Token Server audit events

Event Description
CONSENT GIVEN User has given consent for a set of scopes for a client.
CONSENT CSRF INVALID The CSRF token provided while submitting a consent is invalid. A CSRF token is only valid for a limited amount of time. All details in the request should match the values expected for this particular CSRF token.
API AUTHENTICATION FAILED Invalid username and password provided while accessing the end user API.
API CONSENT LISTED A list of consents was returned for a user via the end user API.
API CONSENT NO DATA FOUND No consents could be found for a user via the end user API.
API CONSENT REMOVED Consent for a client (all scopes) is removed for a user via the end user API.
API CONSENT NOT REMOVED NOT FOUND Unable to remove consent via the end user API because no corresponding consent could be found.
API CONSENT NOT REMOVED FORBIDDEN Unable to remove a consent via the end user API because the consent requested for removal does not belong to the specified user.
API TOKENS LISTED A list of access tokens was returned for a user via the end user API.
API TOKENS NO DATA FOUND No access tokens could be found for a user via the end user API.
API TOKEN REMOVED Access token for a client is removed for a user via the end user API.
API TOKEN NOT REMOVED NOT FOUND Unable to remove an access token via the end user API because no corresponding access token could be found.
API TOKEN NOT REMOVED FORBIDDEN Unable to remove a token via the end user API because the token requested for removal does not belong to the specified user.
API NOTIFICATION SETTING NOT FOUND No corresponding user is found for the requested notification setting via the end user API.
API NOTIFICATION SETTING FOUND Notification setting is found or the user does exist and uses the default notification setting. This value is returned for the user via the end user API.
API NOTIFICATION SETTING REMOVED Notification setting removed for a user via the end user API.
API NOTIFICATION SETTING SET Notification setting set for a user via the end user API.
API NOTIFICATION SETTING SET FAILED Unable to set notification setting for a user via the end user API. Only values SMS and EMAIL are allowed.
API DEVICES LISTED A list of devices was returned for a user via the end user API.
API DEVICES NO DATA FOUND No devices could be found for a user via the end user API.
API DEVICE REMOVED Device for a user is removed via the end user API.
API DEVICE REMOVAL FAILED An attempt to remove device for a user via end user API failed.
API DEVICE REMOVED FOR ONE PROFILE Device data related to one user profile was removed via the end user API.
API DEVICE REMOVED FOR ONE PROFILE FAILED An attempt to remove device data related to one user profile via the end user API failed.
API DEVICE NOT REMOVED FORBIDDEN Unable to remove a device via the end user API because the device requested for removal does not belong to the specified user.
API FINGER PRINT NOT DISABLED CLIENT NOT FOUND Unable to disable finger print via the end user API because no corresponding device could be found.
API FINGER PRINT NOT DISABLED FORBIDDEN Unable to disable finger print via the end user API because no the device requested does not belong to the specified user.
API FINGER PRINT DISABLED Finger print was disabled for the specified user and device.
API APP LISTED A list of applications was returned for a user via the end user API
API APP NO DATA FOUND No applications could be found for a user via the end user API
API APP REMOVED Access to an application for a user is removed via the end user API
API APP NOT REMOVED NOT FOUND No applications to remove could be found for a user via the end user API
API AUTHENTICATION APPS LISTED A list of authentication app instances was returned for a user via the end user API.
API AUTHENTICATION APP NOT FOUND No authentication app instances could be found for a user via the end user API.
API AUTHENTICATION APP REMOVED The push authentication capabilities for an app were removed for a user via the end user API.
API AUTHENTICATION APP NOT REMOVED NOT FOUND The push authentication capabilities for an app could not be removed because app instance could not be found via the end user API.
API AUTHENTICATION APP NOT REMOVED FORBIDDEN The push authentication capabilities for an app could not be removed because app instance belongs to other user.
API AUTHENTICATION APP AND USER CLIENT KEYS REMOVED The mobile authentication capabilities for a client were removed for a user via the end user API.
API AUTHENTICATION USER CLIENT KEYS NOT REMOVED NOT FOUND The mobile authentication capabilities for a client could not be removed because user client keys could not be found via the end user API.
API AUTHENTICATION USER CLIENT KEYS NOT REMOVED FORBIDDEN The mobile authentication capabilities for a client could not be removed because user client keys belongs to other user.
API PAYLOAD ENCRYPTION APPLICATION DISABLED App version is disabled.
API PAYLOAD ENCRYPTION POLICY NOT FOUND No payload encryption policy could be found via the the API endpoint.
API PAYLOAD ENCRYPTION INVALID PARAMETERS Invalid parameters were forwarded to the API endpoint.
API PAYLOAD ENCRYPTION POLICY FOUND A payload encryption policy was returned for the Onegini Security Proxy via the API endpoint.
API PAYLOAD ENCRYPTION INVALID ACCESS TOKEN Access token could not be found or was invalid.
API VERSION NOT ALLOWED The used endpoint is not allowed for the api version used by the client.
EXTERNAL SCOPE CHECK FAILED An error occurred while performing the external scope check via the scope service endpoint.
EXTERNAL NOTIFICATION FAILED An error occurred while sending a notification to the user via the external notification service.
ADMIN AUTHENTICATION FAILURE User has entered an incorrect username and/or password to log in into the admin console.
ADMIN AUTHENTICATION SUCCESS User has successfully logged into the admin console. The details provide information about the roles that the user has in the admin console. No roles means that he does not have any permissions.
ADMIN CLIENT DELETED An oauth client has been deleted via the admin console.
ADMIN CLIENT DELETION FAILURE An attempt to delete an oauth client via the admin console failed.
ADMIN CLIENT UPDATED An oauth client has been updated via the admin console.
ADMIN STATIC CLIENT CREATED A static oauth client has been created via the admin console.
ADMIN API CLIENT CREATED An oauth client for API calls has been created via the admin console.
ADMIN OPENID CLIENT CONFIG CREATED An OpenID configuration for a client has been created via the admin console
ADMIN OPENID CLIENT CONFIG DELETED An OpenID configuration for a client has been deleted via the admin console
ADMIN OPENID CLIENT CONFIG UPDATED An OpenID configuration for a cleint has been updated via the admin console
ADMIN SCOPE DELETED An oauth scope has been deleted via the admin console.
ADMIN SCOPE CREATED An oauth scope has been created via the admin console.
ADMIN SCOPE UPDATED An oauth scope has been updated via the admin console.
ADMIN MOBILE APP CREATED A mobile application has been created via the admin console.
ADMIN MOBILE APP DELETED A mobile application has been deleted via the admin console.
ADMIN MOBILE APP UPDATED A mobile application has been updated via the admin console.
ADMIN MOBILE PLATFORM CREATED A mobile platform has been created via the admin console.
ADMIN MOBILE PLATFORM DELETED A mobile platform has been deleted via the admin console.
ADMIN MOBILE PLATFORM UPDATED A mobile platform has been updated via the admin console.
ADMIN MOBILE CONFIG UPDATED The configuration for mobile authentication has been changed in the admin console.
ADMIN CORS CONFIG UPDATED The configuration for CORS has been changed in the admin console.
ADMIN PROXY CONFIG UPDATED The proxy configuration has been changed in the admin console.
ADMIN SYSTEM EXTENSION ENGINE CONFIG UPDATED The configuration for the connection to the Extension Engine has been changed in the admin console.
ADMIN SYSTEM EXTENSION ENGINE PROPERTY CREATED A property in the Extension Engine has been created via the admin console.
ADMIN SYSTEM EXTENSION ENGINE PROPERTY DELETED A property in the Extension Engine has been deleted via the admin console.
ADMIN SYSTEM EXTENSION ENGINE PROPERTY UPDATED A property in the Extension Engine has been updated via the admin console.
ADMIN SYSTEM FEATURE CONFIG UPDATED The configuration for system features has been changed in the admin console.
ADMIN SYSTEM GEOLOCATION CONFIG UPDATED The configuration for the geolocation service has been changed in the admin console.
ADMIN MOBILE PLATFORM VERSION CREATED An App version has been created for a mobile application via the admin console.
ADMIN MOBILE PLATFORM VERSION UPDATED An App version has been updated for a mobile application via the admin console.
ADMIN MOBILE PLATFORM VERSION DELETED An App version has been deleted for a mobile application via the admin console.
ADMIN AUTH PROPERTIES SET CREATED Mobile authentication type has been created via the admin console.
ADMIN AUTH PROPERTIES SET UPDATED Mobile authentication type has been updated via the admin console.
ADMIN AUTH PROPERTIES SET DELETED Mobile authentication type has been deleted via the admin console.
ADMIN CALLBACK CONFIG CREATED Callback configuration has been created via the admin console.
ADMIN CALLBACK CONFIG UPDATED Callback configuration has been updated via the admin console.
ADMIN CALLBACK CONFIG DELETED Callback configuration has been deleted via the admin console.
ADMIN PUSH MESSAGING CONFIG CREATED Push messaging configuration has been created via the admin console.
ADMIN PUSH MESSAGING CONFIG UPDATED Push messaging configuration has been updated via the admin console.
ADMIN PUSH MESSAGING CONFIG DELETED Push messaging configuration has been deleted via the admin console.
ADMIN IDENTITY PROVIDER CREATED An identity provider has been created via the admin console.
ADMIN IDENTITY PROVIDER DELETED An identity provider has been deleted via the admin console.
ADMIN IDENTITY PROVIDER UPDATED An identity provider has been updated via the admin console.
ADMIN IDENTITY PROVIDER ATTRIBUTE MAPPING CREATED An attribute mapping has been created for an identity provider via the admin console.
ADMIN IDENTITY PROVIDER ATTRIBUTE MAPPING DELETED An attribute mapping has been deleted for an identity provider via the admin console.
ADMIN IDENTITY PROVIDER ATTRIBUTE MAPPING UPDATED An attribute mapping has been updated for an identity provider via the admin console.
ADMIN PIN POLICY CREATED A pin policy has been created via the admin console.
ADMIN PIN POLICY DELETED A pin policy has been deleted via the admin console.
ADMIN PIN POLICY UPDATED A pin policy has been updated via the admin console.
ADMIN MESSAGE CREATED A translation has been created via the admin console.
ADMIN MESSAGE DELETED A translation has been deleted via the admin console.
ADMIN MESSAGE UPDATED A translation has been updated via the admin console.
ADMIN USER REVOKED Revoke user from a device via the admin console.
ADMIN USER REVOKE FAILURE An attempt to revoke user from device via the admin console failed.
ADMIN APPLICATION INSTANCE REVOKED Revoke push enrollment for a user via the admin console.
ADMIN APPLICATION INSTANCE NOT REVOKED NOT FOUND Attempt to revoke push enrollment for a user via the admin console, but no push enrollment was found.
ADMIN APPLICATION INSTANCE NOT REVOKED INCORRECT DEVICE Attempt to revoke push enrollment for a user via the admin console, but the device does not match or is unknown.
ADMIN USER CLIENT KEYS REVOKED Revoke mobile authentication enrollment for a user via the admin console.
ADMIN USER CLIENT KEYS NOT REVOKED NOT FOUND Attempt to revoke mobile authentication enrollment for a user via the admin console, but no mobile authentication enrollment was found.
ADMIN USER CLIENT KEYS NOT REVOKED INCORRECT DEVICE Attempt to revoke mobile authentication enrollment for a user via the admin console, but the device does not match or is unknown.
ADMIN TEMPLATES TEMPLATE SETS CREATED A template set has been added via the admin console.
ADMIN TEMPLATES TEMPLATE SETS UPDATED A template set has been modified via the admin console.
ADMIN TEMPLATES TEMPLATE SETS DELETED A template set has been removed via the admin console.
ADMIN CUSTOM AUTHENTICATOR CREATED Configuration for a Custom Authenticator has been added via the admin console.
ADMIN CUSTOM AUTHENTICATOR UPDATED Configuration for a Custom Authenticator has been modified via the admin console.
ADMIN CUSTOM AUTHENTICATOR DELETED Configuration for a Custom Authenticator has been removed via the admin console.
HELPDESK CLIENT DELETE UNAUTHORIZED Attempt to delete a dynamic client via the admin console, but this operation is not permitted for the helpdesk user.
HELPDESK APPLICATION INSTANCE REVOKE UNAUTHORIZED Attempt to revoke mobile authentication for a user via the admin console, but this operation is not permitted for the helpdesk user.
HELPDESK APPLICATION INSTANCE NOT REVOKED FORBIDDEN This event is renamed to "HELPDESK APPLICATION INSTANCE REVOKE UNAUTHORIZED".
HELPDESK USER REVOKE UNAUTHORIZED Attempt to disconnect a user from a device via the admin console, but this operation is not permitted for the helpdesk user.
CLIENT CREDENTIALS CHECK SUCCESS Successfully verified the client credentials
CLIENT CREDENTIALS CHECK SKIPPED The client credentials are not validated because the application is running in development mode.
CLIENT CREDENTIALS CHECK FAILED Could not verify the client credentials
CLIENT VALIDATION INVALID HEADER Client validation failed because one or more required headers is missing or no mobile application can be found based on the header values.
CLIENT VALIDATION VERSION DISABLED Client validation failed because the version has been disabled
CLIENT VALIDATION UPGRADE INITIALIZED Client validation resulted in the initialization of Dynamic Client Upgrade.
CLIENT VALIDATION DEBUGGER DETECTED Client validation failed because debugger was detected
CLIENT VALIDATION JAILBREAK DETECTED Client validation failed because jailbreak was detected
CLIENT VALIDATION ABUSE DETECTED Client validation failed because abuse was detected. Verify the application signature.
CLIENT VALIDATION OS VERSION INVALID Client validation failed because client's OS version is not supported or blacklisted.
DYNAMIC REG INVALID HEADER Unable to perform dynamic client registration because one or more required headers is missing or no mobile application can be found based on the header values.
DYNAMIC REG INVALID REQUEST Unable to perform dynamic client registration because identifier or challenge response is not available in request.
DYNAMIC REG SUCCESS New client was registered via dynamic client registration.
DYNAMIC REG FAILED Dynamic client registration failed due to invalid challenge response.
DYNAMIC REG NEW REGISTRATIONS DISABLED Dynamic client registration failed because new registrations are disabled
DYNAMIC REG VERSION DISABLED Dynamic client registration failed because the version is disabled
DYNAMIC REG OS VERSION INVALID Dynamic client registration failed because client's OS version is not supported or blacklisted.
DYNAMIC UP SUCCESS Dynamic client upgrade was successfully executed, the application version associated with the dynamic client was updated.
DYNAMIC UP FAILED Dynamic client upgrade failed
AUTHORIZATION LVL UNSUPPORTED The authentication level specified in the authentication level header of the incoming request can not be parsed to a valid integer value.
AUTHORIZATION FAILED UNABLE TO GENERATE ID TOKEN Error occurred during id token generation process, check OpenID Connect signing/encryption properties.
AUTHZ REQUEST AUTHENTICATION LVL INSUFFICIENT The authentication level specified in the authentication level header of the incoming request is lower then the required authentication level by one or more of the requested scopes.
AUTHZ REQUEST INVALID The OAuth authorization request is missing one or more required fields.
AUTHZ REQUEST REDIRECT URI INVALID The provided redirect uri does not match the configured redirect uri for the specified client.
AUTHZ REQUEST SCOPE INVALID One or more of the requested scopes is not available for the specified client.
AUTHZ REQUEST NOT AUTHORIZED FOR SCOPE The user is not authorized for the requested scope. See the scope verification service topic guide for more info.
AUTHZ REQUEST GRANT CREATED An authorization code is created for the requested client and scopes.
AUTHZ REQUEST TOKEN CREATED An access token is created for the requested client and scopes via the implicit flow.
AUTHZ REQUEST INVALID CLIENT The client_id in the OAuth authorization request is invalid or unknown
AUTHZ REQUEST INVALID RESPONSE TYPE The response type used does not match a grant type selected for the client. Or the response type is not a valid grant type supported by the application.
AUTHZ API SCOPE INVALID One or more of the requested scopes is not available for the specified client.
AUTHZ API NOT AUTHORIZED FOR SCOPE The user is not authorized for the requested scope. See the scope verification service topic guide for more info.
AUTHZ API UNAUTHORIZED CLIENT The client is not allowed to perform this action. Make sure the 'user registration' flow is enabled for the used application.
AUTHZ API GRANT CREATED An authorization code is created for the requested client and scopes.
TOKEN REQUEST INVALID The access token request is missing one or more required fields.
TOKEN REQUEST INVALID GRANT The access grant used to request an access token was expired or revoked.
TOKEN REQUEST SCOPE INVALID One or more of the requested scopes is not available for the specified client.
TOKEN REQUEST NOT AUTHORIZED FOR SCOPE The user does not have a product for the requested scope.
TOKEN REQUEST INVALID CLIENT CREDENTIALS Provided client id and client secret do not match.
TOKEN REQUEST INVALID REFRESH TOKEN No access token could be found based on the provided refresh token.
TOKEN REQUEST INVALID BEARER TOKEN No access token could be found based on the provided bearer token.
TOKEN REQUEST DISABLED GRANT TYPE The required grant type is not enabled for the client.
TOKEN REQUEST UNSUPPORTED GRANT TYPE Grant type used is not recognized and supported by the application.
TOKEN REQUEST INVALID CLIENT No client could be found based on the specified client id.
TOKEN REQUEST ACCESS TOKEN CREATED Access token created via provided authorization code.
TOKEN REQUEST ACCESS TOKEN REFRESHED A new access token is created based on the provided refresh token.
TOKEN REQUEST INVALID ACCESS TOKEN The provided access token (for validation) is expired or revoked.
TOKEN REQUEST ACCESS TOKEN VALIDATED The provided access token (for validation) is valid.
TOKEN REQUEST FINGER PRINT INVALID CLIENT CREDENTIALS The client credentials used to fetch a finger print refresh token were invalid.
TOKEN REQUEST FINGER PRINT INVALID REFRESH TOKEN The refresh token used to fetch a finger print refresh token was invalid.
TOKEN REQUEST FINGER PRINT TOKEN CREATED A refresh token for finger print usage was created and the original refresh token was refreshed.
TOKEN REQUEST FINGER PRINT ACCESS TOKEN REFRESHED The finger print refresh token was refreshed
TOKEN REQUEST FINGER PRINT REFRESH TOKEN RETRY COUNT EXCEEDED The finger print refresh token used was wrong, therefore all finger print refresh tokens for this client are removed
TOKEN REQUEST INVALID PROFILE ID Provided profile id has invalid format or is already used by other user of the client.
TOKEN REQUEST IMPLICIT AUTHENTICATION ACCESS TOKEN CREATED An implicit authentication access token was created based on the provided client credentials, profile id and scopes.
TOKEN REQUEST REFRESH TOKEN RETRY COUNT EXCEEDED The refresh token has been used wrongly for more than the maximum allowed retries. The refresh token is invalidated.
TOKEN REQUEST PASSWORD ACCESS TOKEN CREATED A new access token (with optionally a refresh token) was created for the user using the resource owner password credentials flow.
TOKEN REQUEST PASSWORD GRANT INVALID The identity provider returned that the credentials provided in the resource owner password credentials request were not valid.
TOKEN REVOKE ACCESS TOKEN SUCCESS The access token was successfully revoked, corresponding refresh token when available is not revoked.
TOKEN REVOKE ACCESS TOKEN INVALID The access token could not be revoked.
TOKEN REVOKE REFRESH TOKEN SUCCESS The refresh token was successfully revoked including the access tokens based on this refresh token.
TOKEN REVOKE REFRESH TOKEN INVALID The refresh token could not be revoked.
TOKEN REVOKE CLIENT INVALID The token could not be revoked because the client is not found or the client credentials are invalid.
TOKEN REVOKE TOKEN INVALID The token could not be revoked because it is not found. There was no token type hint specified in the request.
TOKEN REVOKE CLIENT TOKENS SUCCESS All tokens available for a client were removed via the client tokens revocation endpoint.
TOKEN REVOKE PROFILE SUCCESS All tokens available for a profile were removed via the profile revocation endpoint.
TOKEN REVOKE CLIENT FINGER PRINT TOKENS SUCCESS All fingerprint tokens available for a client were removed via the token revocation endpoint.
TOKEN REVOKE PROFILE TOKENS SUCCESS All tokens available for a profile on a client were revoked using the profile token revocation endpoint.
TOKEN REVOKE PROFILE FINGER PRINT TOKENS SUCCESS All fingerprint tokens available for a profile on a client were removed using the profile token revocation endpoint.
TOKEN INTROSPECTION SUCCESS Token introspection of the token was successful
TOKEN INTROSPECTION FAILED Token introspection failed, access token used is expired or revoked.
PASSWORD GRANT NOT SUPPORTED FOR IDENTITY PROVIDER A resource owner password credential request was received but the identity provider configured for this client does not support this authorization type.
ENROLLMENT FAILURE DISABLED Failed to process the enrollment request because enrollment is disabled.
ENROLLMENT INITIALIZED Successfully initialized the enrollment process.
ENROLLMENT INIT FAILURE INVALID REQ Failed to initialize enrollment because input params were invalid.
ENROLLMENT INIT FAILURE INVALID TOKEN Failed to initialize enrollment because the access token was invalid.
ENROLLMENT KEY FETCHED Successfully fetched the public key for the mobile authentication server.
ENROLLMENT KEY FAILURE INVALID ID Failed to generate the public key because the given identifier was not found.
ENROLLMENT ACK SUCCESS Successfully acknowledged the enrollment.
ENROLLMENT KEY FAILURE INVALID REQ Failed to generate the public key because input params were invalid.
ENROLLMENT ACK FAILURE INVALID ID Failed to acknowledge the enrollment because the given identifier was not found.
ENROLLMENT UPDATE SUCCESS Successfully updated the push token.
ENROLLMENT UPDATE FAILURE INVALID REQ Failed to update the push token because input params were invalid or the old push token provided did not match the client's current push token.
ENROLLMENT UPDATE FAILURE INVALID TOKEN Failed to update the push token because the access token was invalid.
ENROLLMENT UPDATE FAILURE UNSUPPORTED PLATFORM Failed to update the push token because the client's platform is not supported by this operation.
ONE TIME PASSWORD AUTH SUCCEEDED Successfully authenticated using One Time Password.
ONE TIME PASSWORD AUTH FAILED One Time Password authentication failed.
ONE TIME PASSWORD GENERATION FAILED MISSING USER ID Failed to generate One Time Password due to a missing user identifier.
API ACCESS NOT ALLOWED INVALID CREDENTIALS The client credentials provided to access the API were invalid.
API ACCESS NOT ALLOWED DISABLED GRANT TYPE The required grant type to access the API is not enabled for the client.
API ACCESS NOT ALLOWED INVALID SCOPES The required scope to access the API is not enabled for the client.
API ACCESS GRANTED Access to the API was successfully granted.
PUSH AUTH TRANSACTION SIGNING FAILED INVALID TRANSACTION Invalid verify transaction signature request because of an unknown transaction.
PUSH AUTH TRANSACTION SIGNING FAILED REQUIRE OFFLINE AUTH Invalid verify transaction signature request because transaction requires offline authentication.
PUSH AUTH TRANSACTION SIGNING FAILED ENDPOINT NOT ALLOWED Endpoint not allowed for unsigned authentication transactions.
PUSH AUTH TRANSACTION SIGNING FAILED TO DECRYPT MESSAGE Invalid verify transaction signature request because it could not be decrypted.
PUSH AUTH TRANSACTION SIGNING FAILED INVALID TRANSACTION DATA Invalid verify transaction signature request because transaction signature data contains invalid parameters.
PUSH AUTH TRANSACTION SIGNING FAILED NOT AUTHENTICATED Invalid verify transaction signature request because the transaction is not authenticated.
PUSH AUTH TRANSACTION SIGNING FAILED TRANSACTION EXPIRED Invalid verify transaction signature request because the transaction has expired.
PUSH AUTH CALLBACK SENT The authentication initializer was informed about the authentication result via a callback.
PUSH AUTH CALLBACK FAILED An error occurred while sending a callback to the authentication initializer.
PUSH AUTH VALIDATION PIN LIMIT EXCEEDED Exceeded allowed push with PIN answer attempts due to invalid PIN, therefore the user is revoked for this application instance.
PUSH AUTH VALIDATION FINGER PRINT LIMIT EXCEEDED The wrong finger print was used via push authentication, therefore fingerprint authentication is revoked for this user.
PUSH AUTH VALIDATION CUSTOM AUTHENTICATOR LIMIT EXCEEDED The wrong custom authenticator access token was used via push authentication, therefore the used custom authenticator is revoked for this user.
PUSH AUTH TRANSACTION RETRIEVED Authentication transaction successfully retrieved.
PUSH AUTH TRANSACTION NOT RETRIEVED Failed to retrieve authentication transaction, invalid transaction id.
PUSH AUTH NOT AUTHENTICATED INVALID REFRESH TOKEN Failed to answer push message due to invalid refresh token.
SMS AUTH INIT FAILURE PHONE NUMBER INVALID OR MISSING Failed to initialise SMS authentication, phone number missing or invalid.
SMS AUTH INIT FAILURE FAILED TO SEND SMS Failed to initialise SMS authentication - failed to send SMS.
SMS AUTH NOT AUTHENTICATED INVALID VERIFICATION CODE Failed to authenticate via SMS, wrong verification code.
SMS AUTH INIT FAILURE DISABLED Failed to initialise sms authentication, functionality disabled.
SMS AUTH INIT MESSAGE SENT Sms authentication message has been successfully sent.
PUSH AUTH FETCH SECURED MESSAGE FETCHED Successfully fetched secured authentication message.
PUSH AUTH FETCH FAILED INVALID TRANSACTION Failed to fetch secured authentication message due to invalid transaction id.
PUSH AUTH FETCH FAILED TRANSACTION ALREADY FETCHED Failed to fetch secured authentication message due to transaction can be fetched only once.
PUSH AUTH FETCH FAILED TRANSACTION EXPIRED Failed to fetch secured authentication message due to expired transaction.
SMS AUTH AUTHENTICATED Successfully authenticated via sms
SMS AUTH FAILURE INVALID TRANSACTION Failed to authenticate via SMS, invalid transaction identifier.
SMS AUTH VALIDATION LIMIT EXCEEDED Exceeded allowed SMS code verification attempts, transaction revoked.
SMS RESEND FAILED Resending of sms failed. The details field contains the cause.
SMS RESEND SUCCEEDED Resending of sms succeeded.
UNABLE TO DETERMINE IDENTITY PROVIDER No identity provider could be selected for the incoming authentication request.
IDENTITY PROVIDER UNSUPPORTED This identity provider is not supported. Possible scenario is when an API based identity provider is used for a browser based authentication flow.
MOBILE CLIENT UPDATED PLATFORM VERSION Updated the App version for a client
SMS STEP UP CSRF INVALID The CSRF token provided while submitting a sms code is invalid. A CSRF token is only valid for a limited amount of time. All details in the request should match the values expected for this particular CSRF token.
SMS STEP UP CODE INVALID The code submitted during sms step up was invalid.
IDP OAUTH STATE MISMATCH The expected value for the state parameter from the OAuth IdP does not match the stored value, or one of the state values is missing.
IDP OAUTH MISSING ACCESS GRANT The OAuth IdP did not return an access grant.
IDP OAUTH MISSING ACCESS TOKEN The OAuth IdP did not return an access token.
IDP OAUTH MISSING USER INFO The OAuth IdP did not return user information or the response was in an unexpected format.

JWT Key events

Event Description
JWT KEYS ROTATED The keys for the Json Web Token signing were rotated
JWT KEYS ALGORITHM UPDATED The algorithm for the Json Web Token signing was updated. Keys will also have changed since the algorithm was modified.

OpenID events

Event Description
ID TOKEN CREATED ID Token was created.
ID TOKEN NONCE MISSING Failed to create ID Token because mandatory parameter nonce was missing.
ID TOKEN INVALID CONFIGURATION Failed to create ID Token due to invalid OpenID Connect configuration.
OPENID SESSION LOGOUT SUCCESS The OpenID session was ended and all clients were logged out.
OPENID SESSION LOGOUT CONFIRM PAGE SHOWN A confirm page is shown when trying to end the OpenID session.
OPENID SESSION LOGOUT FAILURE REJECTED An attempt to end OpenID session failed because the user has rejected the confirmation.
OPENID SESSION LOGOUT FAILURE An attempt to end OpenID session failed.
OPENID TOKEN ENCRYPTION ALGORITHM NOT SUPPORTED The encryption algorithm parsed from the Relying Party's JWK is not supported by Token Server.
OPENID TOKEN ENCRYPTION METHOD NOT SUPPORTED The configured encryption method is not supported by Token Server.
OPENID TOKEN ENCRYPTION KEY TYPE NOT SUPPORTED JWKSet (response from Relaying party server) does not contain a supported type of key.
OPENID TOKEN ENCRYPTION BAD JWKS URI The jwks_uri was not reachable or did not return a proper response.
OPENID TOKEN ENCRYPTION FAILED Failed to encrypt a signed JWT.

SAML

Event Description
IDP SAML LOGIN MAPPED USER ID NOT FOUND The SAML IdP did not return a user identifier in the configured attribute.
IDP SAML SINGLE LOGOUT USER NOT FOUND An SLO request was received, but the corresponding access grants or tokens did not exist or were already expired.
IDP SAML SINGLE LOGOUT SUCCESS A user was logged out via a IdP or SP-initiated single logout request.
IDP SAML SINGLE LOGOUT NOT SUCCESSFUL A user was not successfully logged out via an SP-initiated single logout request.
IDP SAML SINGLE LOGOUT INITIATED A SP-initiated single logout request was initiated for a user.
IDP SAML SINGLE LOGOUT INITIATION SKIPPED A SP-initiated single logout request was not successfully initiated for a user.

Key enrollment audit events

Event Description
KEY ENROLLMENT SUCCESS Successfully enrolled keys for a user.
KEY ENROLLMENT FAILURE INVALID REQUEST Failed to process the key enrollment request because input parameters were invalid.
KEY ENROLLMENT FAILURE DISABLED Failed to process the key enrollment request because the key enrollment is disabled.
KEY ENROLLMENT FAILURE UPDATE DISABLED Failed to perform key enrollment because the update of the keys for the key enrollment is disabled. (deprecated)
KEY ENROLLMENT FAILURE INVALID TOKEN Failed to perform key enrollment because the access token was invalid.

Push enrollment audit events

Event Description
PUSH ENROLLMENT SUCCESS The user was successfully enrolled for mobile authentication with push.
PUSH ENROLLMENT FAILURE FEATURE DISABLED Failed to enroll for push because the feature is disabled.
PUSH ENROLLMENT FAILURE INVALID REQ Failed to enroll for push because the request was malformed or had missing parameters.
PUSH ENROLLMENT FAILURE INVALID ACCESS TOKEN Failed to enroll for push because the access token that was provided was invalid.
PUSH ENROLLMENT FAILURE KEYS NOT EXCHANGED Failed to enroll for push because the user has not yet performed key enrollment (required for push).
PUSH ENROLLMENT FAILURE EXISTING PUSH TOKEN Failed to enroll for push because the push token provided is already in use by another device or instance.
PUSH ENROLLMENT FAILURE USER ALREADY ENROLLED Failed to enroll for push because the user is already enrolled for push.
PUSH ENROLLMENT DROP EXISTING APP INSTANCE While enrolling for push, existing push enrollment was dropped.
PUSH ENROLLMENT DROP EXISTING USER CLIENT KEYS While enrolling for push, existing key enrollment was dropped.
PUSH ENROLLMENT UPDATE SUCCESS The push enrollment was successfully updated.
PUSH ENROLLMENT UPDATE FAILURE INVALID REQ Failed to update push enrollment because the request was malformed or had missing parameters.
PUSH ENROLLMENT UPDATE INVALID PLATFORM While updating the push enrollment, an unsupported platform was used.
PUSH ENROLLMENT UPDATE FAILURE EXISTING PUSH TOKEN Failed to update the enrollment for push because the push token provided is already in use by another device.
PUSH ENROLLMENT UPDATE FAILURE NOT ENROLLED Failed to update the enrollment for push because the device is not enrolled for push.

Mobile authentication initialization events

Event Description
MOBILE AUTH INIT FAILURE INVALID REQ Failed to initialize mobile authentication because input parameters were invalid.
MOBILE AUTH INIT FAILURE INVALID AUTH PROPERTIES NAME Failed to initialize authentication because the given name of the mobile authentication type was invalid.
OTP AUTH INITIALIZED Otp authentication successfully initialized.
OTP AUTH INIT FAILURE Otp authentication failed to initialize.
PUSH AUTH INIT FAILURE NO APP INSTANCE Failed to initialize authentication because no authentication app configured for the user.
PUSH AUTH INIT FAILURE MULTIPLE APP INSTANCES Failed to initialize authentication because multiple authentication apps have been configured for the user. Deregister authentication apps or send a more specific request to choose one.
PUSH AUTH INIT FAILURE MISSING APP ID Failed to initialize authentication because the application identifier is missing in the request.
PUSH AUTH INIT FAILURE AUTH METHOD NOT AVAILABLE Failed to initialize authentication because the chosen authentication method is not available for the user.
PUSH AUTH INIT FAILURE DISABLED Failed to initialize authentication because push authentication disabled.
PUSH AUTH INIT FAILURE MESSAGE TOO LONG Failed to initialize authentication because message content was too long.
PUSH AUTH INITIALIZED Successfully initialized push authentication for a user.
PUSH AUTH RESEND FAILURE RESEND LIMIT REACHED Failed to resend push message because the resend limit was reached.
PUSH AUTH RESEND FAILURE NO APP INSTANCE Failed to resend push message because no authentication app configured for the user.
PUSH AUTH RESEND SUCCESS Successfully resent push message to the push service. Note that this does not necessarily mean the push message arrived.
PUSH AUTH PUSH SERVICE FAILURE Failed to initialize authentication, unable to connect with Push Notification Service or push message rejected.
INVALID API VERSION BASED ON SERVER CONFIG Usage of an older API is blocked based on the server configuration. A newer version of the API should be used.

Mobile authentication fetch additional transaction data events

Event Description
MOBILE AUTH FETCH SECURED MESSAGE FETCHED Successfully fetched additional transaction data for mobile authentication.
MOBILE AUTH FETCH FAILED TRANSACTION ALREADY FETCHED Additional transaction data has already been fetched before.
MOBILE AUTH FETCH FAILED REQUIRE OFFLINE AUTH Additional transaction data is not meant to be fetched.
MOBILE AUTH FETCH FAILED INVALID TRANSACTION Transaction is unknown.
MOBILE AUTH FETCH FAILED INVALID ENDPOINT VERSION Endpoint to fetch additional transaction data is called for the wrong API version.
MOBILE AUTH FETCH FAILED TRANSACTION EXPIRED Transaction has expired.
MOBILE AUTH FETCH FAILED NO APP INSTANCE User has not enrolled for push authentication.
MOBILE AUTH FETCH FAILED NO USER CLIENT KEYS User has not enrolled their keys.
MOBILE AUTH FETCH FAILED INVALID CLIENT ID Unknown identifier for the client.
MOBILE AUTH FETCH FAILED MISSING PROFILE ID FOR OTP AUTH Missing parameter for profileId in a request for OTP.

Mobile authentication answer events

Event Description
MOBILE AUTH AUTHENTICATED Successfully authenticated via mobile authentication.
MOBILE AUTH NOT AUTHENTICATED User rejected authentication via mobile authentication.
MOBILE AUTH NOT AUTHENTICATED INVALID TOKEN Invalid mobile authentication answer received because of an invalid authentication token.
PUSH AUTH NOT AUTHENTICATED INVALID TRANSACTION Invalid push authentication answer received because of an unknown transaction.
PUSH AUTH NOT AUTHENTICATED REQUIRE OFFLINE AUTH Invalid push authentication answer received because transaction requires offline authentication.
PUSH AUTH NOT AUTHENTICATED TRANSACTION EXPIRED Invalid push authentication answer received because the transaction has expired.
PUSH AUTH NOT AUTHENTICATED INVALID ENDPOINT VERSION Invalid push authentication answer endpoint version was used for authentication transaction.
PUSH AUTH NOT AUTHENTICATED FAILED TO DECRYPT MESSAGE Invalid push authentication answer received because it could not be decrypted.

Custom Authenticators audit events

Event Description
CUSTOM AUTHENTICATOR BAD REQUEST Custom Authenticator API was reached, but the request was invalid. The details field contains the endpoint which was attempted.
CUSTOM AUTHENTICATOR DISABLED Custom Authenticator feature is disabled.
CUSTOM AUTHENTICATOR INVALID CLIENT Invalid client was used to attempt Custom Authenticators API. The reason is provided in details field.
CUSTOM AUTHENTICATOR ERROR Custom Authenticator was invoked, but an error occurred which prevented it from successfully completing.
CUSTOM AUTHENTICATOR REGISTRATION SUCCESS Custom Authenticator registration request was executed with success.
CUSTOM AUTHENTICATOR REGISTRATION FAILURE Custom Authenticator registration request was executed with failure.
CUSTOM AUTHENTICATOR REGISTRATION INVALID ACCESS TOKEN Invalid access token was provided in Custom Authenticator registration request.
CUSTOM AUTHENTICATOR AUTHENTICATION SUCCESS Authentication using the Custom Authenticator was successful.
CUSTOM AUTHENTICATOR AUTHENTICATION FAILURE Authentication using the Custom Authenticator failed.
CUSTOM AUTHENTICATOR DEREGISTRATION SUCCESS Custom Authenticator deregistration request was executed with success.
CUSTOM AUTHENTICATOR DEREGISTRATION INVALID ACCESS TOKEN Invalid access token was provided in Custom Authenticator deregistration request.
CUSTOM AUTHENTICATOR RESPONSE INVALID The Extension Engine returned an unknown (error) status in the response.
CUSTOM AUTHENTICATOR USER ALREADY REGISTERED Custom Authenticator is already registered for the user.
CUSTOM AUTHENTICATOR USER NOT REGISTERED The user is not registered for this Custom Authenticator.
CUSTOM AUTHENTICATOR DOES NOT EXIST The requested Custom Authenticator does not exist.
CUSTOM AUTHENTICATOR UNKNOWN USER The user was not recognized by the system.
CUSTOM AUTHENTICATOR INTERNAL SERVER ERROR The Token Server encountered an unrecoverable error during one of the Custom Authenticator actions.

Custom Registration audit events

Event Description
CUSTOM REGISTRATION BAD REQUEST Custom Registration API was reached, but the request was invalid. The details field contains the endpoint which was attempted.
CUSTOM REGISTRATION DISABLED IDENTITY PROVIDER The specified Identity Provider is either disabled or not configured to the requesting application.
CUSTOM REGISTRATION INVALID IDENTITY PROVIDER The specified Identity Provider does not exist.
CUSTOM REGISTRATION INVALID SCOPE The scope was not correct for this ClientId.
CUSTOM REGISTRATION SCRIPT ERROR The Extension Engine encountered an error when executing the Custom API Script.
CUSTOM REGISTRATION INVALID TRANSACTION The transaction does not exist or is expired. Also sent when Identity Provider or ClientId are different than at the time of transaction creation.
CUSTOM REGISTRATION INIT SUCCESS The init script for this Custom API has executed with a success status.
CUSTOM REGISTRATION INIT FAILURE The init script for this Custom API has executed with a failure status.
CUSTOM REGISTRATION BACKCHANNEL SUCCESS The complete script for this Custom API has executed with a success status.
CUSTOM REGISTRATION BACKCHANNEL FAILURE The complete script for this Custom API has executed with a failure status.
CUSTOM REGISTRATION COMPLETE SUCCESS The backchannel script for this Custom API has executed with a success status.
CUSTOM REGISTRATION COMPLETE FAILURE The backchannel script for this Custom API has executed with a failure status.

Two Way OTP audit events

Event Description
TWO WAY OTP INITIALIZED A challenge code has been created for Two Way OTP.
TWO WAY OTP ENRICHED Successfully enriched the transaction and generated a response code.
TWO WAY OTP ENRICHMENT FAILED INVALID TRANSACTION STATE The transaction is not in a state to be enriched.
TWO WAY OTP ENRICHMENT FAILED TRANSACTION NOT FOUND Could not find the transaction when attempting to enrich it.
TWO WAY OTP ENRICHMENT FAILED INVALID REQUEST The request to enrich the transaction was not valid or missing required parameters.
TWO WAY OTP ENRICHMENT FAILED FORBIDDEN SCOPES The scopes are invalid or the user has no rights for these scopes to enrich the transaction.
TWO WAY OTP VALIDATED A response code has been validated for Two Way OTP.
TWO WAY OTP VALIDATION FAILED INVALID Invalid response code for Two Way OTP.
TWO WAY OTP VALIDATION FAILED INVALID MAX ATTEMPTS REACHED Too many failed attempts to validate the response code for Two Way OTP.
TWO WAY OTP VALIDATION FAILED INVALID CSRF TOKEN CSRF token in the validation request for Two Way OTP was invalid.
TWO WAY OTP VALIDATION FAILED INVALID TRANSACTION STATE The transaction is not in a state to validate a response code for Two Way OTP.
TWO WAY OTP VALIDATION FAILED TRANSACTION NOT FOUND Could not find a transaction to validate a response code for Two Way OTP.
TWO WAY OTP CREATED Replaced by TWO WAY OTP ENRICHED.
TWO WAY OTP CREATION FAILED INVALID TRANSACTION STATE Replaced by TWO WAY OTP ENRICHMENT FAILED INVALID TRANSACTION STATE.
TWO WAY OTP CREATION FAILED TRANSACTION NOT FOUND Replaced by TWO WAY OTP ENRICHMENT FAILED TRANSACTION NOT FOUND.
TWO WAY OTP CREATION FAILED INVALID REQUEST Replaced by TWO WAY OTP ENRICHMENT FAILED INVALID REQUEST.
TWO WAY OTP CREATION FAILED FORBIDDEN SCOPES Replaced by TWO WAY OTP ENRICHMENT FAILED FORBIDDEN SCOPES.

Configuration API audit events

Event Description
API API CLIENT ALREADY EXISTS An attempt was made to create an API client via the API , but a different OAuth client with the same client_id already exists.
API API CLIENT ADDED An API client has been created via the API.
API API CLIENT LISTED A list of API clients was returned via the API.
API API CLIENT DELETED An API client was deleted via the API.
API API CLIENT UPDATED The configuration of an API client was updated via the API.
API API CLIENT NOT FOUND An attempt was made to read, update or delete an API client via the API, but no API client exists with the given client_id.
API API CLIENT UPDATE BAD ID The client_id in the URL does not match the client_id in the request body .

Admin API audit events

Event Description
API MOBILE PLATFORM VERSION CREATED The new version of mobile application was added via the API.
API MOBILE PLATFORM VERSION UPDATED The one of mobile application's version was updated via the API.
API MOBILE PLATFORM VERSION NOT FOUND Unable to find the mobile application version that was requested via the API.
API MOBILE PLATFORM VERSION FOUND A specific version of the mobile platform version was returned via the API.
API MOBILE PLATFORM VERSION LISTED A list of mobile application's versions was returned via the API.
API MOBILE PLATFORM VERSION ALREADY EXIST Unable to create a mobile application's version config via the API because of duplicated version returned.
API MOBILE PLATFORM VERSION EXPORTED A mobile application configuration file was returned via the API.
API MOBILE PLATFORM INVALID The platform was invalid. Only android and ios are valid platforms.
API MOBILE APPLICATION NOT FOUND Unable to find mobile application.
API WEB CLIENT ALREADY EXISTS An attempt was made to create an Web client via the admin API , but a different OAuth client with the same client_id already exists.
API WEB CLIENT ADDED A Web client has been created via the API.
API WEB CLIENT LISTED A list of Web clients was returned via the API.
API WEB CLIENT DELETED A Web client was deleted via the API.
API WEB CLIENT UPDATED The configuration of a Web client was updated via the API.
API WEB CLIENT NOT FOUND An attempt was made to read, update or delete an Web client via the API, but no Web client exists with the given client_id.
API WEB CLIENT UPDATE BAD ID The client_id in the URL does not match the client_id in the request body.
API EVENTS LISTED A list of events was returned via the API.

Geolocation audit events

Event Description
GEOLOCATION CHECK EXTERNAL CALL SUCCESS A successful call to an external geolocation service was made.
GEOLOCATION CHECK CACHE SUCCESS A geolocation check was requested, but the response is already cached.
GEOLOCATION CHECK SKIPPED DATA MISSING An attempt to execute geolocation check was skipped because the ip address was missing.
GEOLOCATION CHECK RESPONSE PARSING FAILED A call to the geolocation service was made, but either the response was malformed or did not contain all the required fields.
GEOLOCATION CHECK EXTERNAL CALL FAILED A call to the geolocation service could not be made.
GEOLOCATION CHECK FAILED An attempt to execute geolocation check was made, but failed for an unknown reason.

App To Web SSO events

Event Description
APP TO WEB SSO TOKEN CREATED A successful call of App To Web SSO service.
APP TO WEB SSO DISABLED A call was made to use the feature, but it was disabled.
APP TO WEB SSO INVALID IDP TYPE A call was made to use the feature, but the associated IDP was not of the Onegini Type.
APP TO WEB SSO FAILED A call was made to use the feature, but it was failed for some reason. Refer to the 'details' for more information.
APP TO WEB SSO APP_TO_WEB_SSO_TARGET_URL_NOT_CONFIGURED A call was made to use the feature, but it failed because the target_url is not configured in Consumer Identity Manager