Merge pull request #5730 from wso2/fixing-product-is-issue-19367-1764054707

himeshsiriwardana · web-flow · commit 4ef5021934b1 · 2026-01-06T16:45:52.000+05:30
Fix: Add OAuth 2.0 Transaction Logs documentation for all affected versions (Product IS issue #19367)
diff --git a/en/identity-server/7.0.0/docs/deploy/monitor/oauth-transaction-logs.md b/en/identity-server/7.0.0/docs/deploy/monitor/oauth-transaction-logs.md
@@ -0,0 +1 @@
+{% include "../../../../../includes/deploy/monitor/oauth-transaction-logs.md" %}
diff --git a/en/identity-server/7.0.0/mkdocs.yml b/en/identity-server/7.0.0/mkdocs.yml
@@ -857,6 +857,7 @@ nav:
         - Monitor logs:
           - Overview: deploy/monitor/monitor-logs.md
           - HTTP access logs: deploy/monitor/http-access-logging.md
+          - OAuth transaction logs: deploy/monitor/oauth-transaction-logs.md
           - Remote log publishing: deploy/monitor/remote-log-publishing.md
           - Mask sensitive info:
             - Overview: deploy/monitor/mask-sensitive-information-in-logs.md
diff --git a/en/identity-server/7.1.0/docs/deploy/monitor/oauth-transaction-logs.md b/en/identity-server/7.1.0/docs/deploy/monitor/oauth-transaction-logs.md
@@ -0,0 +1 @@
+{% include "../../../../../includes/deploy/monitor/oauth-transaction-logs.md" %}
diff --git a/en/identity-server/7.1.0/mkdocs.yml b/en/identity-server/7.1.0/mkdocs.yml
@@ -932,6 +932,7 @@ nav:
           - Monitor logs:
               - Overview: deploy/monitor/monitor-logs.md
               - HTTP access logs: deploy/monitor/http-access-logging.md
+              - OAuth transaction logs: deploy/monitor/oauth-transaction-logs.md
               - Remote log publishing: deploy/monitor/remote-log-publishing.md
               - Mask sensitive info:
                   - Overview: deploy/monitor/mask-sensitive-information-in-logs.md
diff --git a/en/identity-server/7.2.0/docs/deploy/monitor/oauth-transaction-logs.md b/en/identity-server/7.2.0/docs/deploy/monitor/oauth-transaction-logs.md
@@ -0,0 +1 @@
+{% include "../../../../../includes/deploy/monitor/oauth-transaction-logs.md" %}
diff --git a/en/identity-server/7.2.0/mkdocs.yml b/en/identity-server/7.2.0/mkdocs.yml
@@ -992,6 +992,7 @@ nav:
         - Monitor logs:
           - Overview: deploy/monitor/monitor-logs.md
           - HTTP access logs: deploy/monitor/http-access-logging.md
+          - OAuth transaction logs: deploy/monitor/oauth-transaction-logs.md
           - Remote log publishing: deploy/monitor/remote-log-publishing.md
           - Mask sensitive info:
             - Overview: deploy/monitor/mask-sensitive-information-in-logs.md
diff --git a/en/identity-server/next/docs/deploy/monitor/oauth-transaction-logs.md b/en/identity-server/next/docs/deploy/monitor/oauth-transaction-logs.md
@@ -0,0 +1 @@
+{% include "../../../../../includes/deploy/monitor/oauth-transaction-logs.md" %}
diff --git a/en/identity-server/next/mkdocs.yml b/en/identity-server/next/mkdocs.yml
@@ -993,6 +993,7 @@ nav:
         - Monitor logs:
           - Overview: deploy/monitor/monitor-logs.md
           - HTTP access logs: deploy/monitor/http-access-logging.md
+          - OAuth transaction logs: deploy/monitor/oauth-transaction-logs.md
           - Remote log publishing: deploy/monitor/remote-log-publishing.md
           - Mask sensitive info:
             - Overview: deploy/monitor/mask-sensitive-information-in-logs.md
diff --git a/en/includes/deploy/monitor/oauth-transaction-logs.md b/en/includes/deploy/monitor/oauth-transaction-logs.md
@@ -0,0 +1,55 @@
+# OAuth transaction logs
+
+OAuth transaction logs allow you to audit and monitor OAuth 2.0 activities in {{product_name}}, such as token generation and token introspection operations. While optional, these logs provide support for auditing, troubleshooting failed requests, or tracking OAuth activity across different clients and users.
+
+## Enable OAuth transaction logging
+
+To enable logging for OAuth endpoints:
+
+1. Add the following event lister to the `<IS_HOME>/repository/conf/deployment.toml` file:
+
+    !!! tip
+        You can disable logging at any time by setting the `enable` property to **false**.
+
+    ```toml
+    [event.default_listener.oauth_listener]
+    priority = 12
+    enable = true
+    ```
+
+2. Restart WSO2 Identity Server. Once the changes apply, a new file named `transaction.log` gets created in the `<IS_HOME>/repository/logs/` folder.
+
+## Understand transaction logs
+
+The following examples illustrate sample entries in the OAuth transaction logs logged in the `transaction.log` file.
+
+### OAuth token generation log
+
+```text
+[2018-10-17 19:05:35,578] - Type: OAUTH TOKEN | Info: {
+  "expires_in_seconds": 3126,
+  "grant_type": "client_credentials",
+  "success": true,
+  "time_taken_in_millis": 38,
+  "type": "oauth",
+  "issued_time": 1539782861654,
+  "user": "admin@carbon.super",
+  "client_id": "WImdsCviCHTXVjjef7VVMiYDxJAa"
+}
+```
+
+### OAuth token introspection log
+
+```text
+
+[2018-10-17 19:05:48,654] - Type: OAUTH INTROSPECTION | Info: {
+  "expires_in_seconds": 3113,
+  "success": true,
+  "time_taken_in_millis": 2,
+  "issued_time": 1539782861,
+  "type": "introspection",
+  "user": "admin@carbon.super",
+  "client_id": "WImdsCviCHTXVjjef7VVMiYDxJAa",
+  "token": "6cc57770-a51c-3d6d-be62-49caa0c1217b"
+}
+```

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+{% include "../../../../../includes/deploy/monitor/oauth-transaction-logs.md" %}`