Auth0
Stream Auth0 tenant logs to Invoance and every organization in your app starts accumulating signed, independently verifiable audit events (sign-ins, signups, password and email changes) before your team writes a line of instrumentation. Every delivery is verified against the Authorization token you configured.
Set up
- Create the integration in Dashboard → Audit Logs → Integrations (provider: Auth0). Auth0 doesn't issue a secret; you invent one, so hit Generate and copy both the URL and the token.
- In the Auth0 Dashboard, open Monitoring → Streams → Create Stream → Custom Webhook.
- Payload URL: your webhook URL · Content Type:
application/json· Content Format:JSON Array· Authorization Token: the generated value. Auth0 sends it on every delivery and Invoance verifies it matches. - Pick the stream's category filters; only the codes below become events.
Log-code map
Verified log entries are translated into a clean audit vocabulary, Ed25519-signed, and sealed into each organization's gap-free sequence, identical to events sent via the API.
| Log code | Auth0 meaning | Becomes |
|---|---|---|
| s | Successful login | user.signed_in |
| slo | User successfully logged out | user.signed_out |
| f / fp / fu | Failed login (generic / wrong password / unknown user) | user.sign_in_failed (exact code kept in metadata) |
| ss | Successful signup | user.created |
| sdu | User successfully deleted | user.deleted |
| scp | Successful password change | user.password_changed |
| sce | Successful email change | user.email_changed |
| limit_wc / limit_mu | IP blocked after repeated failed logins | account.blocked (code kept in metadata) |
Deliveries arrive batched; each entry is processed independently and deduplicated by its Auth0 log id, so replays and partial retries never create duplicates. Events made in an Auth0 Organization context carry org_id / org_name and route (and auto-create) accordingly; events without one follow your org-less policy. Sign-ins and failed logins are high-volume, so filter your stream categories with your allotment in mind.
Response codes, retry behavior, quota rules, and org routing are shared by every provider and documented under delivery semantics on the Integrations overview. Once events are flowing, the quick start shows how to instrument your product's own actions with one call each.