Kafka Events
Kafka event topics published by auth-svc for cross-service communication.
CloudEvents 1.0 Format
All events follow the CloudEvents 1.0 specification and are partitioned by tenant_id. Topic naming pattern: eventzr.auth.<entity>.<action>.v1
Event Payload Structure
CloudEvents envelopejson
{
"specversion": "1.0",
"type": "eventzr.auth.user.registered.v1",
"source": "auth-svc",
"id": "550e8400-e29b-41d4-a716-446655440000",
"time": "2026-02-24T12:00:00.000Z",
"datacontenttype": "application/json",
"partitionkey": "00000000-0000-0000-0000-000000000001",
"data": {
"userId": "user-uuid",
"tenantId": "00000000-0000-0000-0000-000000000001",
"email": "user@example.com",
"roles": ["user"]
}
}Events (25)
| Topic | Description | Trigger |
|---|---|---|
eventzr.auth.user.registered.v1 | New user account created | POST /signup/* |
eventzr.auth.user.login.v1 | Successful login | POST /login |
eventzr.auth.user.logout.v1 | User logged out | POST /logout |
eventzr.auth.user.updated.v1 | User profile updated | PUT /profile, PATCH /users/:id |
eventzr.auth.user.deleted.v1 | User account deleted | DELETE /users/:id |
eventzr.auth.user.suspended.v1 | User account suspended | PATCH /users/:id/status |
eventzr.auth.user.activated.v1 | User account re-activated | PATCH /users/:id/status |
eventzr.auth.password.changed.v1 | Password changed | POST /password/change |
eventzr.auth.password.reset.v1 | Password reset completed | POST /password/reset/confirm |
eventzr.auth.mfa.enabled.v1 | MFA enabled on account | POST /mfa/totp/enable |
eventzr.auth.mfa.disabled.v1 | MFA disabled on account | POST /mfa/totp/disable |
eventzr.auth.session.created.v1 | New session started | POST /login (success) |
eventzr.auth.session.revoked.v1 | Session revoked | DELETE /sessions/:id |
eventzr.auth.device.registered.v1 | New device registered | First login from new device |
eventzr.auth.device.revoked.v1 | Device trust revoked | DELETE /devices/:id |
eventzr.auth.oauth.connected.v1 | OAuth provider connected | POST /oauth/:provider/callback |
eventzr.auth.oauth.disconnected.v1 | OAuth provider disconnected | DELETE /oauth/:provider |
eventzr.auth.email.verified.v1 | Email address verified | POST /verify-email |
eventzr.auth.consent.updated.v1 | User consent preferences updated | PUT /compliance/consent |
eventzr.auth.gdpr.erasure.v1 | GDPR data erasure completed | POST /compliance/erasure |
eventzr.auth.token.revoked.v1 | Token added to blacklist | POST /logout, admin revoke |
eventzr.auth.role.changed.v1 | User roles updated | PATCH /users/:id/roles |
eventzr.auth.security.alert.v1 | Security event detected | Suspicious login, brute force |
eventzr.auth.webauthn.registered.v1 | WebAuthn credential registered | POST /webauthn/register |
eventzr.auth.api-key.created.v1 | API key issued | POST /api-keys |
Full AsyncAPI Spec
Download the complete AsyncAPI specification from the Downloads page for full event payload schemas.