June delivered a robust set of updates for developers, focusing on enhanced security, greater control over authentication flows, and improved integration capabilities. From powerful new token management and authentication methods to smarter bot detection and a clearer path for managing your Auth0 configurations, this month's releases are designed to help you build more secure and efficient identity solutions.
If you're building with Auth0, these updates will help you simplify complex authentication patterns, harden your applications against threats, and give you more granular control over user experiences.
Let’s dig in!
What's New
Native to Web SSO – Now in Early Access
This new capability is a game-changer for mobile and web app developers. It enables seamless session sharing between native mobile apps and web apps using a secure, standards-based approach, meaning users can authenticate once and maintain their session across platforms without re-logging in.
Highlights:
- Seamless session carry-over from iOS/Android to browser
- Uses secure, signed session tokens with device binding
- Integrated with Actions, CLI, Terraform, and SDKs
- Works with SAML, WS-FED, and Post Login Actions
Multi-Resource Refresh Tokens (MRRT) – Now in Early Access
Tired of juggling refresh tokens for every API? Now you don’t have to.
MRRT lets your app use a single refresh token to get new access tokens for multiple APIs. This simplifies lifecycle management and improves developer UX.
Highlights:
- One refresh token → multiple APIs
- Define audience-specific token policies
- Works with expiring + rotating refresh tokens
- Available in Management API, Deploy CLI, Terraform, iOS/Android SDKs
Perfect for microservices, distributed APIs, or mobile/web hybrids.
Enhanced Bot Detection for Signups
The improved model now recognizes more legit users, especially on mobile and new browsers, with fewer false positives and unnecessary CAPTCHA prompts.
Highlights:
- Smarter handling of user-agent signals (new OS/browser versions)
- Native mobile traffic is now better recognized
- Enhanced security with lower friction
Available to Enterprise customers with the Attack Protection add-on.
Passkey Enrollment via My Account – Limited Early Access
Native Passkey Enrollment is here via our new My Account API. Your app can now offer seamless passkey onboarding, directly from your UI.
Highlights:
- Full passkey management via API
- Built for native + web flows
- First of many new capabilities on the self-service My Account platform
Customize the Brute-Force Protection unblock page with Universal Login
You can now custom-brand the unblock page for Brute-Force Protection using Universal Login. This update allows for a fully branded experience when users are locked out due to repeated failed login attempts.
Highlights:
- Branded unblock experience via Universal Login
- Improved compatibility with email security scanners
Deprecations
Multiple actions for custom phone and email provider triggers
If you use the Management API create an action endpoint, we are deprecating the ability to create more than one action per tenant for actions supporting custom phone or email providers and introducing a maximum limit of one action in the respective triggers:
custom-phone-provider
custom-email-provider
Removal of Access to Specific Event Request Properties in Actions
Starting September 16, 2025, the service will restrict access to additional property names within the event.request.query
and event.request.body
objects when executing actions for the post-login and credentials-exchange triggers.
Request-related objects:
auth_session
authn_response
client_secret
client_assertion
refresh_token
Community and Events
Where we were in June
June was packed with dev-first events where we shared real-world lessons in auth, AI, and secure system design:
- dev_day(25) – Our virtual event for AI agents and identity fundamentals. Sessions available on-demand, watch now.
- Frontend Nation – Ramona Schwering (Moe) shared frontend security best practices
- AI Engineering World's Fair – Exploring auth for agent workflows
- AWS Summit Hamburg – with Juan Cruz Martinez at the booth answering questions
- React Summit – Moe on modern identity in React
- VLCTechFest – Carla Urrea Stabile joined Spain’s open-source community
- Open Source Summit North America – Carla on FGA
- AWS Summit Japan – with Daizen Ikahara at the booth answering questions
- Vercel Ship – with Juan at the booth answering questions
- A Night Of AI (NYC) Mini Tech Conference – with Juan talking about AI agents and practical tooling
- RenderATL – Auth0 at the booth and participating in panel discussions with Netlify
Where we’ll be in July
We're heading into July with a strong presence across developer, identity, and cloud-native events — from keynotes in Europe to hands-on engagements in Asia Pacific and the U.S.
- DWX 2025 (June 30 – July 3, EMEA) – Moe presents "From the Crypt to the Code", diving into secure coding and modern auth strategies
- WeAreDevelopers World Congress (July 9–11, EMEA) – Come say hi at the booth and watch sessions by:
- Moe - "The Cake Is a Lie... And So Is Your Login’s Accuracy", unpacking real-world login flaws and how to build trust in AI-era authentication
- Deepu K Sasidharan "Delay the AI Overlords: How OAuth and OpenFGA Can Keep Your AI Agents from Going Rogue"
- AWS Summit New York (July 16, AMER) – Our team will be on the ground connecting with cloud builders about secure identity at scale
Planning to attend? Reach out! We’d love to meet you and hear what you’re building.
Expect talks, demos and plenty of real-world tips on building secure, AI-aware, and scalable identity experiences.
That’s a wrap on July! We’ll be back next month with more dev-first updates.
Until then:
Stay secure.
Keep shipping.
We’re here if you need us.
About the author

Ana Cidre
Sr Manager, Developer Advocacy
Ana Cidre is a passionate advocate for the developer community and leads the Developer Advocacy team at Auth0. She's committed to fostering a more inclusive and diverse tech world, drawing on her technical background and strategic vision to improve developer experiences and build meaningful connections.
As the founder of GalsTech, an initiative supporting women in tech in Galicia, and through her active efforts to create welcoming spaces for underrepresented groups, Ana's dedication to diversity and inclusion extends beyond her daily work.
Ana has a proven track record of building global Developer Relations teams, cultivating active developer communities, and crafting impactful educational content. She maintains a strong connection to the community through speaking engagements and direct interaction with developers.