diff --git a/site/docs/v1/tech/events-webhooks/_tenant-or-application-scoped-event.adoc b/site/docs/v1/tech/events-webhooks/_tenant-or-application-scoped-event.adoc new file mode 100644 index 0000000000..aa872a1fce --- /dev/null +++ b/site/docs/v1/tech/events-webhooks/_tenant-or-application-scoped-event.adoc @@ -0,0 +1,3 @@ +This is a tenant or application scoped event. It can be sent to all applications in a tenant or to one or more specified applications. + +The ability to limit the generation of an event for only certain applications is legacy functionality and may be modified in the future. You almost certainly want to enable this event at the tenant level and optionally filter on the `applicationId` when consuming the event. diff --git a/site/docs/v1/tech/events-webhooks/_tenant-scoped-event.adoc b/site/docs/v1/tech/events-webhooks/_tenant-scoped-event.adoc new file mode 100644 index 0000000000..3033943d0b --- /dev/null +++ b/site/docs/v1/tech/events-webhooks/_tenant-scoped-event.adoc @@ -0,0 +1 @@ +This is a tenant scoped event. diff --git a/site/docs/v1/tech/events-webhooks/events.adoc b/site/docs/v1/tech/events-webhooks/events.adoc index 42431f3e4a..10ee2f4a9e 100644 --- a/site/docs/v1/tech/events-webhooks/events.adoc +++ b/site/docs/v1/tech/events-webhooks/events.adoc @@ -27,13 +27,21 @@ These are the events that FusionAuth generates that can be optionally consumed b * <> - when an access token is refreshed using a refresh token * <> - when a refresh token (or multiple tokens) are revoked +=== Tenant Scoped Events + +Tenant scoped events are generated for all applications in a tenant or for none of them. + +All user events are tenant scoped because a user is a tenant scoped entity. For example, the `user.delete`, `user.create`, `user.update`, and `user.deactivate` events are all tenant scoped. + +A tenant scoped event can, however contain an `applicationId` which can be used to filter events when received. One example is `user.registration.create`. + === Application Scoped Events A few events can be generated for one or more specified applications, or for all applications within a tenant. [WARNING] ==== -The ability to limit the generation of an event for only certain applications is legacy functionality and may be modified in the future. You almost certainly want to use a tenant scoped event and optionally filter on the `applicationId` when consuming the event. +The ability to limit the generation of an event for only certain applications is legacy functionality and may be modified in the future. If you want to get events for certain applications, send events for a tenant. Filter on the `applicationId` when consuming the event and discard events from any applications that are not of interest. ==== These events can be application scoped: @@ -42,16 +50,6 @@ These events can be application scoped: * `jwt.refresh-token.revoke` * `user.action` -=== Tenant Scoped Events - -Any events which are not application scoped events are tenant scoped. - -Tenant scoped events can't be limited to fire only for a certain application. These events are either generated for all applications in a tenant or for none of them. - -All user events are tenant scoped because a user is a tenant scoped entity. For example, the `user.delete`, `user.create`, `user.update`, and `user.deactivate` events are all tenant scoped. - -A tenant scoped event can, however contain an `applicationId` which can be used to filter events when received. One example is `user.registration.create`. - == User Actions This event is generated when a User Action is taken on a user and when temporal actions transition between phases. @@ -64,6 +62,10 @@ A temporal action is one that has a start time and and a duration, when a phase user.action ---- +=== Event Scope + +include::docs/v1/tech/events-webhooks/_tenant-or-application-scoped-event.adoc[] + === Event Body [.api] @@ -159,6 +161,10 @@ The final state of the operation which caused the webhook is not persisted to Fu user.bulk.create ---- +=== Event Scope + +include::docs/v1/tech/events-webhooks/_tenant-scoped-event.adoc[] + === Event Body [.api] @@ -198,6 +204,10 @@ The final state of the operation which caused the webhook is not persisted to Fu user.create ---- +=== Event Scope + +include::docs/v1/tech/events-webhooks/_tenant-scoped-event.adoc[] + === Event Body [.api] @@ -235,6 +245,10 @@ This event is generated when a user is updated. The event will include the befor user.update ---- +=== Event Scope + +include::docs/v1/tech/events-webhooks/_tenant-scoped-event.adoc[] + === Event Body [.api] @@ -276,6 +290,9 @@ This event is generated when a user is deactivated, also referred to as a soft d user.deactivate ---- +=== Event Scope + +include::docs/v1/tech/events-webhooks/_tenant-scoped-event.adoc[] === Event Body @@ -315,6 +332,10 @@ This event is generated when user is re-activated, a re-activated user is one th user.reactivate ---- +=== Event Scope + +include::docs/v1/tech/events-webhooks/_tenant-scoped-event.adoc[] + === Event Body [.api] @@ -353,6 +374,10 @@ This event is generated when a user is deleted. user.delete ---- +=== Event Scope + +include::docs/v1/tech/events-webhooks/_tenant-scoped-event.adoc[] + === Event Body [.api] @@ -395,6 +420,10 @@ This event is generated when a user verifies their email address. user.email.verified ---- +=== Event Scope + +include::docs/v1/tech/events-webhooks/_tenant-scoped-event.adoc[] + === Event Body [.api] @@ -437,6 +466,10 @@ This event is generated when a user completes a successful login. user.login.success ---- +=== Event Scope + +include::docs/v1/tech/events-webhooks/_tenant-scoped-event.adoc[] + === Event Body [.api] @@ -496,6 +529,10 @@ This event is generated when a user login request fails due to invalid credentia user.login.failed ---- +=== Event Scope + +include::docs/v1/tech/events-webhooks/_tenant-scoped-event.adoc[] + === Event Body [.api] @@ -547,6 +584,10 @@ This event is generated when Reactor detects a user is using a vulnerable, or br user.password.breach ---- +=== Event Scope + +include::docs/v1/tech/events-webhooks/_tenant-scoped-event.adoc[] + === Event Body [.api] @@ -591,6 +632,10 @@ The final state of the operation which caused the webhook is not persisted to Fu user.registration.create ---- +=== Event Scope + +include::docs/v1/tech/events-webhooks/_tenant-scoped-event.adoc[] + === Event Body [.api] @@ -639,6 +684,10 @@ This event is generated when a user registration has been updated. user.registration.update ---- +=== Event Scope + +include::docs/v1/tech/events-webhooks/_tenant-scoped-event.adoc[] + === Event Body [.api] @@ -691,6 +740,10 @@ This event is generated when a user registration has been deleted. user.registration.delete ---- +=== Event Scope + +include::docs/v1/tech/events-webhooks/_tenant-scoped-event.adoc[] + === Event Body [.api] @@ -739,6 +792,10 @@ This event is generated when a user registration has been verified. user.registration.verified ---- +=== Event Scope + +include::docs/v1/tech/events-webhooks/_tenant-scoped-event.adoc[] + === Event Body [.api] @@ -783,6 +840,10 @@ This event is generated when a public key configuration used to sign a JSON web jwt.public-key.update ---- +=== Event Scope + +include::docs/v1/tech/events-webhooks/_tenant-or-application-scoped-event.adoc[] + === Event Body [.api] @@ -825,6 +886,10 @@ This event is generated when an access token is refreshed using a refresh token. jwt.refresh ---- +=== Event Scope + +include::docs/v1/tech/events-webhooks/_tenant-scoped-event.adoc[] + === Event Body [.api] @@ -877,6 +942,10 @@ The following scenarios will cause this event to be generated: jwt.refresh-token.revoke ---- +=== Event Scope + +include::docs/v1/tech/events-webhooks/_tenant-or-application-scoped-event.adoc[] + === A single Refresh Token is revoked This example JSON would reflect a scenario where a single refresh token is revoked for a single user for a single application.