Thinktecture.IdentityModel.Hawk version 2.1.0 now uses ETW infrastructure to raise events. One of the challenges with Hawk authentication is that it uses different parts of the message to compute MAC and when authentication fails, it is generally difficult to figure out what went wrong. Both client and server must use the exact same values in the MAC computation process, for the MAC computed by the server to match the MAC computed by the client. If there is even a slight mismatch such as an additional space or difference in capitalization, etc authentication fails and 401 is the end result. A secure system does not give out much in terms of what went wrong but then, for a developer, it is a real problem to figure out what is wrong. To help solve this problem, tt.idm Hawk now raises ETW events.