Here you can find a list of the security events that are logged by OAuth 2.0 Service.
Security events written in audit logs
|
Event grouping |
What events are logged |
How to identify related log events |
|---|---|---|
|
Authorization code |
Issue OAuth authorization code |
"action":"create" & "key":"Creating authorization code: <first 5 symbols of the code>" Distincted by tenantId:"<tenant id>" |
|
Delete OAuth authorization code |
"action":"delete" & "key":"Deleting authorization code: <first 5 symbols of the code>" Distincted by tenantId:"<tenant id>" |
|
|
Access token |
Issue access token for client credentials flow |
"action":"create" & "key":" Creating access token: <first 5 symbols of the token>" "action":"create" & "key":"Creating platform access token: <first 5 symbols of the token>" - when using platform client Distincted by tenantId:"<tenant id>" |
|
Issue access token from authorization code |
"action":"create" & "key":"Creating access token: <first 5 symbols of the token>" Distincted by tenantId:"<tenant id>" |
|
|
Issue access token from refresh token |
"action":"create" & "key":"Creating access token: <first 5 symbols of the token>" & "key":"Creating refresh token: <first 5 symbols of the token>" Distincted by tenantId:"<tenant id>" |
|
|
Issue acccess token from SAML bearer assertion |
"action":"create" & "objectID":"Creating access token: <first 5 symbols of the token>" Distincted by tenantId:"<tenant id>" Further refining of search: "operation":"Create access token from SAML bearer" |
|
|
Delete access token |
"action":"delete" & "key":"Deleting cloud access token: <first 5 symbols of the token>" Distincted by tenantId:"<tenant id>" |
|
|
Refresh token |
Create refresh token |
"action":"create" & "key":""Creating refresh token: " <first 5 symbols of the token>" Distincted by tenantId:"<tenant id>" |
|
OAuth client |
Create OAuth client |
"action":"create" & "key":"Creating application client: <client id>" Distincted by tenantId:"<tenant id>" |
|
Update OAuth client |
"action":"update" & "key":"Updating application client: <client id>" Distincted by tenantId:"<tenant id>" |
|
|
Delete OAuth client |
"action":"delete" & "key":"Deleting application client: <client id>" Distincted by tenantId:"<tenant id>" |
|
|
Platform client |
Create OAuth platform client |
"action":"create" & "key":"Creating platform client: <client id>" Distincted by "account":"<account>" |
|
Delete OAuth platform client |
"action":"delete" & "key":"Deleting platform client: <client id>" Distincted by "account":"<account>" |
|
|
Create multi-tenant OAuth platform client |
"action":"create" & "objectID":"Creating platform client: <client id>" Distincted by "account":"<account>" Further refining of search: "operation":"Create Multitenant Platform API client" |
|
|
Create admin OAuth platform client |
"action":"create" & "key":"Creating platform client: <client id>" Distincted by:
|
|
|
Delete admin OAuth platform client |
"action":"delete" & "key":"Deleting platform client: <client id>" Distincted by:
|
|
|
Create external OAuth platform client |
"action":"create" & "objectID":"Creating platform client: <client id>" Distincted by:
Further refining of search: "operation":"Delete External Platform API client" |
|
|
Delete external OAutth platform client |
"action":"delete" & "objectID":"Deleting platform client: <client id>" Distincted by:
Further refining of search: "operation":"Delete External Platform API client" |
The following information is described in the table columns:
-
Event grouping - Events that are logged with a similar format or are related to the same entities.
-
What events are logged - Description of the security or data protection and privacy related event that is logged.
-
How to identify related log events - Search criteria or key words, that are specific for a log event that is created along with the logged event.
-
Additional information - Any related information that can be helpful.
Related Information