Flip is using the standard OAuth protocol for authentication. Some authentication events relate to the OAuth protocol and are relevant for system administrators wanting to troubleshoot authentication issues.
To monitor any problems with the user authentication flow all authentication events can be found in the Admin Console under Access & Security > Authentication Events.
The corresponding user, the time, the event type, a possible error code, as well as the IP address and the client can be displayed.
The displayed columns can be shown or hidden via the column menu at the top right.
Event Types
Depending on your authentication setup, these are the event types:
| LOGIN_USERNAME_PASSWORD | A user has logged in using the login form. |
| BACKGROUND_AUTHENTICATION | A user was re-authenticated via a background process in our app. This automatic process ensures that users remain logged in. |
| LOGIN_SSO | A user was logged in through another Identity Provider. |
| LOGIN_POST_REGISTRATION | A user was logged in after successfully completing the self-registration process. |
| LOGIN_API_CLIENT | An API client has logged in. Depending on the API used, this could be either an "OAuth2 Resource Owner Password Flow" or an "OAuth2 Client Credentials Flow". |
| LOGIN_UNSPECIFIED | A user or an API was authenticated using unspecified methods. |
| SESSION_PROPAGATION | The user's authentication session was propagated to another OIDC Client. This happens as a result of users clicking on menu items for external applications or integration. |
| CODE_TO_TOKEN | A user/api client has exchanged an authentication code for a refresh/access token pair. This is part of the "OAuth2 Authorization Code Flow" and usually happens after a login or a background authentication. |
| REFRESH_TOKEN | A user/api client has refreshed an access token using their refresh token. This automatic process ensures that users remain logged in. |
| CUSTOM_REQUIRED_ACTION | The user/api client was required to do certain actions prior to accessing the app. This is either verifying their email, changing their password or accepting the terms and conditions. |
| REGISTER | A user has registered. |
| LOGOUT | A user has logged out. |
| SEND_PASSWORD_RESET | A password reset email has been sent. |
| UPDATE_PASSWORD | The password for an account has changed. |
| UPDATE_PROFILE | The profile for an account has changed. |
| UPDATE_EMAIL | The email for an account has changed. |
| SEND_VERIFY_EMAIL | An email verification email has been sent. |
| VERIFY_EMAIL | The email address for an account has been verified. |
| IDENTITY_PROVIDER_POST_LOGIN | A user has logged in via an identity provider. |
| IDENTITY_PROVIDER_FIRST_LOGIN | A user has logged in for the first time via an identity provider. |
| FEDERATED_IDENTITY_LINK | A user has been linked to an external IDP. |
Error Codes
There is a corresponding error event for each event type, which can be recognized by the _ERROR suffix. If an error occurs, the error code provides further information about the reason.
These are the most common error types:
| client_not_found | The client has not been found |
| cookie_not_found | The cookie has not been found |
| email_send_failed | Sending the email failed |
| expired_code | The code has expired |
| Failed to verify login action | Failed to verify login action |
| invalid_code | The code is invalid |
| invalid_email | The email is invalid |
| invalid_redirect_uri | The redirect url is invalid |
| invalid_request | The request is invalid |
| invalid_saml_response | The SAML response is invalid |
| invalid_token | The token is invalid |
| invalid_user_credentials | The user credentials are invalid |
| not_allowed | The action is not allowed |
| password_confirm_error | The password has not been confirmed |
| password_missing | The password has not been entered |
| password_rejected | The password has been rejected |
| rejected_by_user | The action was rejected by the user |
| session_expired | The session is expired |
| user_disabled | The user is disabled |
| user_not_found | The user has not been found |
| user_temporarily_disabled | The user is temporarily disabled |
| username_missing | The username has not been entered |