstant of this event and add the number of seconds for a specific application TTL you come up with an instant in time where you should consider all access tokens issued before this time invalid. This is because the access token will have been issued on or before the instant the refresh token was revoked.
- event.createInstant [Long]
-
The instant that the event was generated.
- event.id [UUID]
-
The unique Id of the event. You may receive an event more than once based upon your transaction settings. This Id may be used to identify a duplicate event.
- event.tenantId [UUID] Available since 1.8.0
-
The unique tenant identifier. This value may not be returned if not applicable.
- event.type [String]
-
The event type, this value will always be
jwt.refresh-token.revoke.
{
"event": {
"applicationId": "21a8893c-51b3-4964-8a50-6afb66ee8acd",
"applicationTimeToLiveInSeconds": {
"21a8893c-51b3-4964-8a50-6afb66ee8acd": 600
},
"createInstant": 1505762615056,
"id": "e502168a-b469-45d9-a079-fd45f83e0406",
"tenantId": "e872a880-b14f-6d62-c312-cb40f22af465",
"type": "jwt.refresh-token.revoke"
}
}