Auth0 Changelog

Get the latest updates in Auth0

Added: SDKs

2017-10-05

The Auth0.Android SDK fixes a few bugs in the authentication flow and activity state when using Chrome Custom Tabs. See the changelog entry for more information.
Luciano Balmaceda

Luciano Balmaceda

Mobile Engineer

Added: SDKs

2017-09-27

JWTDecode.swift - Added Xcode 9 compatibility. See the changelog entry for more information.
Martin Walsh

Martin Walsh

iOS Engineer

Added: SDKs

2017-09-20

Lock.swift - Added Xcode 9 compatibility, various fixes to the database SignUp process. See the changelog entry for more information.
Martin Walsh

Martin Walsh

iOS Engineer

Added: Management API

2017-09-18

Added the ability to set the user_id during user creation using the User Management API. For more information, check our documentation.
Sandrino Di Mattia

Sandrino Di Mattia

Product Owner

Added: SDKs

2017-09-15

Auth0.swift - Added Xcode 9 support. See the changelog entry for more information.
Martin Walsh

Martin Walsh

iOS Engineer

Added: SDKs

2017-09-08

The Auth0-Java SDK adds support for the Management API Grants entity. See the changelog entry for more information.
Luciano Balmaceda

Luciano Balmaceda

Mobile Engineer

Updated: Management Dashboard

2017-08-23

New clients created in the dashboard will default to OIDC Conformant. The full list of changes this implies can be found here.
Martin Cabral

Martin Cabral

Engineer

Added: Authentication API

2017-08-08

Added the ability to set the primary user in rules using context.primaryUser. Check our documentation for more information.
Samuel Judson

Samuel Judson

Application Security Engineer

Updated: Management API

2017-08-01

The DELETE client grants endpoint now allows to delete all grants for a given user by specifing the query string parameter user_id.
Hugo Arregui

Hugo Arregui

Engineer

Updated: Management Dashboard

2017-07-20

Now the 'Use Auth0 for SSO' flag under Client Settings is disabled for OIDC Conformant clients.
Tomás Chernov

Tomás Chernov

Front End Developer

Added: SDKs

2017-07-19

The Auth0.Android SDK now makes use of 'Android Manifest Placeholders' to define the Domain and Scheme values required to automatically capture a Web Authentication result. See the changelog entry for more information.
Luciano Balmaceda

Luciano Balmaceda

Mobile Engineer

Added: Lock

2017-07-19

Lock for Android now makes use of 'Android Manifest Placeholders' to define the Domain and Scheme values required to automatically capture a Web Authentication result, like logging in using the Facebook connection. See the changelog entry for more information.
Luciano Balmaceda

Luciano Balmaceda

Mobile Engineer

Added: Lock

2017-07-12

Lock for Android now features a 'show password' toggle button on the Password fields. See the changelog entry for more information.
Luciano Balmaceda

Luciano Balmaceda

Mobile Engineer

Added: SDKs

2017-07-10

The Auth0.Android SDK will try to use Chrome Custom Tabs when possible. A helper class is included to easily manage Credentials. See the changelog entry for more information.
Luciano Balmaceda

Luciano Balmaceda

Mobile Engineer

Fixed: MFA

2017-07-05

Fixed an issue where the ACR value was not being properly set when in a SAML context.
Fredrik Liljegren

Fredrik Liljegren

Engineer

Fixed: MFA

2017-06-30

MFA no longer incorrectly preventing brute-force anomaly detection count resets.
Damian Fortuna

Damian Fortuna

Front End Developer

Added: SDKs

2017-06-26

Auth0.swift - Added OIDC conformant UserInfo class and API method, added Touch ID validation for renewing credentials and added iOS 11 (Beta) support. See the changelog entry for more information.
Martin Walsh

Martin Walsh

iOS Engineer

Fixed: MFA

2017-06-22

Fixed an issue where the user was being asked to perform MFA despite having clicked the 'Remember Me' checkbox.
Fredrik Liljegren

Fredrik Liljegren

Engineer

Updated: Management API

2017-06-18

The GET client grants endpoint now allows filtering by client id using the query string parameter client_id.
Hugo Arregui

Hugo Arregui

Engineer

Added: Authentication API

2017-06-06

Added a new client.grant_types property to Auth0 Clients. With this change, Auth0 will restrict authentication and authorization flows based on the grant types associated with each client. All existing clients have been updated with all grant types for backward compatibility. New clients will be created with certain default grant types based on whether it is a public or confidential client (based on the token_endpoint_auth_method property). See our documentation for more information.
Germán Lena

Germán Lena

Engineer

Added: SDKs

2017-06-06

Auth0.swift - Added Credentials Manager utility for secure management of tokens. Updated compatibility for Xcode 8.3 See the changelog entry for more information.
Martin Walsh

Martin Walsh

iOS Engineer

Added: SDKs

2017-06-06

Lock.swift - Added 1Password support for database connections. Greatly expanded Lock customization options. See the changelog entry for more information.
Martin Walsh

Martin Walsh

iOS Engineer

Changed: Management API

2017-05-29

Removed client.resource_servers from documented sample response.
Hugo Arregui

Hugo Arregui

Engineer

Added: Management API

2017-05-29

  • Added support to query by identifier on PATCH / GET / DELETE api/v2/resource-servers endpoints.
  • Added pagination to GET api/v2/clients endpoint.
Hugo Arregui

Hugo Arregui

Engineer

Deprecated: SDKs

2017-05-24

The Java Spring MVC SDK has been deprecated and will no longer be maintained. Development will continue on the auth0-java-mvc-common SDK.
Luciano Balmaceda

Luciano Balmaceda

Mobile Engineer

Deprecated: SDKs

2017-05-24

The Java Spring Security MVC SDK has been deprecated and will no longer be maintained. Development will continue on the auth0-java-mvc-common SDK.
Luciano Balmaceda

Luciano Balmaceda

Mobile Engineer

Deprecated: SDKs

2017-05-24

The Java Servlet SDK has been deprecated and will no longer be maintained. Development will continue on the auth0-java-mvc-common SDK.
Luciano Balmaceda

Luciano Balmaceda

Mobile Engineer

Added: SDKs

2017-05-24

Published new SDK for Java (auth0-java-mvc-common) to simplify the web authentication from Java MVC applications using either Code Grant or Implicit Grant. Supports HS256, and RS256 algorithms with optional Public Key Rotation. See the changelog entry for more information.
Luciano Balmaceda

Luciano Balmaceda

Mobile Engineer

Added: SDKs

2017-05-23

The Auth0-Java SDK adds support for the new OAuth 2.0 Renew and Revoke Token endpoints. The Guardian entity has also been improved. See the changelog entry for more information.
Luciano Balmaceda

Luciano Balmaceda

Mobile Engineer

Nicolas Ulrich

Nicolas Ulrich

Mobile Engineer

Fixed: Management Dashboard

2017-05-11

  • Officially dropped support for Microsoft’s Internet Explorer 10.
  • Fixed issue in the APIs section’s Test tab: changing languages in the code viewers now change the language properly.
  • Fixed visual issue with code editors backgrounds in the User Details section when using Chrome in Windows 10.
  • Fixed overflowing of text when users have huge strings without spaces or breaks in their External Attributes Object.
  • Fixed issue with Delete Account prompt showing a default domain name instead of the correct domain for that account.
  • Fixed issue with positioning for SAML connections list pagination controls.
  • Fixed issue when uploading custom logo in Tenant Settings section would crash the browser.
  • Fixed issue with users with special characters in their IDs that could not be seen in the dashboard.
  • Improved UI for User Identities in User Details: replaced the old JSON viewer for a better-looking code editor.
  • Fixed SAMLP default mappings example to avoid getting parsing errors by default.
  • Now the API section is displayed by default.
Tomás Chernov

Tomás Chernov

Front End Developer

Added: Authentication

2017-05-09

New connection for PayPal Sandbox applications, it can be found in Social Connections in dashboard

Eduardo Díaz Sanabria

Eduardo Díaz Sanabria

Engineer

Added: SDKs

2017-05-04

The Java-JWT SDK adds a 'Key Provider' interface to support dynamic RSA or ECDSA Keys, making easier the use of JWKs files for token verification. Long claims are also supported. From this release on, the JWT#decode static method will return a DecodedJWT object instead of a JWT object. See the changelog entry for more information.
Luciano Balmaceda

Luciano Balmaceda

Mobile Engineer

Added: SDKs

2017-04-27

The Auth0.Android SDK allows to revoke refresh_tokens. See the changelog entry for more information.
Luciano Balmaceda

Luciano Balmaceda

Mobile Engineer

Added: Lock

2017-04-27

Lock for Android adds Paypal connection support and displays a Retry screen if it fails to load the Client settings. See the changelog entry for more information.
Luciano Balmaceda

Luciano Balmaceda

Mobile Engineer

Added: SDKs

2017-04-25

Lock.swift - Added Passwordless SMS/Email connection support, paypal-sandbox connection support. See the changelog entry for more information.
Martin Walsh

Martin Walsh

iOS Engineer

Added: API Authorization

2017-04-12

Server-side resource-owner password flows that use brute-force detection can now prevent erroneous blocking scenarios by utilizing the 'auth0-forwarded-for' header. See the documentation for more details.

Damian Fortuna

Damian Fortuna

Front End Developer

Added: SDKs

2017-04-06

The Auth0.Android SDK on the event of a Rule error while trying to authenticate will parse any rule-defined custom error message. See the changelog entry for more information.
Luciano Balmaceda

Luciano Balmaceda

Mobile Engineer

Fixed: Management Dashboard

2017-04-05

  • Fixed outdated link in Sharepoint SSO Integration tutorial page.
  • Improved error message in the Email Templates section when the from field is not properly filled.
  • Fixed UI for form validations so they don’t linger after a successful submission of the form.
  • Added read:user_idp_tokens to available scopes for the Management API.
Tomás Chernov

Tomás Chernov

Front End Developer

Added: API Authorization

2017-04-05

Added multifactor authentication capabilities to the oauth/token endpoint. See the documentation for more details.

Damian Fortuna

Damian Fortuna

Front End Developer

José Luis Diaz

José Luis Diaz

Engineer

Fredrik Liljegren

Fredrik Liljegren

Engineer

Added: SDKs

2017-03-27

Auth0.swift - Added method to check native authentication availability for IdP on device. See the changelog entry for more information.
Martin Walsh

Martin Walsh

iOS Engineer

Added: SDKs

2017-03-16

Auth0.swift - Added scope support to the renew method. See the changelog entry for more information.
Martin Walsh

Martin Walsh

iOS Engineer

Added: Authentication

2017-03-14

user.last_password_reset will now be set immediately when the user changes their password, instead of waiting for the next login.

Germán Lena

Germán Lena

Engineer

Added: SDKs

2017-03-13

Auth0.swift - Added Connection Scopes to webAuth and creation of webAuth instances from authentication instances. See the changelog entry for more information.
Martin Walsh

Martin Walsh

iOS Engineer

Added: SDKs

2017-03-13

Lock.swift - Added connection scope support for OAuth2 connections and added native authentication handler support. See the changelog entry for more information.
Martin Walsh

Martin Walsh

iOS Engineer

Fixed: Management Dashboard

2017-03-10

  • Added functionality to filter-as-you-type the tenant list in the tenant dropdown for tenant lists with more than 10 tenants in them.
  • Updated UI for the <app_metadata> and <user_metadata> properties, in the User Details section, to feature a full-featured editor with code folding.
  • Renamed the “Setup” button in SAMLP connections list to “Setup Instructions”.
  • Fixed a series of issues with dashboard invitees:
    • Prevent non-owners from entering the “create SSO Integrations” route.
    • Prevent non-owners from entering the Logs section.
    • Prevent non-owners from entering the account sub-sections (Admins, Payment, etc.).
  • Updated UI for Dashboard Admins to fix XSS vulnerability when deleting dashboard admins and relocated the row to add an admin to always be on top of the list to avoid scrolling in long lists.
  • Updated UI for User Details to account for long <name> and <username> properties by truncating them.
  • Added the possibility to save Sharepoint SSO Integrations <external URLs> as a comma-separated list to set multiple of them.
Tomás Chernov

Tomás Chernov

Front End Developer

Added: Authentication

2017-03-08

Added support for read:user scope when using Github social connections

Eduardo Díaz Sanabria

Eduardo Díaz Sanabria

Engineer

Added: Lock

2017-03-06

Lock for Android Passwordless flow can now remember the identity of the last person who successfully signed in. See the changelog entry for more information.
Luciano Balmaceda

Luciano Balmaceda

Mobile Engineer

Added: SDKs

2017-03-02

The Auth0.Android SDK adds the Management API's GET User Profile endpoint. See the changelog entry for more information.
Luciano Balmaceda

Luciano Balmaceda

Mobile Engineer

Added: Management API

2017-02-25

Updated the UI for the API Explorer tab to be able to configure the token expiration for the Management API.

Tomás Chernov

Tomás Chernov

Front End Developer

Added: Authentication

2017-02-23

Rules will now run when calling oauth/token with grant_type: password or grant_type: refresh_token. For more information, check out our documentation.

Samuel Judson

Samuel Judson

Application Security Engineer

Added: MFA

2017-02-22

Guardian Authenticator for Android is now capable of scanning and managing any generic TOTP key.

Nicolas Ulrich

Nicolas Ulrich

Mobile Engineer

Added: Clients

2017-02-22

Added a new property for Clients, a free-text field to describe the client’s purpose.

Tomás Chernov

Tomás Chernov

Front End Developer

Added: SDKs

2017-02-16

Released new Lock for iOS version written in Swift and migration guide to help the transition.

Hernan Zalazar

Hernan Zalazar

Engineer (Native UX)

Martin Walsh

Martin Walsh

iOS Engineer

Added: SDKs

2017-02-06

Auth0.swift - Added Native Authentication support and fixed support for OIDC conformant profiles. See the changelog entry for more information.
Martin Walsh

Martin Walsh

iOS Engineer

Added: SDKs

2017-01-30

Published new SDK for Java (auth0-java) that supports Authentication API OAuth 2.0 endpoints and most of the Management API entities. See the changelog entry for more information.
Luciano Balmaceda

Luciano Balmaceda

Mobile Engineer

Added: Authentication

2017-01-16

Added enhancements to SAML Single Logout to conform to the Single Logout Profile specification. With these enhancements, all SAML Service Providers you have configured for logout will be sent a LogoutRequest to the logout.callback URL you have configured in the SAML Add-on. If your Service Provider does not support Single Logout, you can set logout.slo_enabled: false in your SAML Add-on configuration. For more information, check out our Logout documentation and SAML configuration documentation.

Hernán Tierno

Hernán Tierno

Engineer

Marcos Castany

Marcos Castany

Engineer

Added: SDKs

2017-01-04

The Java-JWT SDK can now handle Array claims and return the Payload claims as a Map. See the changelog entry for more information.
Luciano Balmaceda

Luciano Balmaceda

Mobile Engineer

Added: SDKs

2017-01-03

Published auth0.js v8 and migration guide to help the transition.

Germán Lena

Germán Lena

Engineer

Hernan Zalazar

Hernan Zalazar

Engineer (Native UX)

Added: SDKs

2017-01-02

The Auth0.Android SDK adds a flag to decide if the API calls should be made using Open ID Connect conformant or Legacy endpoints. See the changelog entry for more information.
Luciano Balmaceda

Luciano Balmaceda

Mobile Engineer

Added: Lock

2017-01-02

Lock for Android now supports the use of custom URL schemes for Web Authentication. The Implicit Grant has been deprecated. See the changelog entry for more information.
Luciano Balmaceda

Luciano Balmaceda

Mobile Engineer

Changed: Anomaly Detection

2016-12-26

Consolidated brute-force detection into a single Shield.

José Luis Diaz

José Luis Diaz

Engineer

Added: SDKs

2016-12-16

Auth0.swift - Added support for password-realm.grant_types and refresh_token.grant_types. Additional smaller changes have been made to support OIDC. See the changelog entry for more information.
Martin Walsh

Martin Walsh

iOS Engineer

Added: SDKs

2016-12-12

The Auth0.Android SDK now supports sending audience value on Web Authentication. See the changelog entry for more information.
Luciano Balmaceda

Luciano Balmaceda

Mobile Engineer

Added: SDKs

2016-12-05

Published new Java SDK (java-jwt) for Json Web Tokens verification and signing. Supports HMAC, RSA and ECDSA algorithms. See the changelog entry for more information.
Luciano Balmaceda

Luciano Balmaceda

Mobile Engineer

Added: MFA

2016-12-02

It is now possible to pre-enroll users into Guardian via an enrollment email. See here for more information.

José Luis Diaz

José Luis Diaz

Engineer

Added: Authentication

2016-12-02

Added client flag to disable SSO (sso_disabled) which can be set using the Management API. When this flag is set to true, an Auth0 session will not be created for any authentication using that client.

Hernán Tierno

Hernán Tierno

Engineer

Hugo Arregui

Hugo Arregui

Engineer

Changed: Authentication

2016-12-01

Upgraded Auth0 hosted login page to Lock 10.7.

Sebastian Iacomuzzi

Sebastian Iacomuzzi

Engineer

Added: API Authorization

2016-12-01

Added expires_in to oauth/token endpoint

Hernán Tierno

Hernán Tierno

Engineer

Added: SDKs

2016-11-30

The Auth0.Android SDK prepares to conform with Open ID Connect and adds the /userinfo and /oauth/token endpoints. Multiple response_type values are supported as well. See the changelog entry for more information.
Luciano Balmaceda

Luciano Balmaceda

Mobile Engineer

Added: MFA

2016-11-25

Published new mobile SDKs for iOS (Guardian.swift) and Android (Guardian.Android) to make it simple to build custom Guardian mobile applications.

Nicolas Ulrich

Nicolas Ulrich

Mobile Engineer

Hernan Zalazar

Hernan Zalazar

Engineer (Native UX)

Added: Lock

2016-11-21

Lock for Android now allows to specify a custom Scope. See the changelog entry for more information.
Luciano Balmaceda

Luciano Balmaceda

Mobile Engineer

Added: Authentication

2016-11-18

nonce parameter is now mandatory if you are using implicit grant flow

Samuel Judson

Samuel Judson

Application Security Engineer

Added: Lock

2016-11-02

Released new version of Lock for Web with several bugfixes and improvements including support for custom OAuth2 connections. See Lock's changelog for more information.

Germán Lena

Germán Lena

Engineer

Benjamín Flores

Benjamín Flores

User Interface Developer

Cristian Douce

Cristian Douce

Engineer

Added: MFA

2016-10-31

Release of the UI-less client libraries for Guardian, allowing users to build custom Guardian widgets. See the library here for more information

Damian Fortuna

Damian Fortuna

Front End Developer

Fixed: Authentication

2016-10-26

Double quotes in assertions caused invalid SAML signature.

Marcos Castany

Marcos Castany

Engineer

Added: Settings

2016-10-26

Added new Tenant settings for:

  • default_audience - Specifies the audience that clients will receive as a default if one isn't explicitly requested
  • default_directory - Specifies a default directory connection to use when using password grant flow

Tomás Chernov

Tomás Chernov

Front End Developer

Martin Cabral

Martin Cabral

Engineer

Added: SDKs

2016-10-25

Published new Android focused SDK (JWTDecode.Android) for decoding Json Web Tokens (JWT). See the changelog entry for more information.
Luciano Balmaceda

Luciano Balmaceda

Mobile Engineer

Changed: Lock

2016-10-24

Lock for Android now uses Browser instead of WebView by default for authentication. See the changelog entry for more information.
Luciano Balmaceda

Luciano Balmaceda

Mobile Engineer

Fixed: Connections

2016-10-24

Verification email does not display given_name attribute for custom DB.

Eduardo Díaz Sanabria

Eduardo Díaz Sanabria

Engineer

Hernán Tierno

Hernán Tierno

Engineer

Added: Connections

2016-10-15

Added paging to Database Connctions page to support large volume of connections

Tomás Chernov

Tomás Chernov

Front End Developer

Hugo Arregui

Hugo Arregui

Engineer

Added: SDKs

2016-10-06

Published new mobile SDKs for iOS (Auth0.swift) and Android (Auth0.Android) to make it simple to build custom login screens using Auth0.

Hernan Zalazar

Hernan Zalazar

Engineer (Native UX)

Luciano Balmaceda

Luciano Balmaceda

Mobile Engineer

Added: API

2016-10-05

It is now possible to disable automatic SMS and email notifications during Passwordless user creation. See the docs for more information.

Eduardo Díaz Sanabria

Eduardo Díaz Sanabria

Engineer

Added: MFA

2016-10-05

Auth0 Guardian now allows users to choose to 'remember this browser' and not be prompted for MFA for 30 days from a known system.

Fredrik Liljegren

Fredrik Liljegren

Engineer

Added: Authentication

2016-09-26

When a user hits the rate limit for the delegation endpoint, log entries will now be visible in the tenant logs.

Hernán Tierno

Hernán Tierno

Engineer

Added: SSO

2016-09-22

SSO Session Timeout can be customized in Tenant Settings > Advanced. This allows you to specify how long the SSO Cookie is valid.

Sebastian Iacomuzzi

Sebastian Iacomuzzi

Engineer

Hugo Arregui

Hugo Arregui

Engineer

Tomás Chernov

Tomás Chernov

Front End Developer

Added: OAuth2

2016-09-21

You can now opt-in to preview the new OAuth2aaS pipeline in Account Settings > Advanced. This enables support for Advanced API Authorization scenarios including user consent.

Sebastian Iacomuzzi

Sebastian Iacomuzzi

Engineer

Martin Cabral

Martin Cabral

Engineer

Added: Lock

2016-09-21

Released new major version of Lock for Android with redesigned UI and new features like custom OAuth2 connections support, password policy, etc. See the docs for more information.

Luciano Balmaceda

Luciano Balmaceda

Mobile Engineer

Fixed: Authentication

2016-09-21

Fixed error when custom DB scripts are set to null

Hernán Tierno

Hernán Tierno

Engineer

Added: Connections

2016-09-19

Database Connections now allow customizing the minimum and maximum length for usernames, up to 128 characters. This only applies if Require Username is on.

username length

Tomás Chernov

Tomás Chernov

Front End Developer

Eduardo Díaz Sanabria

Eduardo Díaz Sanabria

Engineer

Hernan Zalazar

Hernan Zalazar

Engineer (Native UX)

Hugo Arregui

Hugo Arregui

Engineer

Changed: API

2016-09-13

Renamed the Delete All Users endpoint from DELETE /api/v2/users to DELETE /api/v2/allusers to avoid accidental deletion of users.

Hugo Arregui

Hugo Arregui

Engineer

Added: Enterprise Connections

2016-09-07

Add oid claim to Azure AD user profiles

Hernán Tierno

Hernán Tierno

Engineer

Added: API

2016-09-05

Update response from Device Credentials endpoint to include type and user_id.

Hugo Arregui

Hugo Arregui

Engineer

Added: Logs

2016-09-02

SAML Response is now displayed in Tenant Logs when Debug Mode is enabled in the SAML Connection.

Marcos Castany

Marcos Castany

Engineer

Added: MFA

2016-08-29

Added the ability to regenerate Guardian recovery codes. Please visit our documentation for details.

Fredrik Liljegren

Fredrik Liljegren

Engineer

Added: MFA

2016-08-25

Auth0 Guardian is now officially released -- a new and convenient way to perform multifactor authentication for logins. Guardian features 'push-notifications' as well as other standard authentication flows. See our full announcement here.

Damian Fortuna

Damian Fortuna

Front End Developer

Nicolas Ulrich

Nicolas Ulrich

Mobile Engineer

Hernan Zalazar

Hernan Zalazar

Engineer (Native UX)

Added: Password Breach Detection

2016-08-24

Releasing password breach detection, which protects Auth0 users in case their password is leaked via a breach at a different provider. Auth0 monitors announcments of breaches from other providers, and checks Auth0 users against the list of leaked accounts. In case of a match, the user will be prevented from logging in until their password is reset.

Jose Romaniello

Jose Romaniello

Head Of Engineering

Added: API

2016-08-24

Added ability to specify Client Logo on the client API

Germán Lena

Germán Lena

Engineer

Added: MFA

2016-08-17

Guardian template is now customizable via the Hosted Pages section.

Damian Fortuna

Damian Fortuna

Front End Developer

Fixed: Logs

2016-08-09

Fixed issue with Account Un-Linking where the secondary account would not show up in the Users list after being Un-Liked. Now, when Un-Linking two linked accounts, the secondary account will be restored and visible in Users.

Hugo Arregui

Hugo Arregui

Engineer

Added: Bulk Import

2016-08-05

Bulk Import API has been upgraded with the following changes:

  • Added option to specify if the operation should should insert or upsert
  • Added external_id parameter. The value is user defined and is returned with Job status; can be used for correlating multiple jobs.
  • Job Status shows summary totals of successful/failed/inserted/updated
  • Added ability to retrieve failed entries via API call to GET /api/v2/jobs/{id}/errors
  • Job Status is added to Tenant Logs which allows a custom WebHook to be trigged using the WebHook Logs Extension

Hugo Arregui

Hugo Arregui

Engineer

Added: MFA

2016-08-05

The API now has the ability to manage Guardian configuration. Please visit our documentation for full details.

Damian Fortuna

Damian Fortuna

Front End Developer

Added: Extensions

2016-08-01

The Bitbucket Deployments extension allows you to deploy rules and database connection scripts from Bitbucket to Auth0. You can configure a Bitbucket repository, keep all your rules and database connection scripts there, and have them automatically deployed to Auth0 each time you push to your repository. extensions

Sandrino Di Mattia

Sandrino Di Mattia

Product Owner

Added: Authentication

2016-07-22

The /authorize endpoint now supports response_mode=form_post when the response_type is either id_token or code token.

For example:
/authorize?response_mode=form_post&client_id=…&redirect_uri=…&response_type=id_token

Hernán Tierno

Hernán Tierno

Engineer

Added: API Authorization

2016-07-15

Auth0 now supports full Client Credentials flow for API Authorizations. This allows server to server authorization for things like scripts, backend services, daemons, or any app that does not need to operate as a user.

Enabling the API section can be done via Account Settings or by adding a new Non Interactive Client.

The Application section in the Auth0 Dashboard has been renamed to Clients to clarify the distinction between APIs and Clients.

This is the first step we are taking towards more complex API authorization scenarios. Other flows, such as User Consent, will be added in the near future. Please visit our full documentation for detailed information about API Authorization.

Jared Hanson

Jared Hanson

Engineer

Martin Cabral

Martin Cabral

Engineer

Yohanna Etchemendy

Yohanna Etchemendy

Product Designer

Tomás Chernov

Tomás Chernov

Front End Developer

Cristian Douce

Cristian Douce

Engineer

Matías Woloski

Matías Woloski

Co-Founder, CTO

Added: Password Policy

2016-07-15

Added password policy support for Password Dictionary and Password Personal Data.

Password Dictionary, when enabled, prevents the use of common passwords and allows for setting a custom dictionary with up to 200 entries.

Password Personal Data, when enabled, prevents using personal data in the password, such as the user's name, parts of the email address, etc...

Eduardo Díaz Sanabria

Eduardo Díaz Sanabria

Engineer

Jason Strutz

Jason Strutz

Engineer

Alex Stanciu

Alex Stanciu

Product Owner

Added: Connections: Passwordless

2016-07-15

Added ability to change Email for users in Passwordless connections.

Eduardo Díaz Sanabria

Eduardo Díaz Sanabria

Engineer

Tomás Chernov

Tomás Chernov

Front End Developer

Jason Strutz

Jason Strutz

Engineer

Added: Connections: Passwordless

2016-07-14

Added support for Twillio Copilot in Passwordless Connections.

Hernán Tierno

Hernán Tierno

Engineer

Jason Strutz

Jason Strutz

Engineer

Changed: Social Connections: Fitbit

2016-07-12

Support for Fitbit OAuth2 apps. Added an upgrade mechanism for OAuth1 (deprecated) connections.

Eduardo Díaz Sanabria

Eduardo Díaz Sanabria

Engineer

Jason Strutz

Jason Strutz

Engineer

Jeff Smith

Jeff Smith

Technical Writer

Changed: Passwordless

2016-07-02

If a user requests multiple passwordless links/codes, emails may not arrive or be displayed in the correct order. Up till now, only the last code issued was valid, causing issues when opening the wrong email. This change allows the last 5 codes sent to be valid, but once one is used, the rest are invalidated.

Hernán Tierno

Hernán Tierno

Engineer

Added: Extensions

2016-06-29

The GitHub Deployments extension allows you to deploy rules and database connection scripts from GitHub to Auth0. You can configure a GitHub repository, keep all your rules and database connection scripts there, and have them automatically deployed to Auth0 each time you push to your repository. extensions

Sandrino Di Mattia

Sandrino Di Mattia

Product Owner

Added: Password Policy

2016-06-21

Added Password History support to Database Connections' password policies.

Hernán Tierno

Hernán Tierno

Engineer

Tomás Chernov

Tomás Chernov

Front End Developer

Yohanna Etchemendy

Yohanna Etchemendy

Product Designer

Jason Strutz

Jason Strutz

Engineer

Alex Stanciu

Alex Stanciu

Product Owner

Added: Social Connections

2016-05-28

Added support for the new Firebase SDK v3.

Eduardo Díaz Sanabria

Eduardo Díaz Sanabria

Engineer

Added: Tenant Settings

2016-05-25

Introduced a new tenant settings flag enable_client_connections that will allow customers to switch between 2 flows when creating clients (Applications):

  • When creating a new client, create and enable existing connections (current flow, default)
  • When creating a new client, create but don't enable my existing connections (new flow)

This setting can be turned off in Account Settings > Advanced > Settings > Enable Client Connections or via the API using the GET /api/v2/tenants/settings endpoint.

Cristian Douce

Cristian Douce

Engineer

Added: Extensions

2016-05-16

Extensions gallery now supports documentation. From now on, you will be able to check documetion before and after installing an extension.

extensions extensions

Javier Centurion

Javier Centurion

Engineer

Victor Fernandez

Victor Fernandez

Lead Designer

Maria Paktiti

Maria Paktiti

Technical Writer

Added: Social Connections: Bitbucket, Social Connections: Dropbox

2016-05-12

Added support for Bitbucket and Dropbox social connections.

If you are using Lock, please upgrade to v9.2.0.

Gabriel Andretta

Gabriel Andretta

Engineer

Victor Fernandez

Victor Fernandez

Lead Designer

Richard Seldon

Richard Seldon

Customer Success Engineer

Added: Passwordless emails

2016-05-12

Provided access to the language in passwordless email templates

Eduardo Díaz Sanabria

Eduardo Díaz Sanabria

Engineer

Removed: API

2016-05-10

Remove support for JSONP on the /ssodata endpoint. The "Last time you logged in with" feature will no longer be supported on IE 9.

Jose Romaniello

Jose Romaniello

Head Of Engineering

Added: Rules

2016-05-09

Integrate Rules Debugging with Real-time Logs extension

extensions

Javier Centurion

Javier Centurion

Engineer

Added: Extensions

2016-05-08

We shipped 7 new logging extensions. You can now export Auth0 logs to one of the following external systems:

  • Auth0 Logs to Papertrail
  • Auth0 Logs to Sumologic
  • Auth0 Logs to Splunk
  • Auth0 Logs to Logstash
  • Auth0 Logs to Mixpanel
  • Auth0 Logs to Logentries

Export operation executes at configurable intervals to ensure you always have access to recent logs.

extensions

Sandrino Di Mattia

Sandrino Di Mattia

Product Owner

Richard Seldon

Richard Seldon

Customer Success Engineer

Javier Centurion

Javier Centurion

Engineer

Added: Extensions

2016-05-02

New Extension: Real-time Webtask Logs

This extension gives you the possibility to access to Webtask Logs in real-time. extensions extensions

Tomasz Janczuk

Tomasz Janczuk

Engineer

Javier Centurion

Javier Centurion

Engineer

Added: Server

2016-04-22

Added logout returnTo URL validation. If the returnTo URL is not in the Allowed Logout URLs list, the request will be rejected. See the docs for more information.

Hernán Tierno

Hernán Tierno

Engineer

Added: Extensions

2016-04-08

New Extension: Authorization Dashboard

This extension gives you the possibility to manage group memberships for your users.

Group Management

Allows you to create groups with a name and a description. Users can be added and removed from groups. This can happen by opening the group and managing users from there, or by opening the user and manage the user's group memberships from there.

extensions

User Management

Besides managing everything from the group point of view you can also open a user and manage his/her group memberships there but also see the "calculated" group memberships for that user.

extensions

Application Access

In Auth0 the application access is very coarse grained. All users in a connection that is enabled for the application are able to access the application. With this extension you are now able to take this a step further. You are able to define that only groups "Fabrikam Management" and "Fabrikam Finance" are able to access the "Reporting App" containing reports about the company's financials.

extensions

Sandrino Di Mattia

Sandrino Di Mattia

Product Owner

Javier Centurion

Javier Centurion

Engineer

Added: Management API

2016-04-07

Added a new property on the client entity to allow users to specify how the client is going to perform authentication with the token endpoint. Values are none, client_secret_post and client_secret_basic. The none option is introduced for native applications which can’t store secrets and use PKCE (see https://tools.ietf.org/html/rfc7636)

Martin Cabral

Martin Cabral

Engineer

Changed: Connections: Database

2016-04-06

Suppressed the error message in the change password flow in order to prevent user enumeration within the message. The API now returns HTTP 200.

Marcos Castany

Marcos Castany

Engineer

Fixed: Authentication API

2016-04-06

We included an extra validation in the /tokeninfo endpoint to verify that the account name in the URL matches the account for which the token was issued. Any call to the tokeninfo with a token from another account will return Unauthorized.

Sebastian Iacomuzzi

Sebastian Iacomuzzi

Engineer

Marcos Castany

Marcos Castany

Engineer

Deprecated: APIv2

2016-04-05

We deprecated the current_user_device_credentials scopes in the /api/v2/device-credentials endpoint for POST and DELETE methods. To use this endpoint we enabled Basic authentication with username and password from a database connection.

Sebastian Iacomuzzi

Sebastian Iacomuzzi

Engineer

Marcos Castany

Marcos Castany

Engineer

Added: Dashboard / Management API

2016-03-15

Users can now specify a list of URLs that are valid to redirect to after logging out from Auth0. The update can be done either from the Dashboard or using the Management API.

Hernán Tierno

Hernán Tierno

Engineer

Tomás Chernov

Tomás Chernov

Front End Developer

Cristian Douce

Cristian Douce

Engineer

Added: Enterprise Connections

2016-03-15

Added new ext_nested_groups option to waad connection strategy. When both ext_groups and ext_nested_groups are enabled we return all the groups that the user is a member of instead of only returning the ones that the user is direct member (for more information see this MSDN article)

Marcos Castany

Marcos Castany

Engineer

Added: Management API

2016-03-14

The device-credentials endpoint now supports basic authentication to perform GET, POST, and DELETE requests.

Sebastian Iacomuzzi

Sebastian Iacomuzzi

Engineer

Marcos Castany

Marcos Castany

Engineer

Added: Extensions Gallery

2016-03-11

Extensions Gallery updated!

This new version allows you to create your own extensions. extensions

Javier Centurion

Javier Centurion

Engineer

Victor Fernandez

Victor Fernandez

Lead Designer

Changed: Auth0 Lock v9

2016-03-01

The flow to reset a password has been updated.

In this new flow, users enter their username or email address and receive an email with instructions to choose a new password. The old flow which required users to enter their new password and then confirm the change via email is still available but has been deprecated: it is no longer available for new tenants and existing tenants are recommended to disable it.

Sebastian Iacomuzzi

Sebastian Iacomuzzi

Engineer

Gabriel Andretta

Gabriel Andretta

Engineer

Ricardo Rauch

Ricardo Rauch

Head of Design

Benjamín Flores

Benjamín Flores

User Interface Developer

Added: Extensions

2016-02-29

Extensions Gallery updated.

This new version gives users the possibility to search for an extension, easily check which ones are installed and access to more information about an extension before installing it. Also, includes new extensions such as Auth0 logs to Loggly, Auth0 logs to Azure blob storage, Auth0 logs to Application Insights, Auth0 AD/LDAP Connector Health Monitor and Auth0 Authentication API webhooks extensions

Javier Centurion

Javier Centurion

Engineer

Victor Fernandez

Victor Fernandez

Lead Designer

Added: Management API

2016-02-26

Users can query logs using the Management API v2.

You can use the new logs endpoints to query logs. This is the new recommended way to query logs. The API v1 logs endpoints will still be functional. See more info in the docs.

Hernán Tierno

Hernán Tierno

Engineer

Deprecated: SDKs

2015-11-21

The Auth0.Android SDK has deprecated the usage of the WebView for authentication. All web authentication should be done using the Browser. See the changelog entry for more information.
Luciano Balmaceda

Luciano Balmaceda

Mobile Engineer