Authentication Events
fido2.client.error
Common Attributes
| Attribute | Type | Description |
|---|---|---|
eventId | string | "fido2.client.error" |
msg | string | "Client error." |
defaultSeverity | string | severity of the event unless explicitly specified (default: "info"). |
uuid | string | event unique generated at the time of creation |
timestamp | int64 | timestamp (milliseconds since epoch) |
Mandatory Attributes
| Attribute | Type | Description |
|---|---|---|
appId | string | Identifier of the application associated with the event. |
reason | string | Description of a failure reason. |
Optional Attributes
| Attribute | Type | Description |
|---|---|---|
deviceId | string | Identifier of the device associated with the event (can be used for extracting additional any device info from the system). |
passkeyId | string | An internal passkey identifier associated with the event (can be used for extracting additional any device info from the system). |
srcAddr | string | Network address where request is originating from (IPv4 or IPv6). |
traceId | string | Any trace identifier included with the request (can used for tracing events across multiple systems). |
userId | string | A unique user identifier as it known to the system (may be associated with multiple usernames and other PII). |
username | string | Username used in the authentication context. A user may have multiple usernames (i.e. email, phone, etc.) associated with the same user identity. |
fido2.mfa.begin.completed
Common Attributes
| Attribute | Type | Description |
|---|---|---|
eventId | string | "fido2.mfa.begin.completed" |
msg | string | "MFA begin completed." |
defaultSeverity | string | severity of the event unless explicitly specified (default: "info"). |
uuid | string | event unique generated at the time of creation |
timestamp | int64 | timestamp (milliseconds since epoch) |
Mandatory Attributes
| Attribute | Type | Description |
|---|---|---|
action | string | Next action to be performed in the current workflow. |
appId | string | Identifier of the application associated with the event. |
responseTimeUsec | int64 | Request processing time in microseconds (used for tracking SLAs). |
traceId | string | Any trace identifier included with the request (can used for tracing events across multiple systems). |
userId | string | A unique user identifier as it known to the system (may be associated with multiple usernames and other PII). |
username | string | Username used in the authentication context. A user may have multiple usernames (i.e. email, phone, etc.) associated with the same user identity. |
Optional Attributes
| Attribute | Type | Description |
|---|---|---|
checkoutId | string | Similar to trust ID but in the merchant context. |
deviceId | string | Identifier of the device associated with the event (can be used for extracting additional any device info from the system). |
payload | string | Any additional payload that needs to be signed with the rest of the transaction. |
srcAddr | string | Network address where request is originating from (IPv4 or IPv6). |
trustId | string | Trust identifier derived from public key of the corresponding web crypto record stored on client device. |
fido2.mfa.begin.failed
Common Attributes
| Attribute | Type | Description |
|---|---|---|
eventId | string | "fido2.mfa.begin.failed" |
msg | string | "MFA begin failed." |
defaultSeverity | string | severity of the event unless explicitly specified (default: "warn"). |
uuid | string | event unique generated at the time of creation |
timestamp | int64 | timestamp (milliseconds since epoch) |
Mandatory Attributes
| Attribute | Type | Description |
|---|---|---|
action | string | Next action to be performed in the current workflow. |
appId | string | Identifier of the application associated with the event. |
reason | string | Description of a failure reason. |
responseTimeUsec | int64 | Request processing time in microseconds (used for tracking SLAs). |
traceId | string | Any trace identifier included with the request (can used for tracing events across multiple systems). |
Optional Attributes
| Attribute | Type | Description |
|---|---|---|
checkoutId | string | Similar to trust ID but in the merchant context. |
deviceId | string | Identifier of the device associated with the event (can be used for extracting additional any device info from the system). |
payload | string | Any additional payload that needs to be signed with the rest of the transaction. |
srcAddr | string | Network address where request is originating from (IPv4 or IPv6). |
trustId | string | Trust identifier derived from public key of the corresponding web crypto record stored on client device. |
userId | string | A unique user identifier as it known to the system (may be associated with multiple usernames and other PII). |
username | string | Username used in the authentication context. A user may have multiple usernames (i.e. email, phone, etc.) associated with the same user identity. |
fido2.mfa.begin.init
Common Attributes
| Attribute | Type | Description |
|---|---|---|
eventId | string | "fido2.mfa.begin.init" |
msg | string | "MFA begin initiated." |
defaultSeverity | string | severity of the event unless explicitly specified (default: "info"). |
uuid | string | event unique generated at the time of creation |
timestamp | int64 | timestamp (milliseconds since epoch) |
Mandatory Attributes
| Attribute | Type | Description |
|---|---|---|
appId | string | Identifier of the application associated with the event. |
bluetoothAvailable | bool | BluetoothAvailable flag from webauth bluetooth.getAvailability(). |
clientName | string | Name of the client application (i.e. Chrome, Firefox, etc.) |
clientType | string | Type of the client application (usually "browser" or "app"). |
clientVersion | string | Version of client application (often obfuscated by the device for privacy). |
conditionalGet | bool | ConditionalGet flag from webauth PublicKeyCredential.getClientCapabilities(). |
hybridTransport | bool | HybridTransport flag from webauth PublicKeyCredential.getClientCapabilities(). |
osArch | string | Hardware architecture of the client device. |
osName | string | OS type of the client device. |
osVersion | string | OS version of the client device. |
passkeyPlatformAuthenticator | bool | PasskeyPlatformAuthenticator flag from webauth PublicKeyCredential.getClientCapabilities(). |
screenHeight | int64 | Screen height of the client device. |
screenWidth | int64 | Screen widths of the client device. |
traceId | string | Any trace identifier included with the request (can used for tracing events across multiple systems). |
userAgent | string | Content of "User-agent" header from the request. |
userVerifyingPlatformAuthenticator | bool | UserVerifyingPlatformAuthenticator flag from webauth PublicKeyCredential.getClientCapabilities(). |
Optional Attributes
| Attribute | Type | Description |
|---|---|---|
checkoutId | string | Similar to trust ID but in the merchant context. |
deviceId | string | Identifier of the device associated with the event (can be used for extracting additional any device info from the system). |
payload | string | Any additional payload that needs to be signed with the rest of the transaction. |
srcAddr | string | Network address where request is originating from (IPv4 or IPv6). |
trustId | string | Trust identifier derived from public key of the corresponding web crypto record stored on client device. |
username | string | Username used in the authentication context. A user may have multiple usernames (i.e. email, phone, etc.) associated with the same user identity. |
fido2.mfa.external.auth.completed
Common Attributes
| Attribute | Type | Description |
|---|---|---|
eventId | string | "fido2.mfa.external.auth.completed" |
msg | string | "External authentication completed." |
defaultSeverity | string | severity of the event unless explicitly specified (default: "info"). |
uuid | string | event unique generated at the time of creation |
timestamp | int64 | timestamp (milliseconds since epoch) |
Mandatory Attributes
| Attribute | Type | Description |
|---|---|---|
action | string | Next action to be performed in the current workflow. |
appId | string | Identifier of the application associated with the event. |
responseTimeUsec | int64 | Request processing time in microseconds (used for tracking SLAs). |
traceId | string | Any trace identifier included with the request (can used for tracing events across multiple systems). |
Optional Attributes
| Attribute | Type | Description |
|---|---|---|
srcAddr | string | Network address where request is originating from (IPv4 or IPv6). |
fido2.mfa.external.auth.failed
Common Attributes
| Attribute | Type | Description |
|---|---|---|
eventId | string | "fido2.mfa.external.auth.failed" |
msg | string | "External authentication failed." |
defaultSeverity | string | severity of the event unless explicitly specified (default: "warn"). |
uuid | string | event unique generated at the time of creation |
timestamp | int64 | timestamp (milliseconds since epoch) |
Mandatory Attributes
| Attribute | Type | Description |
|---|---|---|
action | string | Next action to be performed in the current workflow. |
appId | string | Identifier of the application associated with the event. |
reason | string | Description of a failure reason. |
responseTimeUsec | int64 | Request processing time in microseconds (used for tracking SLAs). |
traceId | string | Any trace identifier included with the request (can used for tracing events across multiple systems). |
Optional Attributes
| Attribute | Type | Description |
|---|---|---|
srcAddr | string | Network address where request is originating from (IPv4 or IPv6). |
fido2.mfa.passkey.aaguid.blocked
Common Attributes
| Attribute | Type | Description |
|---|---|---|
eventId | string | "fido2.mfa.passkey.aaguid.blocked" |
msg | string | "Passkey AAGUID blacklisted." |
defaultSeverity | string | severity of the event unless explicitly specified (default: "warn"). |
uuid | string | event unique generated at the time of creation |
timestamp | int64 | timestamp (milliseconds since epoch) |
Mandatory Attributes
| Attribute | Type | Description |
|---|---|---|
aaguid | string | AAGUID of the passkey authenticator from the client. |
action | string | Next action to be performed in the current workflow. |
appId | string | Identifier of the application associated with the event. |
responseTimeUsec | int64 | Request processing time in microseconds (used for tracking SLAs). |
traceId | string | Any trace identifier included with the request (can used for tracing events across multiple systems). |
Optional Attributes
| Attribute | Type | Description |
|---|---|---|
deviceId | string | Identifier of the device associated with the event (can be used for extracting additional any device info from the system). |
srcAddr | string | Network address where request is originating from (IPv4 or IPv6). |
trustId | string | Trust identifier derived from public key of the corresponding web crypto record stored on client device. |
userId | string | A unique user identifier as it known to the system (may be associated with multiple usernames and other PII). |
username | string | Username used in the authentication context. A user may have multiple usernames (i.e. email, phone, etc.) associated with the same user identity. |
fido2.mfa.passkey.auth.failed
Common Attributes
| Attribute | Type | Description |
|---|---|---|
eventId | string | "fido2.mfa.passkey.auth.failed" |
msg | string | "Failed to authenticate with passkey." |
defaultSeverity | string | severity of the event unless explicitly specified (default: "warn"). |
uuid | string | event unique generated at the time of creation |
timestamp | int64 | timestamp (milliseconds since epoch) |
Mandatory Attributes
| Attribute | Type | Description |
|---|---|---|
action | string | Next action to be performed in the current workflow. |
appId | string | Identifier of the application associated with the event. |
reason | string | Description of a failure reason. |
responseTimeUsec | int64 | Request processing time in microseconds (used for tracking SLAs). |
traceId | string | Any trace identifier included with the request (can used for tracing events across multiple systems). |
Optional Attributes
| Attribute | Type | Description |
|---|---|---|
deviceId | string | Identifier of the device associated with the event (can be used for extracting additional any device info from the system). |
srcAddr | string | Network address where request is originating from (IPv4 or IPv6). |
trustId | string | Trust identifier derived from public key of the corresponding web crypto record stored on client device. |
userId | string | A unique user identifier as it known to the system (may be associated with multiple usernames and other PII). |
username | string | Username used in the authentication context. A user may have multiple usernames (i.e. email, phone, etc.) associated with the same user identity. |
fido2.mfa.passkey.authenticated
Common Attributes
| Attribute | Type | Description |
|---|---|---|
eventId | string | "fido2.mfa.passkey.authenticated" |
msg | string | "Passkey authentication completed." |
defaultSeverity | string | severity of the event unless explicitly specified (default: "info"). |
uuid | string | event unique generated at the time of creation |
timestamp | int64 | timestamp (milliseconds since epoch) |
Mandatory Attributes
| Attribute | Type | Description |
|---|---|---|
action | string | Next action to be performed in the current workflow. |
appId | string | Identifier of the application associated with the event. |
deviceId | string | Identifier of the device associated with the event (can be used for extracting additional any device info from the system). |
passkeyId | string | An internal passkey identifier associated with the event (can be used for extracting additional any device info from the system). |
responseTimeUsec | int64 | Request processing time in microseconds (used for tracking SLAs). |
traceId | string | Any trace identifier included with the request (can used for tracing events across multiple systems). |
userId | string | A unique user identifier as it known to the system (may be associated with multiple usernames and other PII). |
username | string | Username used in the authentication context. A user may have multiple usernames (i.e. email, phone, etc.) associated with the same user identity. |
Optional Attributes
| Attribute | Type | Description |
|---|---|---|
srcAddr | string | Network address where request is originating from (IPv4 or IPv6). |
trustId | string | Trust identifier derived from public key of the corresponding web crypto record stored on client device. |
fido2.mfa.passkey.reg.failed
Common Attributes
| Attribute | Type | Description |
|---|---|---|
eventId | string | "fido2.mfa.passkey.reg.failed" |
msg | string | "Failed to register passkey." |
defaultSeverity | string | severity of the event unless explicitly specified (default: "warn"). |
uuid | string | event unique generated at the time of creation |
timestamp | int64 | timestamp (milliseconds since epoch) |
Mandatory Attributes
| Attribute | Type | Description |
|---|---|---|
action | string | Next action to be performed in the current workflow. |
appId | string | Identifier of the application associated with the event. |
reason | string | Description of a failure reason. |
responseTimeUsec | int64 | Request processing time in microseconds (used for tracking SLAs). |
traceId | string | Any trace identifier included with the request (can used for tracing events across multiple systems). |
Optional Attributes
| Attribute | Type | Description |
|---|---|---|
deviceId | string | Identifier of the device associated with the event (can be used for extracting additional any device info from the system). |
srcAddr | string | Network address where request is originating from (IPv4 or IPv6). |
trustId | string | Trust identifier derived from public key of the corresponding web crypto record stored on client device. |
userId | string | A unique user identifier as it known to the system (may be associated with multiple usernames and other PII). |
username | string | Username used in the authentication context. A user may have multiple usernames (i.e. email, phone, etc.) associated with the same user identity. |
fido2.mfa.passkey.registered
Common Attributes
| Attribute | Type | Description |
|---|---|---|
eventId | string | "fido2.mfa.passkey.registered" |
msg | string | "Passkey registration completed." |
defaultSeverity | string | severity of the event unless explicitly specified (default: "info"). |
uuid | string | event unique generated at the time of creation |
timestamp | int64 | timestamp (milliseconds since epoch) |
Mandatory Attributes
| Attribute | Type | Description |
|---|---|---|
action | string | Next action to be performed in the current workflow. |
appId | string | Identifier of the application associated with the event. |
deviceId | string | Identifier of the device associated with the event (can be used for extracting additional any device info from the system). |
passkeyId | string | An internal passkey identifier associated with the event (can be used for extracting additional any device info from the system). |
responseTimeUsec | int64 | Request processing time in microseconds (used for tracking SLAs). |
traceId | string | Any trace identifier included with the request (can used for tracing events across multiple systems). |
userId | string | A unique user identifier as it known to the system (may be associated with multiple usernames and other PII). |
username | string | Username used in the authentication context. A user may have multiple usernames (i.e. email, phone, etc.) associated with the same user identity. |
Optional Attributes
| Attribute | Type | Description |
|---|---|---|
srcAddr | string | Network address where request is originating from (IPv4 or IPv6). |
trustId | string | Trust identifier derived from public key of the corresponding web crypto record stored on client device. |
fido2.mfa.passkey.tx.completed
Common Attributes
| Attribute | Type | Description |
|---|---|---|
eventId | string | "fido2.mfa.passkey.tx.completed" |
msg | string | "Passkey transaction completed." |
defaultSeverity | string | severity of the event unless explicitly specified (default: "info"). |
uuid | string | event unique generated at the time of creation |
timestamp | int64 | timestamp (milliseconds since epoch) |
Mandatory Attributes
| Attribute | Type | Description |
|---|---|---|
action | string | Next action to be performed in the current workflow. |
appId | string | Identifier of the application associated with the event. |
deviceId | string | Identifier of the device associated with the event (can be used for extracting additional any device info from the system). |
passkeyId | string | An internal passkey identifier associated with the event (can be used for extracting additional any device info from the system). |
payload | string | Any additional payload that needs to be signed with the rest of the transaction. |
responseTimeUsec | int64 | Request processing time in microseconds (used for tracking SLAs). |
traceId | string | Any trace identifier included with the request (can used for tracing events across multiple systems). |
userId | string | A unique user identifier as it known to the system (may be associated with multiple usernames and other PII). |
username | string | Username used in the authentication context. A user may have multiple usernames (i.e. email, phone, etc.) associated with the same user identity. |
Optional Attributes
| Attribute | Type | Description |
|---|---|---|
srcAddr | string | Network address where request is originating from (IPv4 or IPv6). |
trustId | string | Trust identifier derived from public key of the corresponding web crypto record stored on client device. |
fido2.mfa.passkey.tx.failed
Common Attributes
| Attribute | Type | Description |
|---|---|---|
eventId | string | "fido2.mfa.passkey.tx.failed" |
msg | string | "Failed to sign transaction with passkey." |
defaultSeverity | string | severity of the event unless explicitly specified (default: "warn"). |
uuid | string | event unique generated at the time of creation |
timestamp | int64 | timestamp (milliseconds since epoch) |
Mandatory Attributes
| Attribute | Type | Description |
|---|---|---|
action | string | Next action to be performed in the current workflow. |
appId | string | Identifier of the application associated with the event. |
reason | string | Description of a failure reason. |
responseTimeUsec | int64 | Request processing time in microseconds (used for tracking SLAs). |
traceId | string | Any trace identifier included with the request (can used for tracing events across multiple systems). |
Optional Attributes
| Attribute | Type | Description |
|---|---|---|
deviceId | string | Identifier of the device associated with the event (can be used for extracting additional any device info from the system). |
srcAddr | string | Network address where request is originating from (IPv4 or IPv6). |
trustId | string | Trust identifier derived from public key of the corresponding web crypto record stored on client device. |
userId | string | A unique user identifier as it known to the system (may be associated with multiple usernames and other PII). |
username | string | Username used in the authentication context. A user may have multiple usernames (i.e. email, phone, etc.) associated with the same user identity. |
fido2.mgmt.discovery.completed
Common Attributes
| Attribute | Type | Description |
|---|---|---|
eventId | string | "fido2.mgmt.discovery.completed" |
msg | string | "Passkey discovery completed." |
defaultSeverity | string | severity of the event unless explicitly specified (default: "info"). |
uuid | string | event unique generated at the time of creation |
timestamp | int64 | timestamp (milliseconds since epoch) |
Mandatory Attributes
| Attribute | Type | Description |
|---|---|---|
action | string | Next action to be performed in the current workflow. |
appId | string | Identifier of the application associated with the event. |
responseTimeUsec | int64 | Request processing time in microseconds (used for tracking SLAs). |
traceId | string | Any trace identifier included with the request (can used for tracing events across multiple systems). |
username | string | Username used in the authentication context. A user may have multiple usernames (i.e. email, phone, etc.) associated with the same user identity. |
Optional Attributes
| Attribute | Type | Description |
|---|---|---|
deviceId | string | Identifier of the device associated with the event (can be used for extracting additional any device info from the system). |
srcAddr | string | Network address where request is originating from (IPv4 or IPv6). |
userId | string | A unique user identifier as it known to the system (may be associated with multiple usernames and other PII). |
fido2.mgmt.discovery.failed
Common Attributes
| Attribute | Type | Description |
|---|---|---|
eventId | string | "fido2.mgmt.discovery.failed" |
msg | string | "Passkey discovery failed." |
defaultSeverity | string | severity of the event unless explicitly specified (default: "warn"). |
uuid | string | event unique generated at the time of creation |
timestamp | int64 | timestamp (milliseconds since epoch) |
Mandatory Attributes
| Attribute | Type | Description |
|---|---|---|
appId | string | Identifier of the application associated with the event. |
reason | string | Description of a failure reason. |
responseTimeUsec | int64 | Request processing time in microseconds (used for tracking SLAs). |
traceId | string | Any trace identifier included with the request (can used for tracing events across multiple systems). |
username | string | Username used in the authentication context. A user may have multiple usernames (i.e. email, phone, etc.) associated with the same user identity. |
Optional Attributes
| Attribute | Type | Description |
|---|---|---|
deviceId | string | Identifier of the device associated with the event (can be used for extracting additional any device info from the system). |
srcAddr | string | Network address where request is originating from (IPv4 or IPv6). |
userId | string | A unique user identifier as it known to the system (may be associated with multiple usernames and other PII). |
fido2.mgmt.discovery.init
Common Attributes
| Attribute | Type | Description |
|---|---|---|
eventId | string | "fido2.mgmt.discovery.init" |
msg | string | "Passkey discovery initiated." |
defaultSeverity | string | severity of the event unless explicitly specified (default: "info"). |
uuid | string | event unique generated at the time of creation |
timestamp | int64 | timestamp (milliseconds since epoch) |
Mandatory Attributes
| Attribute | Type | Description |
|---|---|---|
action | string | Next action to be performed in the current workflow. |
appId | string | Identifier of the application associated with the event. |
bluetoothAvailable | bool | BluetoothAvailable flag from webauth bluetooth.getAvailability(). |
clientName | string | Name of the client application (i.e. Chrome, Firefox, etc.) |
clientType | string | Type of the client application (usually "browser" or "app"). |
clientVersion | string | Version of client application (often obfuscated by the device for privacy). |
conditionalGet | bool | ConditionalGet flag from webauth PublicKeyCredential.getClientCapabilities(). |
hybridTransport | bool | HybridTransport flag from webauth PublicKeyCredential.getClientCapabilities(). |
osArch | string | Hardware architecture of the client device. |
osName | string | OS type of the client device. |
osVersion | string | OS version of the client device. |
passkeyPlatformAuthenticator | bool | PasskeyPlatformAuthenticator flag from webauth PublicKeyCredential.getClientCapabilities(). |
screenHeight | int64 | Screen height of the client device. |
screenWidth | int64 | Screen widths of the client device. |
traceId | string | Any trace identifier included with the request (can used for tracing events across multiple systems). |
userAgent | string | Content of "User-agent" header from the request. |
userVerifyingPlatformAuthenticator | bool | UserVerifyingPlatformAuthenticator flag from webauth PublicKeyCredential.getClientCapabilities(). |
username | string | Username used in the authentication context. A user may have multiple usernames (i.e. email, phone, etc.) associated with the same user identity. |
Optional Attributes
| Attribute | Type | Description |
|---|---|---|
deviceId | string | Identifier of the device associated with the event (can be used for extracting additional any device info from the system). |
srcAddr | string | Network address where request is originating from (IPv4 or IPv6). |
fido2.passkey.auth.aaguid.blocked
Common Attributes
| Attribute | Type | Description |
|---|---|---|
eventId | string | "fido2.passkey.auth.aaguid.blocked" |
msg | string | "Failed to authenticate with passkey - AAGUID blacklisted." |
defaultSeverity | string | severity of the event unless explicitly specified (default: "warn"). |
uuid | string | event unique generated at the time of creation |
timestamp | int64 | timestamp (milliseconds since epoch) |
Mandatory Attributes
| Attribute | Type | Description |
|---|---|---|
aaguid | string | AAGUID of the passkey authenticator from the client. |
appId | string | Identifier of the application associated with the event. |
responseTimeUsec | int64 | Request processing time in microseconds (used for tracking SLAs). |
traceId | string | Any trace identifier included with the request (can used for tracing events across multiple systems). |
Optional Attributes
| Attribute | Type | Description |
|---|---|---|
deviceId | string | Identifier of the device associated with the event (can be used for extracting additional any device info from the system). |
srcAddr | string | Network address where request is originating from (IPv4 or IPv6). |
trustId | string | Trust identifier derived from public key of the corresponding web crypto record stored on client device. |
userId | string | A unique user identifier as it known to the system (may be associated with multiple usernames and other PII). |
username | string | Username used in the authentication context. A user may have multiple usernames (i.e. email, phone, etc.) associated with the same user identity. |
fido2.passkey.auth.failed
Common Attributes
| Attribute | Type | Description |
|---|---|---|
eventId | string | "fido2.passkey.auth.failed" |
msg | string | "Failed to authenticate with passkey." |
defaultSeverity | string | severity of the event unless explicitly specified (default: "warn"). |
uuid | string | event unique generated at the time of creation |
timestamp | int64 | timestamp (milliseconds since epoch) |
Mandatory Attributes
| Attribute | Type | Description |
|---|---|---|
appId | string | Identifier of the application associated with the event. |
reason | string | Description of a failure reason. |
responseTimeUsec | int64 | Request processing time in microseconds (used for tracking SLAs). |
traceId | string | Any trace identifier included with the request (can used for tracing events across multiple systems). |
Optional Attributes
| Attribute | Type | Description |
|---|---|---|
deviceId | string | Identifier of the device associated with the event (can be used for extracting additional any device info from the system). |
fido2ComplianceLevel | string | FIDO2 compliance level. |
srcAddr | string | Network address where request is originating from (IPv4 or IPv6). |
trustId | string | Trust identifier derived from public key of the corresponding web crypto record stored on client device. |
userId | string | A unique user identifier as it known to the system (may be associated with multiple usernames and other PII). |
username | string | Username used in the authentication context. A user may have multiple usernames (i.e. email, phone, etc.) associated with the same user identity. |
fido2.passkey.auth.init
Common Attributes
| Attribute | Type | Description |
|---|---|---|
eventId | string | "fido2.passkey.auth.init" |
msg | string | "Passkey authentication initiated." |
defaultSeverity | string | severity of the event unless explicitly specified (default: "info"). |
uuid | string | event unique generated at the time of creation |
timestamp | int64 | timestamp (milliseconds since epoch) |
Mandatory Attributes
| Attribute | Type | Description |
|---|---|---|
appId | string | Identifier of the application associated with the event. |
bluetoothAvailable | bool | BluetoothAvailable flag from webauth bluetooth.getAvailability(). |
clientName | string | Name of the client application (i.e. Chrome, Firefox, etc.) |
clientType | string | Type of the client application (usually "browser" or "app"). |
clientVersion | string | Version of client application (often obfuscated by the device for privacy). |
conditionalGet | bool | ConditionalGet flag from webauth PublicKeyCredential.getClientCapabilities(). |
hybridTransport | bool | HybridTransport flag from webauth PublicKeyCredential.getClientCapabilities(). |
osArch | string | Hardware architecture of the client device. |
osName | string | OS type of the client device. |
osVersion | string | OS version of the client device. |
passkeyPlatformAuthenticator | bool | PasskeyPlatformAuthenticator flag from webauth PublicKeyCredential.getClientCapabilities(). |
responseTimeUsec | int64 | Request processing time in microseconds (used for tracking SLAs). |
screenHeight | int64 | Screen height of the client device. |
screenWidth | int64 | Screen widths of the client device. |
traceId | string | Any trace identifier included with the request (can used for tracing events across multiple systems). |
userAgent | string | Content of "User-agent" header from the request. |
userVerifyingPlatformAuthenticator | bool | UserVerifyingPlatformAuthenticator flag from webauth PublicKeyCredential.getClientCapabilities(). |
Optional Attributes
| Attribute | Type | Description |
|---|---|---|
deviceId | string | Identifier of the device associated with the event (can be used for extracting additional any device info from the system). |
srcAddr | string | Network address where request is originating from (IPv4 or IPv6). |
trustId | string | Trust identifier derived from public key of the corresponding web crypto record stored on client device. |
userId | string | A unique user identifier as it known to the system (may be associated with multiple usernames and other PII). |
username | string | Username used in the authentication context. A user may have multiple usernames (i.e. email, phone, etc.) associated with the same user identity. |
fido2.passkey.authenticated
Common Attributes
| Attribute | Type | Description |
|---|---|---|
eventId | string | "fido2.passkey.authenticated" |
msg | string | "Passkey authentication completed." |
defaultSeverity | string | severity of the event unless explicitly specified (default: "info"). |
uuid | string | event unique generated at the time of creation |
timestamp | int64 | timestamp (milliseconds since epoch) |
Mandatory Attributes
| Attribute | Type | Description |
|---|---|---|
appId | string | Identifier of the application associated with the event. |
deviceId | string | Identifier of the device associated with the event (can be used for extracting additional any device info from the system). |
passkeyId | string | An internal passkey identifier associated with the event (can be used for extracting additional any device info from the system). |
responseTimeUsec | int64 | Request processing time in microseconds (used for tracking SLAs). |
traceId | string | Any trace identifier included with the request (can used for tracing events across multiple systems). |
userId | string | A unique user identifier as it known to the system (may be associated with multiple usernames and other PII). |
username | string | Username used in the authentication context. A user may have multiple usernames (i.e. email, phone, etc.) associated with the same user identity. |
Optional Attributes
| Attribute | Type | Description |
|---|---|---|
fido2ComplianceLevel | string | FIDO2 compliance level. |
srcAddr | string | Network address where request is originating from (IPv4 or IPv6). |
trustId | string | Trust identifier derived from public key of the corresponding web crypto record stored on client device. |
fido2.passkey.delete.failed
Common Attributes
| Attribute | Type | Description |
|---|---|---|
eventId | string | "fido2.passkey.delete.failed" |
msg | string | "Failed to delete passkey." |
defaultSeverity | string | severity of the event unless explicitly specified (default: "info"). |
uuid | string | event unique generated at the time of creation |
timestamp | int64 | timestamp (milliseconds since epoch) |
Mandatory Attributes
| Attribute | Type | Description |
|---|---|---|
appId | string | Identifier of the application associated with the event. |
passkeyId | string | An internal passkey identifier associated with the event (can be used for extracting additional any device info from the system). |
reason | string | Description of a failure reason. |
username | string | Username used in the authentication context. A user may have multiple usernames (i.e. email, phone, etc.) associated with the same user identity. |
Optional Attributes
| Attribute | Type | Description |
|---|---|---|
srcAddr | string | Network address where request is originating from (IPv4 or IPv6). |
userId | string | A unique user identifier as it known to the system (may be associated with multiple usernames and other PII). |
fido2.passkey.deleted
Common Attributes
| Attribute | Type | Description |
|---|---|---|
eventId | string | "fido2.passkey.deleted" |
msg | string | "Passkey deleted." |
defaultSeverity | string | severity of the event unless explicitly specified (default: "info"). |
uuid | string | event unique generated at the time of creation |
timestamp | int64 | timestamp (milliseconds since epoch) |
Mandatory Attributes
| Attribute | Type | Description |
|---|---|---|
appId | string | Identifier of the application associated with the event. |
passkeyId | string | An internal passkey identifier associated with the event (can be used for extracting additional any device info from the system). |
userId | string | A unique user identifier as it known to the system (may be associated with multiple usernames and other PII). |
username | string | Username used in the authentication context. A user may have multiple usernames (i.e. email, phone, etc.) associated with the same user identity. |
Optional Attributes
| Attribute | Type | Description |
|---|---|---|
srcAddr | string | Network address where request is originating from (IPv4 or IPv6). |
fido2.passkey.reg.aaguid.blocked
Common Attributes
| Attribute | Type | Description |
|---|---|---|
eventId | string | "fido2.passkey.reg.aaguid.blocked" |
msg | string | "Failed to register passkey - AAGUID blacklisted." |
defaultSeverity | string | severity of the event unless explicitly specified (default: "warn"). |
uuid | string | event unique generated at the time of creation |
timestamp | int64 | timestamp (milliseconds since epoch) |
Mandatory Attributes
| Attribute | Type | Description |
|---|---|---|
aaguid | string | AAGUID of the passkey authenticator from the client. |
appId | string | Identifier of the application associated with the event. |
responseTimeUsec | int64 | Request processing time in microseconds (used for tracking SLAs). |
traceId | string | Any trace identifier included with the request (can used for tracing events across multiple systems). |
Optional Attributes
| Attribute | Type | Description |
|---|---|---|
deviceId | string | Identifier of the device associated with the event (can be used for extracting additional any device info from the system). |
srcAddr | string | Network address where request is originating from (IPv4 or IPv6). |
trustId | string | Trust identifier derived from public key of the corresponding web crypto record stored on client device. |
userId | string | A unique user identifier as it known to the system (may be associated with multiple usernames and other PII). |
username | string | Username used in the authentication context. A user may have multiple usernames (i.e. email, phone, etc.) associated with the same user identity. |
fido2.passkey.reg.failed
Common Attributes
| Attribute | Type | Description |
|---|---|---|
eventId | string | "fido2.passkey.reg.failed" |
msg | string | "Failed to register passkey." |
defaultSeverity | string | severity of the event unless explicitly specified (default: "warn"). |
uuid | string | event unique generated at the time of creation |
timestamp | int64 | timestamp (milliseconds since epoch) |
Mandatory Attributes
| Attribute | Type | Description |
|---|---|---|
appId | string | Identifier of the application associated with the event. |
reason | string | Description of a failure reason. |
responseTimeUsec | int64 | Request processing time in microseconds (used for tracking SLAs). |
traceId | string | Any trace identifier included with the request (can used for tracing events across multiple systems). |
Optional Attributes
| Attribute | Type | Description |
|---|---|---|
deviceId | string | Identifier of the device associated with the event (can be used for extracting additional any device info from the system). |
fido2ComplianceLevel | string | FIDO2 compliance level. |
srcAddr | string | Network address where request is originating from (IPv4 or IPv6). |
trustId | string | Trust identifier derived from public key of the corresponding web crypto record stored on client device. |
userId | string | A unique user identifier as it known to the system (may be associated with multiple usernames and other PII). |
username | string | Username used in the authentication context. A user may have multiple usernames (i.e. email, phone, etc.) associated with the same user identity. |
fido2.passkey.reg.init
Common Attributes
| Attribute | Type | Description |
|---|---|---|
eventId | string | "fido2.passkey.reg.init" |
msg | string | "Passkey registration initiated." |
defaultSeverity | string | severity of the event unless explicitly specified (default: "info"). |
uuid | string | event unique generated at the time of creation |
timestamp | int64 | timestamp (milliseconds since epoch) |
Mandatory Attributes
| Attribute | Type | Description |
|---|---|---|
appId | string | Identifier of the application associated with the event. |
bluetoothAvailable | bool | BluetoothAvailable flag from webauth bluetooth.getAvailability(). |
clientName | string | Name of the client application (i.e. Chrome, Firefox, etc.) |
clientType | string | Type of the client application (usually "browser" or "app"). |
clientVersion | string | Version of client application (often obfuscated by the device for privacy). |
conditionalGet | bool | ConditionalGet flag from webauth PublicKeyCredential.getClientCapabilities(). |
hybridTransport | bool | HybridTransport flag from webauth PublicKeyCredential.getClientCapabilities(). |
osArch | string | Hardware architecture of the client device. |
osName | string | OS type of the client device. |
osVersion | string | OS version of the client device. |
passkeyPlatformAuthenticator | bool | PasskeyPlatformAuthenticator flag from webauth PublicKeyCredential.getClientCapabilities(). |
responseTimeUsec | int64 | Request processing time in microseconds (used for tracking SLAs). |
screenHeight | int64 | Screen height of the client device. |
screenWidth | int64 | Screen widths of the client device. |
traceId | string | Any trace identifier included with the request (can used for tracing events across multiple systems). |
userAgent | string | Content of "User-agent" header from the request. |
userVerifyingPlatformAuthenticator | bool | UserVerifyingPlatformAuthenticator flag from webauth PublicKeyCredential.getClientCapabilities(). |
Optional Attributes
| Attribute | Type | Description |
|---|---|---|
deviceId | string | Identifier of the device associated with the event (can be used for extracting additional any device info from the system). |
srcAddr | string | Network address where request is originating from (IPv4 or IPv6). |
trustId | string | Trust identifier derived from public key of the corresponding web crypto record stored on client device. |
userId | string | A unique user identifier as it known to the system (may be associated with multiple usernames and other PII). |
username | string | Username used in the authentication context. A user may have multiple usernames (i.e. email, phone, etc.) associated with the same user identity. |
fido2.passkey.registered
Common Attributes
| Attribute | Type | Description |
|---|---|---|
eventId | string | "fido2.passkey.registered" |
msg | string | "Passkey registration completed." |
defaultSeverity | string | severity of the event unless explicitly specified (default: "info"). |
uuid | string | event unique generated at the time of creation |
timestamp | int64 | timestamp (milliseconds since epoch) |
Mandatory Attributes
| Attribute | Type | Description |
|---|---|---|
appId | string | Identifier of the application associated with the event. |
deviceId | string | Identifier of the device associated with the event (can be used for extracting additional any device info from the system). |
passkeyId | string | An internal passkey identifier associated with the event (can be used for extracting additional any device info from the system). |
responseTimeUsec | int64 | Request processing time in microseconds (used for tracking SLAs). |
traceId | string | Any trace identifier included with the request (can used for tracing events across multiple systems). |
userId | string | A unique user identifier as it known to the system (may be associated with multiple usernames and other PII). |
username | string | Username used in the authentication context. A user may have multiple usernames (i.e. email, phone, etc.) associated with the same user identity. |
Optional Attributes
| Attribute | Type | Description |
|---|---|---|
fido2ComplianceLevel | string | FIDO2 compliance level. |
srcAddr | string | Network address where request is originating from (IPv4 or IPv6). |
trustId | string | Trust identifier derived from public key of the corresponding web crypto record stored on client device. |
fido2.passkey.tx.aaguid.blocked
Common Attributes
| Attribute | Type | Description |
|---|---|---|
eventId | string | "fido2.passkey.tx.aaguid.blocked" |
msg | string | "Failed to sign transaction with passkey - AAGUID blacklisted." |
defaultSeverity | string | severity of the event unless explicitly specified (default: "warn"). |
uuid | string | event unique generated at the time of creation |
timestamp | int64 | timestamp (milliseconds since epoch) |
Mandatory Attributes
| Attribute | Type | Description |
|---|---|---|
aaguid | string | AAGUID of the passkey authenticator from the client. |
appId | string | Identifier of the application associated with the event. |
responseTimeUsec | int64 | Request processing time in microseconds (used for tracking SLAs). |
traceId | string | Any trace identifier included with the request (can used for tracing events across multiple systems). |
Optional Attributes
| Attribute | Type | Description |
|---|---|---|
deviceId | string | Identifier of the device associated with the event (can be used for extracting additional any device info from the system). |
srcAddr | string | Network address where request is originating from (IPv4 or IPv6). |
trustId | string | Trust identifier derived from public key of the corresponding web crypto record stored on client device. |
userId | string | A unique user identifier as it known to the system (may be associated with multiple usernames and other PII). |
username | string | Username used in the authentication context. A user may have multiple usernames (i.e. email, phone, etc.) associated with the same user identity. |
fido2.passkey.tx.completed
Common Attributes
| Attribute | Type | Description |
|---|---|---|
eventId | string | "fido2.passkey.tx.completed" |
msg | string | "Passkey transaction completed." |
defaultSeverity | string | severity of the event unless explicitly specified (default: "info"). |
uuid | string | event unique generated at the time of creation |
timestamp | int64 | timestamp (milliseconds since epoch) |
Mandatory Attributes
| Attribute | Type | Description |
|---|---|---|
appId | string | Identifier of the application associated with the event. |
deviceId | string | Identifier of the device associated with the event (can be used for extracting additional any device info from the system). |
passkeyId | string | An internal passkey identifier associated with the event (can be used for extracting additional any device info from the system). |
payload | string | Any additional payload that needs to be signed with the rest of the transaction. |
responseTimeUsec | int64 | Request processing time in microseconds (used for tracking SLAs). |
traceId | string | Any trace identifier included with the request (can used for tracing events across multiple systems). |
userId | string | A unique user identifier as it known to the system (may be associated with multiple usernames and other PII). |
username | string | Username used in the authentication context. A user may have multiple usernames (i.e. email, phone, etc.) associated with the same user identity. |
Optional Attributes
| Attribute | Type | Description |
|---|---|---|
srcAddr | string | Network address where request is originating from (IPv4 or IPv6). |
trustId | string | Trust identifier derived from public key of the corresponding web crypto record stored on client device. |
fido2.passkey.tx.failed
Common Attributes
| Attribute | Type | Description |
|---|---|---|
eventId | string | "fido2.passkey.tx.failed" |
msg | string | "Failed to sign transaction with passkey." |
defaultSeverity | string | severity of the event unless explicitly specified (default: "warn"). |
uuid | string | event unique generated at the time of creation |
timestamp | int64 | timestamp (milliseconds since epoch) |
Mandatory Attributes
| Attribute | Type | Description |
|---|---|---|
appId | string | Identifier of the application associated with the event. |
reason | string | Description of a failure reason. |
responseTimeUsec | int64 | Request processing time in microseconds (used for tracking SLAs). |
traceId | string | Any trace identifier included with the request (can used for tracing events across multiple systems). |
Optional Attributes
| Attribute | Type | Description |
|---|---|---|
deviceId | string | Identifier of the device associated with the event (can be used for extracting additional any device info from the system). |
srcAddr | string | Network address where request is originating from (IPv4 or IPv6). |
trustId | string | Trust identifier derived from public key of the corresponding web crypto record stored on client device. |
userId | string | A unique user identifier as it known to the system (may be associated with multiple usernames and other PII). |
username | string | Username used in the authentication context. A user may have multiple usernames (i.e. email, phone, etc.) associated with the same user identity. |
fido2.passkey.tx.init
Common Attributes
| Attribute | Type | Description |
|---|---|---|
eventId | string | "fido2.passkey.tx.init" |
msg | string | "Passkey transaction initiated." |
defaultSeverity | string | severity of the event unless explicitly specified (default: "info"). |
uuid | string | event unique generated at the time of creation |
timestamp | int64 | timestamp (milliseconds since epoch) |
Mandatory Attributes
| Attribute | Type | Description |
|---|---|---|
appId | string | Identifier of the application associated with the event. |
payload | string | Any additional payload that needs to be signed with the rest of the transaction. |
responseTimeUsec | int64 | Request processing time in microseconds (used for tracking SLAs). |
traceId | string | Any trace identifier included with the request (can used for tracing events across multiple systems). |
Optional Attributes
| Attribute | Type | Description |
|---|---|---|
deviceId | string | Identifier of the device associated with the event (can be used for extracting additional any device info from the system). |
srcAddr | string | Network address where request is originating from (IPv4 or IPv6). |
trustId | string | Trust identifier derived from public key of the corresponding web crypto record stored on client device. |
userId | string | A unique user identifier as it known to the system (may be associated with multiple usernames and other PII). |
username | string | Username used in the authentication context. A user may have multiple usernames (i.e. email, phone, etc.) associated with the same user identity. |
fido2.user.authenticate.failed
Common Attributes
| Attribute | Type | Description |
|---|---|---|
eventId | string | "fido2.user.authenticate.failed" |
msg | string | "Failed to authenticate user." |
defaultSeverity | string | severity of the event unless explicitly specified (default: "warn"). |
uuid | string | event unique generated at the time of creation |
timestamp | int64 | timestamp (milliseconds since epoch) |
Mandatory Attributes
| Attribute | Type | Description |
|---|---|---|
appId | string | Identifier of the application associated with the event. |
reason | string | Description of a failure reason. |
Optional Attributes
| Attribute | Type | Description |
|---|---|---|
deviceId | string | Identifier of the device associated with the event (can be used for extracting additional any device info from the system). |
responseTimeUsec | int64 | Request processing time in microseconds (used for tracking SLAs). |
srcAddr | string | Network address where request is originating from (IPv4 or IPv6). |
traceId | string | Any trace identifier included with the request (can used for tracing events across multiple systems). |
trustId | string | Trust identifier derived from public key of the corresponding web crypto record stored on client device. |
userId | string | A unique user identifier as it known to the system (may be associated with multiple usernames and other PII). |
username | string | Username used in the authentication context. A user may have multiple usernames (i.e. email, phone, etc.) associated with the same user identity. |
fido2.user.authenticated
Common Attributes
| Attribute | Type | Description |
|---|---|---|
eventId | string | "fido2.user.authenticated" |
msg | string | "User authenticated." |
defaultSeverity | string | severity of the event unless explicitly specified (default: "info"). |
uuid | string | event unique generated at the time of creation |
timestamp | int64 | timestamp (milliseconds since epoch) |
Mandatory Attributes
| Attribute | Type | Description |
|---|---|---|
appId | string | Identifier of the application associated with the event. |
userId | string | A unique user identifier as it known to the system (may be associated with multiple usernames and other PII). |
username | string | Username used in the authentication context. A user may have multiple usernames (i.e. email, phone, etc.) associated with the same user identity. |
Optional Attributes
| Attribute | Type | Description |
|---|---|---|
deviceId | string | Identifier of the device associated with the event (can be used for extracting additional any device info from the system). |
passkeyId | string | An internal passkey identifier associated with the event (can be used for extracting additional any device info from the system). |
responseTimeUsec | int64 | Request processing time in microseconds (used for tracking SLAs). |
srcAddr | string | Network address where request is originating from (IPv4 or IPv6). |
traceId | string | Any trace identifier included with the request (can used for tracing events across multiple systems). |
trustId | string | Trust identifier derived from public key of the corresponding web crypto record stored on client device. |