diff --git a/website/docs/events/index.md b/website/docs/events/index.md index 069f2a48a..d8caf4b3c 100644 --- a/website/docs/events/index.md +++ b/website/docs/events/index.md @@ -4,30 +4,305 @@ title: Events Events are authentik's built-in logging system. Whenever any of the following actions occur, an event is created: -- A user logs in/logs out (including the source, if available) -- A user fails to login -- A user sets their password - -- A user views a token - -- An invitation is used - -- A user object is written to during a flow - -- A user authorizes an application -- A user links a source to their account - -- A user starts/ends impersonation, including the user that was impersonated - -- A policy is executed (when a policy has "Execution Logging" enabled) -- A policy or property mapping causes an exception - -- A configuration error occurs, for example during the authorization of an application - -- Any objects is created/updated/deleted - -- An update is available - Certain information is stripped from events, to ensure no passwords or other credentials are saved in the log. -If you want to forward these events to another application, simply forward the log output of all authentik containers. Every event creation is logged there. +If you want to forward these events to another application, forward the log output of all authentik containers. Every event creation is logged with the log level "info". + +### `login` + +A user logs in (including the source, if available) + +
Example +

+ +```json +{ + "pk": "f00f54e7-2b38-421f-bc78-e61f950048d6", + "user": { + "pk": 1, + "email": "root@localhost", + "username": "akadmin" + }, + "action": "login", + "app": "authentik.events.signals", + "context": { + "auth_method": "password", + "http_request": { + "args": { + "query": "next=%2F" + }, + "path": "/api/v3/flows/executor/default-authentication-flow/", + "method": "GET" + }, + "auth_method_args": {} + }, + "client_ip": "::1", + "created": "2023-02-15T15:33:42.771091Z", + "expires": "2024-02-15T15:33:42.770425Z", + "tenant": { + "pk": "fcba828076b94dedb2d5a6b4c5556fa1", + "app": "authentik_tenants", + "name": "Default tenant", + "model_name": "tenant" + } +} +``` + +

+
+ +### `login_failed` + +A failed login attempt + +
Example +

+ +```json +{ + "pk": "2779b173-eb2a-4c2b-a1a4-8283eda308d7", + "user": { + "pk": 2, + "email": "", + "username": "AnonymousUser" + }, + "action": "login_failed", + "app": "authentik.events.signals", + "context": { + "stage": { + "pk": "7e88f4a991c442c1a1335d80f0827d7f", + "app": "authentik_stages_password", + "name": "default-authentication-password", + "model_name": "passwordstage" + }, + "password": "********************", + "username": "akadmin", + "http_request": { + "args": { + "query": "next=%2F" + }, + "path": "/api/v3/flows/executor/default-authentication-flow/", + "method": "POST" + } + }, + "client_ip": "::1", + "created": "2023-02-15T15:32:55.319608Z", + "expires": "2024-02-15T15:32:55.314581Z", + "tenant": { + "pk": "fcba828076b94dedb2d5a6b4c5556fa1", + "app": "authentik_tenants", + "name": "Default tenant", + "model_name": "tenant" + } +} +``` + +

+
+ +### `logout` + +A user logs out. + +
Example +

+ +```json +{ + "pk": "474ffb6b-77e3-401c-b681-7d618962440f", + "user": { + "pk": 1, + "email": "root@localhost", + "username": "akadmin" + }, + "action": "logout", + "app": "authentik.events.signals", + "context": { + "http_request": { + "args": { + "query": "" + }, + "path": "/api/v3/flows/executor/default-invalidation-flow/", + "method": "GET" + } + }, + "client_ip": "::1", + "created": "2023-02-15T15:39:55.976243Z", + "expires": "2024-02-15T15:39:55.975535Z", + "tenant": { + "pk": "fcba828076b94dedb2d5a6b4c5556fa1", + "app": "authentik_tenants", + "name": "Default tenant", + "model_name": "tenant" + } +} +``` + +

+
+ +### `user_write` + +A user is written to during a flow execution. + +
Example +

+ +```json +{ + "pk": "d012e8af-cb94-4fa2-9e92-961e4eebc060", + "user": { + "pk": 1, + "email": "root@localhost", + "username": "akadmin" + }, + "action": "user_write", + "app": "authentik.events.signals", + "context": { + "name": "authentik Default Admin", + "email": "root@localhost", + "created": false, + "username": "akadmin", + "attributes": { + "settings": { + "locale": "" + } + }, + "http_request": { + "args": { + "query": "" + }, + "path": "/api/v3/flows/executor/default-user-settings-flow/", + "method": "GET" + } + }, + "client_ip": "::1", + "created": "2023-02-15T15:41:18.411017Z", + "expires": "2024-02-15T15:41:18.410276Z", + "tenant": { + "pk": "fcba828076b94dedb2d5a6b4c5556fa1", + "app": "authentik_tenants", + "name": "Default tenant", + "model_name": "tenant" + } +} +``` + +

+
+ +### `suspicious_request` + +A suspicious request has been received (for example, a revoked token was used). + +### `password_set` + +A user sets their password. + +### `secret_view` + +A user views a token's/certificate's data. + +### `secret_rotate` + +A token was rotated automatically by authentik. + +### `invitation_used` + +An invitation is used. + +### `authorize_application` + +A user authorizes an application. + +
Example +

+ +```json +{ + "pk": "f52f9eb9-dc2a-4f1e-afea-ad5af90bf680", + "user": { + "pk": 1, + "email": "root@localhost", + "username": "akadmin" + }, + "action": "authorize_application", + "app": "authentik.providers.oauth2.views.authorize", + "context": { + "geo": { + "lat": 42.0, + "city": "placeholder", + "long": 42.0, + "country": "placeholder", + "continent": "placeholder" + }, + "flow": "53287faa8a644b6cb124cb602a84282f", + "scopes": "ak_proxy profile openid email", + "http_request": { + "args": { + "query": "[...]" + }, + "path": "/api/v3/flows/executor/default-provider-authorization-implicit-consent/", + "method": "GET" + }, + "authorized_application": { + "pk": "bed6a2495fdc4b2e8c3f93cb2ed7e021", + "app": "authentik_core", + "name": "Alertmanager", + "model_name": "application" + } + }, + "client_ip": "::1", + "created": "2023-02-15T10:02:48.615499Z", + "expires": "2023-04-26T10:02:48.612809Z", + "tenant": { + "pk": "10800be643d44842ab9d97cb5f898ce9", + "app": "authentik_tenants", + "name": "Default tenant", + "model_name": "tenant" + } +} +``` + +

+
+ +### `source_linked` + +A user links a source to their account + +### `impersonation_started` / `impersonation_ended` + +A user starts/ends impersonation, including the user that was impersonated + +### `policy_execution` + +A policy is executed (when a policy has "Execution Logging" enabled). + +### `policy_exception` / `property_mapping_exception` + +A policy or property mapping causes an exception + +### `system_task_exception` + +An exception occurred in a system task. + +### `system_exception` + +A general exception in authentik occurred. + +### `configuration_error` + +A configuration error occurs, for example during the authorization of an application + +### `model_created` / `model_updated` / `model_deleted` + +Logged when any model is created/updated/deleted, including the user that sent the request. + +### `email_sent` + +An email has been sent. Included is the email that was sent. + +### `update_available` + +An update is available