Group

Auth0 Changelog

Get the latest updates in Auth0

added: Logs

We now support Webhooks (Beta) for your log events! Auth0 can stream events to your callback URL in near real-time.

  • Amber Sharma's Avatar

    Amber Sharma

    Engineer

  • Shaun Starsprung's Avatar

    Shaun Starsprung

    Engineer

  • Jason Strutz's Avatar

    Jason Strutz

    Engineer

  • Tony Jones's Avatar

    Tony Jones

    Product Designer

  • Matthew Machuga's Avatar

    Matthew Machuga

    Engineer Manager

  • Francisco López's Avatar

    Francisco López

    Engineer

  • Eric Johnson

    Eric Johnson

    Technical Writer

  • Cami Cano

    Cami Cano

    Product Manager

  • Tafari Johnson

    Tafari Johnson

    Engineer

  • Drew Miller

    Drew Miller

    Engineer

  • Deborah Digges

    Deborah Gertrude Digges

    Engineer

  • Mikey Sleevi

    Mikey Sleevi

    Engineer

added: Hooks

We've added support for creating and managing Auth0 hooks via the management API, the Node.js SDK, and the deploy-CLI tool. Read the API Documentation and the Deploy-CLI README for more details.

  • 199751

    Shawn Mclean

    Engineer

  • a7fea2b17c6391dc8f0cfe3931024d05

    Les Zychowski

    Engineer

  • 13279201

    Maxwell Hammad

    Engineer

  • Alex Stanciu's Avatar

    Alex Stanciu

    Engineer

  • 1832037

    Andres Galante

    Engineering Manager

  • fba98ab591f1e6a435c3ffadadb409e1

    Chip Johnson

    Product Manager

added: Authentication

We've added support for embedding passwordless login in Native and Regular Web Apps. Read more.

  • Germán Lena's Avatar

    Germán Lena

    Engineer

  • Dominick Renzetti's Avatar

    Dominick Renzetti

    Designer

  • José Luis Diaz's Avatar

    José Luis Diaz

    Engineer

  • Sebastian Peyrott's Avatar

    Sebastian Peyrott

    Engineer

  • Fran Laiuppa's Avatar

    Fran Laiuppa

    Engineer

  • Tomás Chernov's Avatar

    Tomás Chernov

    Front End Developer

  • Tiffany Larson's Avatar

    Tiffany Larson

    Engineer

  • Andres Aguiar's Avatar

    Andres Aguiar

    Product Manager

added: Hooks

We’ve added a new extensibility hook: Post-Change Password Hook<sup>BETA</sup> Customers using Database Connections, can implement custom actions that execute after an end-user changes their password or after a tenant admin updates an end-user’s password. For example, you can trigger an email to confirm a password change.

Get started by checking out the documentation on hooks here. Or, if you are already familiar with hooks, browse the docs and code samples for the new post-change password hook.

  • 1427318

    Shawn Meyer

    Director, Engineering

  • Sebastian Iacomuzzi's Avatar

    Sebastian Iacomuzzi

    Engineer

  • Michael Wallen's Avatar

    Michael Wallen

    Sr. Product Manager

added: Universal Login

We've localized the New Universal Login Experience to Hindi.

  • Santiago Aguiar's Avatar

    Santiago Aguiar

    Engineer

  • Germán Lena's Avatar

    Germán Lena

    Engineer

  • Dominick Renzetti's Avatar

    Dominick Renzetti

    Designer

  • José Luis Diaz's Avatar

    José Luis Diaz

    Engineer

  • Sebastian Peyrott's Avatar

    Sebastian Peyrott

    Engineer

  • Fran Laiuppa's Avatar

    Fran Laiuppa

    Engineer

  • Tomás Chernov's Avatar

    Tomás Chernov

    Front End Developer

  • Tiffany Larson's Avatar

    Tiffany Larson

    Engineer

  • Andres Aguiar's Avatar

    Andres Aguiar

    Product Manager

added: Universal Login

We've added a Text Customization API for the New Universal Login Experience.

  • Santiago Aguiar's Avatar

    Santiago Aguiar

    Engineer

  • Germán Lena's Avatar

    Germán Lena

    Engineer

  • Dominick Renzetti's Avatar

    Dominick Renzetti

    Designer

  • José Luis Diaz's Avatar

    José Luis Diaz

    Engineer

  • Sebastian Peyrott's Avatar

    Sebastian Peyrott

    Engineer

  • Fran Laiuppa's Avatar

    Fran Laiuppa

    Engineer

  • Tomás Chernov's Avatar

    Tomás Chernov

    Front End Developer

  • Tiffany Larson's Avatar

    Tiffany Larson

    Engineer

  • Andres Aguiar's Avatar

    Andres Aguiar

    Product Manager

added: Integration

Auth0 integration with Amazon EventBridge was announced, a serverless event bus. This new integration connects Auth0 event logs to a variety of AWS services in near real time, unlocking a variety of new use cases that support event-driven and microservices application architectures. Learn more here.

  • Amber Sharma's Avatar

    Amber Sharma

    Engineer

  • Shaun Starsprung's Avatar

    Shaun Starsprung

    Engineer

  • Jason Strutz's Avatar

    Jason Strutz

    Engineer

  • Tony Jones's Avatar

    Tony Jones

    Product Designer

  • Matthew Machuga's Avatar

    Matthew Machuga

    Engineer Manager

  • Francisco López's Avatar

    Francisco López

    Engineer

  • Katherine Horne's Avatar

    Katherine Horne

    Technical Writer

  • Cami Cano

    Cami Cano

    Product Manager

  • Tafari Johnson

    Tafari Johnson

    Engineer

  • Drew Miller

    Drew Miller

    Engineer

  • Deborah Digges

    Deborah Gertrude Digges

    Engineer

added: Email Providers

We added email provider support for SparkPost EU version. This release enables tenants to use SparkPost’s email service hosted in EU region for localized data protection and transiting, and to be in full compliance with GDPR for emails. Learn more here.

  • Yilling Lu's Avatar

    Yilling Lu

    Engineer

  • Robin Bijlani's Avatar

    Robin Bijlani

    Engineer

  • Patrick Malouin's Avatar

    Patrick Malouin

    Engineer

added: Management APIv2

Requests to Auth0 Management API v2 using access tokens issued for a Single Page Application (SPA) now have a dedicated rate limit of 10 requests per minute per user. To learn more about access tokens for SPAs go here and to learn more about Auth0’s rate limit policy go here.

  • Sebastian Iacomuzzi's Avatar

    Sebastian Iacomuzzi

    Engineer

  • Tony Jones's Avatar

    Tony Jones

    Product Designer

  • 3056730

    Pietro Rosa

    Engineer

changed: Dashboard

In order to make the Dashboard Administrators invite flow more secure and to avoid confusions, we are now enforcing that the email address of the user that logged in or signed up to accept the invite matches the email address that the invitation was sent to.

  • Soledad Pano's Avatar

    Soledad Pano

    Product Manager

  • Tony Jones's Avatar

    Tony Jones

    Product Designer

  • 3056730

    Pietro Rosa

    Engineer

added: Connections: Passwordless

Auth0 has made the following security enhancements to one-time-passcodes (OTP) for passwordless connections:

  • We will only accept the most current unused one-time password (or link) issued; any previous OTPs will expire once a new OTP is issued. - Users have three attempts to input the correct one-time password; any additional attempts will require a new OTP request. - OTPs for new passwordless connections are valid (by default) for three minutes before expiration. This time can be altered in the connection settings in the dashboard. Read more about passwordless connections or learn how to troubleshoot passwordless connections.
  • Sebastian Iacomuzzi's Avatar

    Sebastian Iacomuzzi

    Engineer

  • Michael Wallen's Avatar

    Michael Wallen

    Sr. Product Manager

  • Leo Zanivan's Avatar

    Leo Zanivan

    Engineer

added: Logs

We've added a calendar picker on the Logs page in the dashboard.

  • Amber Sharma's Avatar

    Amber Sharma

    Engineer

  • Shaun Starsprung's Avatar

    Shaun Starsprung

    Engineer

  • Jason Strutz's Avatar

    Jason Strutz

    Engineer

  • Tony Jones's Avatar

    Tony Jones

    Product Designer

added: Connections

Auth0 now enables application developers to easily integrate Sign in with Apple on both Native Apps and Web applications. SIWA for native applications is a new capability that uses an entirely native flow (the user is not required to log in using a browser; the entire exchange takes place natively) that includes an updated iOS SDK for iOS13, a new QuickStart, configuration via the Auth0 Admin, and updated documentation. With this new capability, you can offer users a consistent login experience across all your applications using SIWA as a social identity provider. Support for SIWA is available to all customers effective today. Read more here.

  • Josh Cain's Avatar

    Josh Cain

    Engineer

  • Fady Abdelmalik's Avatar

    Fady Abdelmalik

    Engineer

  • Filip Skokan 's Avatar

    Filip Skokan

    Engineer

  • Drew McLean's Avatar

    Drew McLean

    Engineer

  • Luis Miranda's Avatar

    Luis Miranda

    Engineer

  • Eduardo Díaz Sanabria's Avatar

    Eduardo Díaz Sanabria

    Engineer

  • Cristopher Gonzales's Avatar

    Cristopher Gonzales

    Engineer

  • Santiago Aguiar's Avatar

    Santiago Aguiar

    Engineer

  • Sebastian Peyrott's Avatar

    Sebastian Peyrott

    Engineer

  • José Luis Diaz's Avatar

    José Luis Diaz

    Engineer

  • Tomás Chernov's Avatar

    Tomás Chernov

    Front End Developer

  • Fran Laiuppa's Avatar

    Fran Laiuppa

    Engineer

  • Martin Walsh's Avatar

    Martin Walsh

    iOS Engineer

  • Steve Hobbs's Avatar

    Steve Hobbs

    Engineer

  • Tiffany Larson's Avatar

    Tiffany Larson

    Engineer

  • Hernan Zalazar's Avatar

    Hernan Zalazar

    Engineer

  • Alex Stanciu's Avatar

    Alex Stanciu

    Engineer

  • Germán Lena's Avatar

    Germán Lena

    Engineer

  • Sandrino Di Mattia's Avatar

    Sandrino Di Mattia

    Engineer Lead

  • Tami Goodall's Avatar

    Tami Goodall

    Technical Writer

  • Stacy Taylor's Avatar

    Stacy Taylor

    Product Designer

  • Dominick Renzetti's Avatar

    Dominick Renzetti

    Designer

  • Andres Aguiar's Avatar

    Andres Aguiar

    Product Manager

  • Alberto Perdomo's Avatar

    Alberto Perdomo

    Product Manager

  • Randy Nasson's Avatar

    Randy Nasson

    Product Manager

added: Connections

Our OIDC Enterprise Connection is out of beta. Please check the documentation for more information.

  • Filip Skokan 's Avatar

    Filip Skokan

    Engineer

  • Dominick Renzetti's Avatar

    Dominick Renzetti

    Designer

  • Alex Stanciu's Avatar

    Alex Stanciu

    Engineer

added: MFA

We've added a support for using DUO with Custom Domains

.

  • Santiago Aguiar's Avatar

    Santiago Aguiar

    Engineer

  • Germán Lena's Avatar

    Germán Lena

    Engineer

  • Dominick Renzetti's Avatar

    Dominick Renzetti

    Designer

  • José Luis Diaz's Avatar

    José Luis Diaz

    Engineer

  • Toon De Coninck's Avatar

    Toon De Coninck

    Engineer

  • Sebastian Peyrott's Avatar

    Sebastian Peyrott

    Engineer

  • Fran Laiuppa's Avatar

    Fran Laiuppa

    Engineer

  • Tomás Chernov's Avatar

    Tomás Chernov

    Front End Developer

  • Andres Aguiar's Avatar

    Andres Aguiar

    Product Manager

added: Dashboard

Subscription plans in the dashboard were updated with new pricing.

Quota reports for External Active Users were added in the Support Center

  • Randy Nasson's Avatar

    Randy Nasson

    Product Manager

  • Soledad Pano's Avatar

    Soledad Pano

    Product Manager

  • Rafal Leszczynski's Avatar

    Rafal Leszczynski

    Engineer Lead

  • Artur Klajnerok's Avatar

    Artur Klajnerok

    Engineer

  • Monika Kindernayová's Avatar

    Monika Kindernayová

    Engineer

  • Milan Freml's Avatar

    Milan Freml

    Engineer

  • Ruben Restrepo's Avatar

    Ruben Restrepo

    Engineer

  • Ned Langan's Avatar

    Ned Langan

    Field Operations Manager

added: Connections

We've added a new Social connection for LINE . Please check the documentation for more information.

  • Santiago Aguiar's Avatar

    Santiago Aguiar

    Engineer

  • Germán Lena's Avatar

    Germán Lena

    Engineer

  • Dominick Renzetti's Avatar

    Dominick Renzetti

    Designer

  • José Luis Diaz's Avatar

    José Luis Diaz

    Engineer

  • Toon De Coninck's Avatar

    Toon De Coninck

    Engineer

  • Sebastian Peyrott's Avatar

    Sebastian Peyrott

    Engineer

  • Fran Laiuppa's Avatar

    Fran Laiuppa

    Engineer

  • Tomás Chernov's Avatar

    Tomás Chernov

    Front End Developer

  • Andres Aguiar's Avatar

    Andres Aguiar

    Product Manager

added: Connections

We've improved our beta OIDC Connection, by adding support for the Authorization Code flow. Please check the documentation for more information.

  • Filip Skokan 's Avatar

    Filip Skokan

    Engineer

  • Alex Stanciu's Avatar

    Alex Stanciu

    Engineer

added: User Management

Auth0 enhanced Bulk User Import to support bulk updating select user attributes using the upsert parameter. The upsert parameter can be either set to “true” or “false” during bulk user import and it impacts “pre-existing” users in Auth0. When using bulk user import for the first time you would not bother with upsert since it is only meant to update existing records. However, if you want to run an import again on existing users (by appending more users or upserting fields on existing users), the upsert parameter may be useful. You can use this to do things like update name values from marital status changes or add pictures.

If upsert parameter is set to false (default value) during a bulk user import, pre-existing users that match on email address will not be updated. When set to true, pre-existing users that match on email address will be updated, but only with upsertable attributes. Note: Prior to this release, if you used the upsert parameter and did not specify values for app_metadata, user_metadata or email_verified, those attributes would be replaced with null values. With this update, upsert will not replace those attributes will null values and you can now more efficiently implement bulk user imports for the following select attributes.

  • app_metadata
  • email_verified
  • given_name
  • family_name
  • name
  • nickname
  • picture
  • user_metadata

There is no action required by you and you can start taking better advantage of the Bulk User Import capability today. To get started check out the Bulk User Imports documentation and to see a full list of attributes supported see our User Profile Attributes.

As with many other changes to our product, this improvement came from feedback from our valued community. So, if you have feedback on how we can continue to make our product better, please let us know through this form. We're always listening and it is super easy!

  • Gustavo Jucoski-Fernandez's Avatar

    Gustavo Jucoski-Fernandez

    Engineer

  • Randy Nasson's Avatar

    Randy Nasson

    Product Manager

  • Michael Wallen's Avatar

    Michael Wallen

    Sr. Product Manager

  • Leo Zanivan's Avatar

    Leo Zanivan

    Engineer

added: User Management

Prior to this release when managing users via Database Connection, Bulk User Import, or Management API v2 the username field was restricted to alphanumeric characters, “+”, “.”, “_” and “-”. Auth0 added support for “!”, “#”, “$”, “'”, “^”, “`”, “~”, and “@”. In addition, Auth0 Universal Login supports these characters upon username registration to a Database Connection.

This enhancement simplifies user migration from systems like Microsoft Azure Active Directory or custom databases, where usernames often contain special characters. At Auth0 we are always looking for ways to simplify onboarding and get started faster.

There are no immediate changes you need to make to your existing setup and you can start taking advantage of this right away. To learn more, please visit our Adding Username for Database Connections documentation.

This improvement came by way of feedback from people like you. We’d love to hear from you on how we can further improve the product. It is super easy and we’re always listening. Welcome you to contribute product feedback here.

  • Sebastian Iacomuzzi's Avatar

    Sebastian Iacomuzzi

    Engineer

  • Gustavo Jucoski-Fernandez's Avatar

    Gustavo Jucoski-Fernandez

    Engineer

  • Alberto Perdomo's Avatar

    Alberto Perdomo

    Product Manager

  • Tommy Morgan's Avatar

    Tommy Morgan

    Engineering Manager

  • Luís Deschamps Rudge's Avatar

    Luís Deschamps Rudge

    Front End Engineer

  • Michael Wallen's Avatar

    Michael Wallen

    Sr. Product Manager

  • Martin Walsh's Avatar

    Martin Walsh

    iOS Engineer

  • Leo Zanivan's Avatar

    Leo Zanivan

    Engineer

added: Dashboard

We enhanced security with a new option in advanced tenant settings to prevent exposure of registered user information

Auth0 has released a security enhancement in your advanced tenant settings that will help protect against exposure of registered user information. Bad actors may attempt to guess registered usernames or email addresses by reading error response codes such as user_exists in the public signup API.
Image

You can set this option in your advanced tenant settings in the Auth0 dashboard or via the Management API v2. New tenants will have this option enabled by default. We highly recommend that you take advantage of this option to prevent exposure of personal information.
To learn more, please visit our Tenant Settings in the Auth0 Dashboard documentation.

  • Gustavo Jucoski-Fernandez's Avatar

    Gustavo Jucoski-Fernandez

    Engineer

  • Leo Zanivan's Avatar

    Leo Zanivan

    Engineer

  • Sebastian Iacomuzzi's Avatar

    Sebastian Iacomuzzi

    Engineer

  • Michael Wallen's Avatar

    Michael Wallen

    Sr. Product Manager

  • Stacy Taylor's Avatar

    Stacy Taylor

    Product Designer

  • Tommy Morgan's Avatar

    Tommy Morgan

    Engineering Manager

added: Logs

We've added a dropdown to filter logs by type on the Logs page in the dashboard.

  • Shaun Starsprung's Avatar

    Shaun Starsprung

    Engineer

  • Jason Strutz's Avatar

    Jason Strutz

    Engineer

added: Connections

We've shipped a beta version of an OIDC Connection, that makes it simple to federate to OIDC Identity Providers. Please see the documentation for more information.

  • Filip Skokan 's Avatar

    Filip Skokan

    Engineer

  • Alex Stanciu's Avatar

    Alex Stanciu

    Engineer

added: Protocols

We've enhanced the platform by adding support for the OAuth 2.0 Device Authorization Grant (Device Flow). Device flow enables end-users to authorize input-constrained devices with Internet connectivity (http) to access protected resources such as streaming media, online services, or account information. Examples of input constrained devices include, but are not limited to Smart TVs, Media Players (AppleTV, Roku), some consumer IoT devices, and CLI applications with no access to a browser or graphical shell. For detailed information, please see the documentation and the tutorial. You can also have a hands-on experience using the Device Flow Playground, which enables you to experience the flow using your own tenant without having to write any code.

  • Filip Skokan 's Avatar

    Filip Skokan

    Engineer

  • Luis Miranda's Avatar

    Luis Miranda

    Engineer

  • Fady Abdelmalik's Avatar

    Fady Abdelmalik

    Engineer

  • Eduardo Díaz Sanabria's Avatar

    Eduardo Díaz Sanabria

    Engineer

  • Drew McLean's Avatar

    Drew McLean

    Engineer

  • Josh Cain's Avatar

    Josh Cain

    Engineer

  • Stacy Taylor's Avatar

    Stacy Taylor

    Product Designer

  • Rachel Khoriander's Avatar

    Rachel Khoriander

    Technical Writer

  • Jose Navarro's Avatar

    Jose Navarro

    Engineer

  • Sandrino Di Mattia's Avatar

    Sandrino Di Mattia

    Engineer Lead

  • Randy Nasson's Avatar

    Randy Nasson

    Product Manager

added: Universal Login

The new Universal Login Experience is Generally Available. Try it now to benefit from a reimagined login flow, a with a fresh UX design and lightweight pages.

  • Santiago Aguiar's Avatar

    Santiago Aguiar

    Engineer

  • Germán Lena's Avatar

    Germán Lena

    Engineer

  • Dominick Renzetti's Avatar

    Dominick Renzetti

    Designer

  • José Luis Diaz's Avatar

    José Luis Diaz

    Engineer

  • Toon De Coninck's Avatar

    Toon De Coninck

    Engineer

  • Sebastian Peyrott's Avatar

    Sebastian Peyrott

    Engineer

  • Fran Laiuppa's Avatar

    Fran Laiuppa

    Engineer

  • Tomás Chernov's Avatar

    Tomás Chernov

    Front End Developer

  • Andres Aguiar's Avatar

    Andres Aguiar

    Product Manager

added: Social Connections: Apple

We've added beta support for 'Sign in With Apple'.

  • Alex Stanciu's Avatar

    Alex Stanciu

    Engineer

  • Filip Skokan 's Avatar

    Filip Skokan

    Engineer

  • Dominick Renzetti's Avatar

    Dominick Renzetti

    Designer

  • Hernan Zalazar's Avatar

    Hernan Zalazar

    Engineer

added: MFA

We've added support for using Email as an MFA factor in the New Universal Login Experience.

  • Santiago Aguiar's Avatar

    Santiago Aguiar

    Engineer

  • Germán Lena's Avatar

    Germán Lena

    Engineer

  • Dominick Renzetti's Avatar

    Dominick Renzetti

    Designer

  • José Luis Diaz's Avatar

    José Luis Diaz

    Engineer

  • Toon De Coninck's Avatar

    Toon De Coninck

    Engineer

  • Sebastian Peyrott's Avatar

    Sebastian Peyrott

    Engineer

  • Fran Laiuppa's Avatar

    Fran Laiuppa

    Engineer

  • Tomás Chernov's Avatar

    Tomás Chernov

    Front End Developer

  • Andres Aguiar's Avatar

    Andres Aguiar

    Product Manager

added: Universal Login

We've localized the New Universal Login Experience.

  • Santiago Aguiar's Avatar

    Santiago Aguiar

    Engineer

  • Germán Lena's Avatar

    Germán Lena

    Engineer

  • Dominick Renzetti's Avatar

    Dominick Renzetti

    Designer

  • José Luis Diaz's Avatar

    José Luis Diaz

    Engineer

  • Toon De Coninck's Avatar

    Toon De Coninck

    Engineer

  • Sebastian Peyrott's Avatar

    Sebastian Peyrott

    Engineer

  • Fran Laiuppa's Avatar

    Fran Laiuppa

    Engineer

  • Tomás Chernov's Avatar

    Tomás Chernov

    Front End Developer

  • Andres Aguiar's Avatar

    Andres Aguiar

    Product Manager

added: Authentication

We've added a way to enable clickjacking protection in Classic Universal Login.

  • Santiago Aguiar's Avatar

    Santiago Aguiar

    Engineer

  • Germán Lena's Avatar

    Germán Lena

    Engineer

  • Dominick Renzetti's Avatar

    Dominick Renzetti

    Designer

  • José Luis Diaz's Avatar

    José Luis Diaz

    Engineer

  • Toon De Coninck's Avatar

    Toon De Coninck

    Engineer

  • Sebastian Peyrott's Avatar

    Sebastian Peyrott

    Engineer

  • Fran Laiuppa's Avatar

    Fran Laiuppa

    Engineer

  • Tomás Chernov's Avatar

    Tomás Chernov

    Front End Developer

  • Andres Aguiar's Avatar

    Andres Aguiar

    Product Manager

added: Authentication

We've added a way to enable clickjacking protection in Classic Universal Login.

  • Santiago Aguiar's Avatar

    Santiago Aguiar

    Engineer

  • Germán Lena's Avatar

    Germán Lena

    Engineer

  • Dominick Renzetti's Avatar

    Dominick Renzetti

    Designer

  • José Luis Diaz's Avatar

    José Luis Diaz

    Engineer

  • Toon De Coninck's Avatar

    Toon De Coninck

    Engineer

  • Sebastian Peyrott's Avatar

    Sebastian Peyrott

    Engineer

  • Fran Laiuppa's Avatar

    Fran Laiuppa

    Engineer

  • Tomás Chernov's Avatar

    Tomás Chernov

    Front End Developer

  • Andres Aguiar's Avatar

    Andres Aguiar

    Product Manager

added: User Management

Select user profile attributes may now be updated, thereby eliminating reliance on user_metadata for those fields. In addition, we've made importing users easier by allowing hashed passwords, user ID, and blocked status to be imported. For additional information, you can read more in the User Documentation for Updatable Profile Attributes and Bulk Import.

  • Leo Zanivan's Avatar

    Leo Zanivan

    Engineer

  • Sebastian Iacomuzzi's Avatar

    Sebastian Iacomuzzi

    Engineer

  • Gustavo Jucoski-Fernandez's Avatar

    Gustavo Jucoski-Fernandez

    Engineer

  • Stacy Taylor's Avatar

    Stacy Taylor

    Product Designer

  • Rachel Khoriander's Avatar

    Rachel Khoriander

    Technical Writer

  • Randy Nasson's Avatar

    Randy Nasson

    Product Manager

added: MFA

We've added a new API endpoint to let you force MFA the next time a specific user logs in.

  • Santiago Aguiar's Avatar

    Santiago Aguiar

    Engineer

  • Germán Lena's Avatar

    Germán Lena

    Engineer

  • Dominick Renzetti's Avatar

    Dominick Renzetti

    Designer

  • José Luis Diaz's Avatar

    José Luis Diaz

    Engineer

  • Toon De Coninck's Avatar

    Toon De Coninck

    Engineer

  • Sebastian Peyrott's Avatar

    Sebastian Peyrott

    Engineer

  • Fran Laiuppa's Avatar

    Fran Laiuppa

    Engineer

  • Tomás Chernov's Avatar

    Tomás Chernov

    Front End Developer

  • Andres Aguiar's Avatar

    Andres Aguiar

    Product Manager

updated: Management Dashboard

We've added support to configure the default tenant login URI and the Application Login URI in the dashboard.Learn more.

  • Santiago Aguiar's Avatar

    Santiago Aguiar

    Engineer

  • Germán Lena's Avatar

    Germán Lena

    Engineer

  • Dominick Renzetti's Avatar

    Dominick Renzetti

    Designer

  • José Luis Diaz's Avatar

    José Luis Diaz

    Engineer

  • Toon De Coninck's Avatar

    Toon De Coninck

    Engineer

  • Sebastian Peyrott's Avatar

    Sebastian Peyrott

    Engineer

  • Tomás Chernov's Avatar

    Tomás Chernov

    Front End Developer

  • Andres Aguiar's Avatar

    Andres Aguiar

    Product Manager

updated: Extensions

We've added support for custom domain names to the Delegated Admininistration extension and the SSO Dashboard extension.

You can take advantage of custom domain support by upgrading your extensions via the Auth0 Dashboard. For more information on how to utilize custom domain names, please see the extension documentation:

  • Matt Bacalakis's Avatar

    Matt Bacalakis

    Solutions Architect

  • Drew Fyock's Avatar

    Drew Fyock

    Engineer Lead

  • Oleksandr Zarubin's Avatar

    Oleksandr Zarubin

    Engineer

updated: Extensions

We've added encrypted secrets support to the Bitbucket Deployments extension, Github Deployments Extension, the Gitlab Deployments extension, and the Visual Studio Team Services Deployments extension.

You can take advantage of encrypted secrets support by upgrading your extensions via the Auth0 Dashboard. For more information on how to utilize encrypted secrets, please see the extension documentation:

  • Drew Fyock's Avatar

    Drew Fyock

    Engineer Lead

  • Marius Mogyorosi's Avatar

    Marius Mogyorosi

    Application Security Engineer

  • Eva Sarafianou's Avatar

    Eva Sarafianou

    Application Security Engineer

  • Rueben Tiow's Avatar

    Rueben Tiow

    Technical Support Engineer

  • Oleksandr Zarubin's Avatar

    Oleksandr Zarubin

    Engineer

updated: Rules

We've added ES9 linting support to the Rules editor.

The Rules web editor now supports linting in ECMAScript 9 syntax when used with Node.js 8.

  • Steve Adams's Avatar

    Steve Adams

    APAC Solution Engineering Lead

  • Drew Fyock's Avatar

    Drew Fyock

    Engineer Lead

  • Oleksandr Zarubin's Avatar

    Oleksandr Zarubin

    Engineer

added: Support Center

We've added more granularity to the M2M reports.

Now a daily view of calls per application, for the last 7 days in Machine to Machine quota reports is available.

This is reflected in the Support Center's quota reports.

  • Ruben Restrepo's Avatar

    Ruben Restrepo

    Engineer

  • Artur Klajnerok's Avatar

    Artur Klajnerok

    Engineer

  • Rafal Leszczynski's Avatar

    Rafal Leszczynski

    Engineer Lead

  • Soledad Pano's Avatar

    Soledad Pano

    Product Manager

updated: Social Connections: Microsoft

We've added support to use Azure AD + MS Graph for Microsoft Social connections. Learn more.

  • Santiago Aguiar's Avatar

    Santiago Aguiar

    Engineer

  • Germán Lena's Avatar

    Germán Lena

    Engineer

  • Dominick Renzetti's Avatar

    Dominick Renzetti

    Designer

  • Alejo Fernandez's Avatar

    Alejo Fernandez

    Engineer Lead

  • José Luis Diaz's Avatar

    José Luis Diaz

    Engineer

  • Toon De Coninck's Avatar

    Toon De Coninck

    Engineer

  • Filip Skokan 's Avatar

    Filip Skokan

    Engineer

  • Sebastian Peyrott's Avatar

    Sebastian Peyrott

    Engineer

  • Tomás Chernov's Avatar

    Tomás Chernov

    Front End Developer

  • Andres Aguiar's Avatar

    Andres Aguiar

    Product Manager

added: Authorization

We've have added roles and permissions to the core capabilities of Auth0. In authorization, a user or application is granted access to an API after the API determines the extent of the permissions that it should assign. Usually, authorization occurs after identity is successfully validated through authentication so that the API has some idea of what sort of access it should grant.

More information is available in the updated documentation.

  • Umut Benzer's Avatar

    Umut Benzer

    Engineer

  • Marcos Castany's Avatar

    Marcos Castany

    Engineering Lead

  • Ankur Chauhan's Avatar

    Ankur Chauhan

    Product Designer

  • Riccardo Cocetta's Avatar

    Riccardo Cocetta

    Engineering Manager

  • Tim Ferrell's Avatar

    Tim Ferrell

    Engineer

  • Aaron Godin's Avatar

    Aaron Godin

    Engineer

  • Justin Hinerman's Avatar

    Justin Hinerman

    Engineer

  • Steve Reeling's Avatar

    Steve Reeling

    Product Manager

updated: Rules

We've enhanced Auth0 rules so that they can now leverage the MFA context stored in the user session to trigger or suppress MFA prompts in conjunction with silent authentication.

Many organizations want to use silent authentication in conjunction with MFA whereby the end-user is prompted for MFA during the initial authentication, but not prompted for MFA when renewing tokens during the session lifetime. With MFA context now available in rules, you can check to see if MFA was previously completed (and when), thereby enabling a superior and secure MFA + silent authentication experience for end-users.

More information is available in the updated documentation, the sample rule available in the Auth0 dashboard, and in the Auth0 Support Center

  • Fady Abdelmalik's Avatar

    Fady Abdelmalik

    Engineer

  • Drew McLean's Avatar

    Drew McLean

    Engineer

  • Sandrino Di Mattia's Avatar

    Sandrino Di Mattia

    Engineer Lead

  • Randy Nasson's Avatar

    Randy Nasson

    Product Manager

updated: Session Limits

We've extended Auth0 session limits for Enterprise subscribers.

Enterprise subscribers are now able to set longer session limits with up to 100 days for Inactivity Timeout (idle_session_lifetime) and 365 days for Forced Logout (session_lifetime).

More information is available in the updated documentation and in the Support Center</>

  • Randy Nasson's Avatar

    Randy Nasson

    Product Manager

  • Sandrino Di Mattia's Avatar

    Sandrino Di Mattia

    Engineer Lead

  • Filip Skokan 's Avatar

    Filip Skokan

    Engineer

  • Luis Miranda's Avatar

    Luis Miranda

    Engineer

  • Eduardo Díaz Sanabria's Avatar

    Eduardo Díaz Sanabria

    Engineer

  • Fady Abdelmalik's Avatar

    Fady Abdelmalik

    Engineer

  • Drew McLean's Avatar

    Drew McLean

    Engineer

fixed: Dashboard

Fixed error handling in Dashboard’s Logs Search. Also fixed search hint and added link to Query Syntax doc.

  • Matthew Machuga's Avatar

    Matthew Machuga

    Engineer Manager

updated: Social Connections: LinkedIn

We've added support to use LinkedIn API v2 to authenticate. Learn more.

  • Santiago Aguiar's Avatar

    Santiago Aguiar

    Engineer

  • Germán Lena's Avatar

    Germán Lena

    Engineer

  • Dominick Renzetti's Avatar

    Dominick Renzetti

    Designer

  • Alejo Fernandez's Avatar

    Alejo Fernandez

    Engineer Lead

  • José Luis Diaz's Avatar

    José Luis Diaz

    Engineer

  • Toon De Coninck's Avatar

    Toon De Coninck

    Engineer

  • Filip Skokan 's Avatar

    Filip Skokan

    Engineer

  • Sebastian Peyrott's Avatar

    Sebastian Peyrott

    Engineer

  • Tomás Chernov's Avatar

    Tomás Chernov

    Front End Developer

  • Andres Aguiar's Avatar

    Andres Aguiar

    Product Manager

updated: Support Center

Fixed quota utilization report for Private SaaS Employees in Support Center.

Previously employees were included on the Enterprise or Regular active users reports, with this fix the Private SaaS employees usage will be accessible on the Employees report as expected.

This is reflected in the Support Center's quota reports and will provide usage for appliances that are upgraded to version 1901

  • Artur Klajnerok's Avatar

    Artur Klajnerok

    Engineer

  • Rafal Leszczynski's Avatar

    Rafal Leszczynski

    Engineer Lead

  • Soledad Pano's Avatar

    Soledad Pano

    Product Manager

updated: Management API

We added a way to specify the default login URL for applications and tenants. Auth0 will use when it needs to redirect to them. More details in the docs.

  • Santiago Aguiar's Avatar

    Santiago Aguiar

    Engineer

  • Luís Deschamps Rudge's Avatar

    Luís Deschamps Rudge

    Front End Engineer

  • Germán Lena's Avatar

    Germán Lena

    Engineer

  • Dominick Renzetti's Avatar

    Dominick Renzetti

    Designer

  • Alejo Fernandez's Avatar

    Alejo Fernandez

    Engineer Lead

  • José Luis Diaz's Avatar

    José Luis Diaz

    Engineer

  • Toon De Coninck's Avatar

    Toon De Coninck

    Engineer

  • Filip Skokan 's Avatar

    Filip Skokan

    Engineer

  • Sebastian Peyrott's Avatar

    Sebastian Peyrott

    Engineer

  • Tomás Chernov's Avatar

    Tomás Chernov

    Front End Developer

  • Andres Aguiar's Avatar

    Andres Aguiar

    Product Manager

updated: Dashboard

We've updated the Multi-factor Authentication section in the Dashboard. For more details check our post in Auth0 Community, and our public Docs.

  • Santiago Aguiar's Avatar

    Santiago Aguiar

    Engineer

  • Luís Deschamps Rudge's Avatar

    Luís Deschamps Rudge

    Front End Engineer

  • Germán Lena's Avatar

    Germán Lena

    Engineer

  • Dominick Renzetti's Avatar

    Dominick Renzetti

    Designer

  • Alejo Fernandez's Avatar

    Alejo Fernandez

    Engineer Lead

  • José Luis Diaz's Avatar

    José Luis Diaz

    Engineer

  • Toon De Coninck's Avatar

    Toon De Coninck

    Engineer

  • Cristian Douce's Avatar

    Cristian Douce

    Engineer

  • Filip Skokan 's Avatar

    Filip Skokan

    Engineer

  • Tomás Chernov's Avatar

    Tomás Chernov

    Front End Developer

  • Andres Aguiar's Avatar

    Andres Aguiar

    Product Manager

updated: Extensions

Version 2 of the Deploy CLI has been released! For complete details please see the Deploy CLI README. You can upgrade to this version by installing via npm: npm i -g auth0-deploy-cli@2.

The Deploy CLI tool and Deployment Extensions were updated to provided the following functionality.

  • Added YAML support- Added support for export (deprecation of separate auth0 dump tool)- Delete support - The tool will, if configured via AUTH0_ALLOW_DELETE, delete objects if they do not exist within the deploy configuration.- Support for additional Auth0 objects
    • Connections including Social, Enterprise and Passwordless configurations. - Improved support for database connections and associated configuration. - Email Templates - Email Provider - Client Grants - Rule Configs - Better support for pages - Tenant level settings
  • Added support to be called programmatically- Improved logging- To simplify the tool the slack hook was removed. You can invoke the tool programmatically to support calling your own hooks- Support referencing clients by their name vs client_id (automatic mapping during export/import)- Simplified to support future Auth0 object types
  • Steve Adams's Avatar

    Steve Adams

    APAC Solution Engineering Lead

  • Oleksandr Zarubin's Avatar

    Oleksandr Zarubin

    Engineer

  • Drew Fyock's Avatar

    Drew Fyock

    Engineer Lead

updated: Support Center

We’ve updated our ticketing backend system in order to provide a better support experience to our customers. Although this is an internal migration, you may notice some minor changes in Support Center:

  • We've changed the numbering scheme of the support tickets and they are now 8 digits long.- We assigned new IDs to the existing tickets, which may affect any email notification related to your open tickets. You will still be able to find your existing tickets by their original ID in the Support Center's Tickets List page.- Any link to an existing ticket in Support Center will continue to work and will redirect you to the new URL.- We’ve renamed the open ticket status to in progress.- We’ve renamed the solved ticket status to resolved.- We’ve renamed the hold ticket status to customer hold.- We’ve added a new with sustainment status to provide visibility whenever the Auth0 Sustainment Engineering team is working on your case.- The attachments that you may add to tickets and comments will be effectively uploaded after you submit the ticket or comment. Any error that may occur during the upload will require you to retry the upload by submitting a new comment.- When selecting a file to upload we now validate its size is less than 15Mb, it doesn’t contain invalid characters in its name and it has at least one of the following extensions: bmp, csv, doc, docx, gz, gif, har, jpg, jpeg, json, mp4, mov, pages, pdf, png, ppt, pptx, rar, tar, tiff, tif, txt, xls, xlsx, xml, zip, htm, html.- We now show Auth0 Developer Support as signature of any comment coming from the Auth0 Support Team, instead of showing the agent's name.

If you have any feedback, it will be welcomed in our Feedback page.

  • Abigail Sanchez's Avatar

    Abigail Sanchez

    Program Manager, Field Operations

  • Artur Klajnerok's Avatar

    Artur Klajnerok

    Engineer

  • Guillermo Rodas's Avatar

    Guillermo Rodas

    Engineer

  • Jake Pyne's Avatar

    Jake Pyne

    Engineer

  • Ned Langan's Avatar

    Ned Langan

    Field Operations Manager

  • Rafal Leszczynski's Avatar

    Rafal Leszczynski

    Engineer Lead

  • Rodrigo Antonioli's Avatar

    Rodrigo Antonioli

    Data Engineer

  • Soledad Pano's Avatar

    Soledad Pano

    Product Manager

updated: Password Policy

We've made password policies more flexible by enabling the minimum length (number of required characters) to be set independently from other complexity options.

Password policies can now require a greater number of characters (from 1-128) without requiring special or mixed-case characters. A common use-case is implementing pass phrases that have no special character requirements, where end-users can provide a series of words that are easy for them to remember, but difficult for hackers to guess. The National Institute of Standards and Technology (NIST) recommends that password length is a greater indicator of over-all strength than requiring numbers and special characters. Using the new minimum password length option, password policies can be configured to leverage extremely strong, high-entropy pass phrases that are easier for end-users to remember.

More information is available in the updated documentation and in the Support Center</>

  • Randy Nasson's Avatar

    Randy Nasson

    Product Manager

  • Shaun Starsprung's Avatar

    Shaun Starsprung

    Engineer

  • Robin Bijlani's Avatar

    Robin Bijlani

    Engineer

  • Luciano Balmaceda's Avatar

    Luciano Balmaceda

    Mobile Engineer

  • Luís Deschamps Rudge's Avatar

    Luís Deschamps Rudge

    Front End Engineer

  • Martin Walsh's Avatar

    Martin Walsh

    iOS Engineer

  • Victor Fernandez's Avatar

    Victor Fernandez

    Lead Designer

updated: Rules

Additional connection information available in rule's context.

Previously only connection name and strategy were available in the rule’s context object. Now it is also possible to access connectionID, connectionMetadata and two of the connectionOptions, tenant_domain and domain_aliases, without calling Management API to get the connection details. More details on the context schema can be found in the Rules docs.

We've also updated the Check user email domain matches domains configured in connection rule template to make use of these enhancements.</>

  • Soledad Pano's Avatar

    Soledad Pano

    Product Manager

  • Fady Abdelmalik's Avatar

    Fady Abdelmalik

    Engineer

  • Drew Fyock's Avatar

    Drew Fyock

    Engineer Lead

  • Eduardo Díaz Sanabria's Avatar

    Eduardo Díaz Sanabria

    Engineer

  • Marcos Castany's Avatar

    Marcos Castany

    Engineering Lead

updated: SSO

Simplified SSO and provided additional configuration

Added Seamless Single Sign-On support by eliminating the unnecessary confirmation dialog for people with an active session. In addition, we've added control over the Inactivity timeout length and consolidated all of the SSO session controls on the advanced tenant settings page. More details in the SSO docs.

  • Germán Lena's Avatar

    Germán Lena

    Engineer

  • Sandrino Di Mattia's Avatar

    Sandrino Di Mattia

    Engineer Lead

  • Marcos Castany's Avatar

    Marcos Castany

    Engineering Lead

  • Eduardo Díaz Sanabria's Avatar

    Eduardo Díaz Sanabria

    Engineer

  • Toon De Coninck's Avatar

    Toon De Coninck

    Engineer

updated: Support Center

Changed the ticket categorization on the ticket creation form.

For the purpose of improving the way we capture the information on the ticket we have made some changes to the ticket creation form. You can view the new changes in the open ticket page.

  • Guillermo Rodas's Avatar

    Guillermo Rodas

    Engineer

  • Jake Pyne's Avatar

    Jake Pyne

    Engineer

updated: Support Center

Changed how we count active users.

Previously we counted each Active User that logged into each client/application in a tenant. If your tenant had App A and App B, and one user logged into both apps, that would count as two Active Users.

Moving forward we will count per Active User within a tenant and no longer count per client/application. If your tenant has App A and App B and one user logs into both apps, they will be counted as one Active User.

This is reflected in the Support Center's quota and usage reports, in the Auth0 Pricing Page and the Management Dashboard Subscriptions Section.

More info can be found on our docs.

  • Artur Klajnerok's Avatar

    Artur Klajnerok

    Engineer

  • Katherine Horne's Avatar

    Katherine Horne

    Technical Writer

  • Jake Pyne's Avatar

    Jake Pyne

    Engineer

  • Liam Connell's Avatar

    Liam Connell

    Data Engineer

  • Pablo Barrenechea's Avatar

    Pablo Barrenechea

    Engineer

updated: Extensions

Version 3 of the Delegated Administration Extension was released. For complete details please see the Delegated Admin docs. You can upgrade to this version by visiting the Extensions section in the Manage Dashboard. No configuration changes are anticipated to be required for the upgrade.

  • Carlos Mostek's Avatar

    Carlos Mostek

    CS Solutions Architect

  • Oleksandr Zarubin's Avatar

    Oleksandr Zarubin

    Engineer

updated: Management Dashboard

Improved Dashboard UX for Machine to Machine Applications. More details in the Machine to Machine docs.

  • Claudia Hernandez's Avatar

    Claudia Hernandez

    Engineer

  • Cristian Douce's Avatar

    Cristian Douce

    Engineer

  • Tim Ferrell's Avatar

    Tim Ferrell

    Engineer

  • Chris Whiten's Avatar

    Chris Whiten

    Engineer

  • Patrick Malouin's Avatar

    Patrick Malouin

    Engineer

  • Julieta Curdi's Avatar

    Julieta Curdi

    Designer

  • Hernan Zalazar's Avatar

    Hernan Zalazar

    Engineer

updated: Quickstarts

Improved Quickstarts Download Page.

  • Ariel Gerstein's Avatar

    Ariel Gerstein

    Engineer

  • Julieta Curdi's Avatar

    Julieta Curdi

    Designer

added: MFA

Implemented a new MFA API. Embed Multi-Factor Authentication using push notifications, SMS, or TOTP anywhere, taking full control of the experience. More details in the blog: https://auth0.com/blog/introducing-the-mfa-api.

  • Damian Fortuna's Avatar

    Damian Fortuna

    Engineer

  • Santiago Aguiar's Avatar

    Santiago Aguiar

    Engineer

  • José Luis Diaz's Avatar

    José Luis Diaz

    Engineer

  • Mike Kusold's Avatar

    Mike Kusold

    Engineer

added: Management Dashboard

Implemented support for Passwordless connections, AP/LDAP connections and WS-Fed clients in Custom Domains. Here is the list of features supported by Custom Domains>

  • Germán Lena's Avatar

    Germán Lena

    Engineer

  • Damian Fortuna's Avatar

    Damian Fortuna

    Engineer

  • Sandrino Di Mattia's Avatar

    Sandrino Di Mattia

    Engineer Lead

  • Marcos Castany's Avatar

    Marcos Castany

    Engineering Lead

  • Eduardo Díaz Sanabria's Avatar

    Eduardo Díaz Sanabria

    Engineer

  • Santiago Aguiar's Avatar

    Santiago Aguiar

    Engineer

  • Toon De Coninck's Avatar

    Toon De Coninck

    Engineer

added: Management Dashboard

Renamed the term Clients to Applications. This change is reflected throughout the Dashboard and documentation only and does not require any changes on your part.

  • Kim Maida's Avatar

    Kim Maida

    Technical Content Lead

  • Katherine Horne's Avatar

    Katherine Horne

    Technical Writer

  • Drew Fyock's Avatar

    Drew Fyock

    Engineer Lead

  • Alejo Fernandez's Avatar

    Alejo Fernandez

    Engineer Lead

  • Ruben Restrepo's Avatar

    Ruben Restrepo

    Engineer

  • Soledad Pano's Avatar

    Soledad Pano

    Product Manager

  • Claudia Hernandez's Avatar

    Claudia Hernandez

    Engineer

  • Hernan Zalazar's Avatar

    Hernan Zalazar

    Engineer

added: SDKs

A new Auth0 Spring Security API SDK is now available to help you secure your API using JSON Web Tokens. See the changelog entry for more information.

  • Luciano Balmaceda's Avatar

    Luciano Balmaceda

    Mobile Engineer

fixed: SDKs

wp-auth0 - Updated to support Lock 11 and RS256 JWT. See the changelog entry for more information.

  • Martin Walsh's Avatar

    Martin Walsh

    iOS Engineer

added: SDKs - Auth0.swift

Improved Credentials Manager, deprecated touch method and replaced with bio authentication method for clarity. See the changelog entry for more information.

  • Martin Walsh's Avatar

    Martin Walsh

    iOS Engineer

added: SDKs - auth0.js

Auth0.js v9 uses our latest embedded login API. This version removes API calls to usernamepassword/login and user/ssodata and is not supported in centralized login scenarios (i.e. Hosted Login Pages). Some methods now use a mix of Cross Origin Authentication and WebAuth.checkSession (with Web Origins response mode). Read more about Cross Origin Authentication and how to enable Web Origins here. See the changelog entry for more information.

  • Luís Deschamps Rudge's Avatar

    Luís Deschamps Rudge

    Front End Engineer

added: SDKs - Lock Web

Updated to use auth0.js v9.0.0 and the new API endpoints. Changed the default scope to be openid profile email. Removed oidcConformant flag (Lock won't use legacy endpoints anymore). getProfile now uses an access_token instead of an id_token. Lock v11 is not supported in centralized login scenarios (i.e. Hosted Login Pages). See the changelog entry for more information.

  • Luís Deschamps Rudge's Avatar

    Luís Deschamps Rudge

    Front End Engineer

added: SDKs

The Auth0-Java SDK adds support for the new users-by-email endpoint. It also allows to set a custom user id when creating a new user using the Management API, and includes a change in the Authentication API Sign Up methods' returned value that someone might find breaking. This change was required in order to return the just created user's information. See the changelog entry for more information.

  • Luciano Balmaceda's Avatar

    Luciano Balmaceda

    Mobile Engineer

added: SDKs

The Auth0.Android SDK adds support for TLS 1.2. See the changelog entry for more information.

  • Luciano Balmaceda's Avatar

    Luciano Balmaceda

    Mobile Engineer

added: SDKs - Lock Web

Updated to use auth0.js v8.11. Updated to use auth0.js token validation functions. See the changelog entry for more information.

  • Luís Deschamps Rudge's Avatar

    Luís Deschamps Rudge

    Front End Engineer

added: SDKs

Version 0.3.0 of jwks-rsa-java has been released, where JWKs parameters 'key_ops' and 'alg' are now parsed according to the specification.

  • Luciano Balmaceda's Avatar

    Luciano Balmaceda

    Mobile Engineer

added: SDKs - auth0.js

Security Improvements:

  • Fixed an issue where state would not be automatically checked in some scenarios- Forced id_token validation for RS256-signed id_tokens- Use /userinfo to get id_token payload for HS256-signed id_tokens See the changelog entry for more information.
  • Luís Deschamps Rudge's Avatar

    Luís Deschamps Rudge

    Front End Engineer

added: SDKs

The Java-JWT SDK fixes an issue affecting the length and format of the signatures produced by the Elliptic Curve Digital Signature Algorithm. See the changelog entry for more information.

  • Luciano Balmaceda's Avatar

    Luciano Balmaceda

    Mobile Engineer

added: SDKs

Lock for Android fixes navigation issues on non-touchscreen devices and adds support for right-to-left languages. See the changelog entry for more information.

  • Luciano Balmaceda's Avatar

    Luciano Balmaceda

    Mobile Engineer

added: SDKs

Auth0.swift - Added SFAuthenticationSession support for iOS 11. See the changelog entry for more information.

  • Martin Walsh's Avatar

    Martin Walsh

    iOS Engineer

added: SDKs

The Auth0.Android SDK adds a new and more secure Credential Manager implementation that uses encryption, available for devices running Android Lollipop and above. This release also allows users to customize the Custom Tabs UI by changing the toolbar color and page title visibility from the WebAuthProvider builder. See the changelog entry for more information.

  • Luciano Balmaceda's Avatar

    Luciano Balmaceda

    Mobile Engineer

added: SDKs

The Auth0.Android SDK fixes a few bugs in the authentication flow and activity state when using Chrome Custom Tabs. See the changelog entry for more information.

  • Luciano Balmaceda's Avatar

    Luciano Balmaceda

    Mobile Engineer

fixed: SDKs

wp-auth0 - Fixed implicit mode in auto login and improved handling of auto login configuration. Added translation support for more user facing exception messages. See the changelog entry for more information.

  • Martin Walsh's Avatar

    Martin Walsh

    iOS Engineer

added: SDKs

JWTDecode.swift - Added Xcode 9 compatibility. See the changelog entry for more information.

  • Martin Walsh's Avatar

    Martin Walsh

    iOS Engineer

added: SDKs - Lock Web

Adding support for OIDC Conformant clients using Cross Origin Authentication. See the changelog entry for more information.

  • Luís Deschamps Rudge's Avatar

    Luís Deschamps Rudge

    Front End Engineer

fixed: SDKs - Lock Web

Small UI fixes and improvements with the connectionResolver feature. See the changelog entry for more information.

  • Luís Deschamps Rudge's Avatar

    Luís Deschamps Rudge

    Front End Engineer

added: SDKs

Lock.swift - Added Xcode 9 compatibility, various fixes to the database SignUp process. See the changelog entry for more information.

  • Martin Walsh's Avatar

    Martin Walsh

    iOS Engineer

fixed: SDKs - auth0.js

Fixed tenant override in popup mode. Also fixed the timeout override when using the renewAuth method. See the changelog entry for more information.

  • Luís Deschamps Rudge's Avatar

    Luís Deschamps Rudge

    Front End Engineer

added: Management API

Added the ability to set the user_id during user creation using the User Management API. For more information, check our documentation.

  • Sandrino Di Mattia's Avatar

    Sandrino Di Mattia

    Engineer Lead

added: SDKs

Auth0.swift - Added Xcode 9 support. See the changelog entry for more information.

  • Martin Walsh's Avatar

    Martin Walsh

    iOS Engineer

added: SDKs

The Auth0-Java SDK adds support for the Management API Grants entity. See the changelog entry for more information.

  • Luciano Balmaceda's Avatar

    Luciano Balmaceda

    Mobile Engineer

updated: Management Dashboard

New clients created in the dashboard will default to OIDC Conformant. The full list of changes this implies can be found here.

  • Martin Cabral's Avatar

    Martin Cabral

    Product Manager

fixed: SDKs - Lock Web

Fixed allowed Regular Expression for usernames. Also fixed custom themes for custom connections along with some UI improvements. See the changelog entry for more information.

  • Luís Deschamps Rudge's Avatar

    Luís Deschamps Rudge

    Front End Engineer

added: SDKs - auth0.js

Added Cross Origin Authentication support to Passwordless connections. See the changelog entry for more information.

  • Luís Deschamps Rudge's Avatar

    Luís Deschamps Rudge

    Front End Engineer

fixed: SDKs - auth0.js

Fixed snake casing app_metadata and user_metadata on sign up. See the changelog entry for more information.

  • Luís Deschamps Rudge's Avatar

    Luís Deschamps Rudge

    Front End Engineer

added: Authentication API

Added the ability to set the primary user in rules using context.primaryUser. Check our documentation for more information.

  • Samuel Judson's Avatar

    Samuel Judson

    Application Security Engineer

updated: Management API

The DELETE client grants endpoint now allows to delete all grants for a given user by specifing the query string parameter user_id.

  • Hugo Arregui's Avatar

    Hugo Arregui

    Engineer

updated: Management Dashboard

Now the 'Use Auth0 for SSO' flag under Client Settings is disabled for OIDC Conformant clients.

  • Tomás Chernov's Avatar

    Tomás Chernov

    Front End Developer

added: SDKs

The Auth0.Android SDK now makes use of 'Android Manifest Placeholders' to define the Domain and Scheme values required to automatically capture a Web Authentication result. See the changelog entry for more information.

  • Luciano Balmaceda's Avatar

    Luciano Balmaceda

    Mobile Engineer

added: Lock

Lock for Android now makes use of 'Android Manifest Placeholders' to define the Domain and Scheme values required to automatically capture a Web Authentication result, like logging in using the Facebook connection. See the changelog entry for more information.

  • Luciano Balmaceda's Avatar

    Luciano Balmaceda

    Mobile Engineer

fixed: SDKs - Lock Web

Fixed an issue with the HRD input when using the back button. See the changelog entry for more information.

  • Luís Deschamps Rudge's Avatar

    Luís Deschamps Rudge

    Front End Engineer

added: SDKs - Lock Web

Added a new option called connectionResolver, which is used to resolve the desired connection on the fly instead of setting it beforehand. See the changelog entry for more information.

  • Luís Deschamps Rudge's Avatar

    Luís Deschamps Rudge

    Front End Engineer

added: Lock

Lock for Android now features a 'show password' toggle button on the Password fields. See the changelog entry for more information.

  • Luciano Balmaceda's Avatar

    Luciano Balmaceda

    Mobile Engineer

added: SDKs

The Auth0.Android SDK will try to use Chrome Custom Tabs when possible. A helper class is included to easily manage Credentials. See the changelog entry for more information.

  • Luciano Balmaceda's Avatar

    Luciano Balmaceda

    Mobile Engineer

fixed: MFA

Fixed an issue where the ACR value was not being properly set when in a SAML context.

  • Fredrik Liljegren's Avatar

    Fredrik Liljegren

    Engineer

fixed: MFA

MFA no longer incorrectly preventing brute-force anomaly detection count resets.

  • Damian Fortuna's Avatar

    Damian Fortuna

    Engineer

added: SDKs

Auth0.swift - Added OIDC conformant UserInfo class and API method, added Touch ID validation for renewing credentials and added iOS 11 (Beta) support. See the changelog entry for more information.

  • Martin Walsh's Avatar

    Martin Walsh

    iOS Engineer

fixed: SDKs - Lock Web

Fixed an issue with Internet Explorer 11's autocomplete. Also fixed connection_scope not being passed to the authorize page. See the changelog entry for more information.

  • Luís Deschamps Rudge's Avatar

    Luís Deschamps Rudge

    Front End Engineer

added: SDKs - Lock Web

Added more analytics events and also added a new option that enables a button that shows or obfuscates the password. See the changelog entry for more information.

  • Luís Deschamps Rudge's Avatar

    Luís Deschamps Rudge

    Front End Engineer

fixed: MFA

Fixed an issue where the user was being asked to perform MFA despite having clicked the 'Remember Me' checkbox.

  • Fredrik Liljegren's Avatar

    Fredrik Liljegren

    Engineer

fixed: SDKs - auth0.js

Fixed an issue with Passwordless connection inside the Hosted Login Page. See the changelog entry for more information.

  • Luís Deschamps Rudge's Avatar

    Luís Deschamps Rudge

    Front End Engineer

updated: Management API

The GET client grants endpoint now allows filtering by client id using the query string parameter client_id.

  • Hugo Arregui's Avatar

    Hugo Arregui

    Engineer

fixed: SDKs - Lock Web

Added support for html formatting when using the flashMessage option. Also added a new option allowAutoComplete that enables the autocomplete html5 attribute in the username input. See the changelog entry for more information.

  • Luís Deschamps Rudge's Avatar

    Luís Deschamps Rudge

    Front End Engineer

fixed: SDKs - Lock Web

Started emiting an authorization_error when username / password fails. Also fixed a few UI issues on mobile and some options overrides not being passed to auth0.js. See the changelog entry for more information.

  • Luís Deschamps Rudge's Avatar

    Luís Deschamps Rudge

    Front End Engineer

added: SDKs

Auth0.swift - Added Credentials Manager utility for secure management of tokens. Updated compatibility for Xcode 8.3 See the changelog entry for more information.

  • Martin Walsh's Avatar

    Martin Walsh

    iOS Engineer

added: Authentication API

Added a new client.grant_types property to Auth0 Clients. With this change, Auth0 will restrict authentication and authorization flows based on the grant types associated with each client. All existing clients have been updated with all grant types for backward compatibility. New clients will be created with certain default grant types based on whether it is a public or confidential client (based on the token_endpoint_auth_method property). See our documentation for more information.

  • Germán Lena's Avatar

    Germán Lena

    Engineer

added: SDKs

Lock.swift - Added 1Password support for database connections. Greatly expanded Lock customization options. See the changelog entry for more information.

  • Martin Walsh's Avatar

    Martin Walsh

    iOS Engineer

added: Management API
  • Added support to query by identifier on PATCH / GET / DELETE api/v2/resource-servers endpoints.- Added pagination to GET api/v2/clients endpoint.
  • Hugo Arregui's Avatar

    Hugo Arregui

    Engineer

changed: Management API

Removed client.resource_servers from documented sample response.

  • Hugo Arregui's Avatar

    Hugo Arregui

    Engineer

deprecated: SDKs

The Java Servlet SDK has been deprecated and will no longer be maintained. Development will continue on the auth0-java-mvc-common SDK.

  • Luciano Balmaceda's Avatar

    Luciano Balmaceda

    Mobile Engineer

deprecated: SDKs

The Java Spring Security MVC SDK has been deprecated and will no longer be maintained. Development will continue on the auth0-java-mvc-common SDK.

  • Luciano Balmaceda's Avatar

    Luciano Balmaceda

    Mobile Engineer

added: SDKs - auth0.js

Added option postMessageType to filter iframe events in order to prevent incorrect events triggering the renewAuth callback. Also added support for Cross Origin Authentication. See the changelog entry for more information.

  • Luís Deschamps Rudge's Avatar

    Luís Deschamps Rudge

    Front End Engineer

deprecated: SDKs

The Java Spring MVC SDK has been deprecated and will no longer be maintained. Development will continue on the auth0-java-mvc-common SDK.

  • Luciano Balmaceda's Avatar

    Luciano Balmaceda

    Mobile Engineer

added: SDKs

Published new SDK for Java (auth0-java-mvc-common) to simplify the web authentication from Java MVC applications using either Code Grant or Implicit Grant. Supports HS256, and RS256 algorithms with optional Public Key Rotation. See the changelog entry for more information.

  • Luciano Balmaceda's Avatar

    Luciano Balmaceda

    Mobile Engineer

fixed: SDKs - auth0.js

Fixed some overriden options not being applied. Also fixed decoding babse64 strings with special characters. See the changelog entry for more information.

  • Luís Deschamps Rudge's Avatar

    Luís Deschamps Rudge

    Front End Engineer

added: SDKs

The Auth0-Java SDK adds support for the new OAuth 2.0 Renew and Revoke Token endpoints. The Guardian entity has also been improved. See the changelog entry for more information.

  • Luciano Balmaceda's Avatar

    Luciano Balmaceda

    Mobile Engineer

  • Nicolas Ulrich's Avatar

    Nicolas Ulrich

    Mobile Engineer

fixed: Management Dashboard
  • Officially dropped support for Microsoft’s Internet Explorer 10.- Fixed issue in the APIs section’s Test tab: changing languages in the code viewers now change the language properly.- Fixed visual issue with code editors backgrounds in the User Details section when using Chrome in Windows 10.- Fixed overflowing of text when users have huge strings without spaces or breaks in their External Attributes Object.- Fixed issue with Delete Account prompt showing a default domain name instead of the correct domain for that account.- Fixed issue with positioning for SAML connections list pagination controls.- Fixed issue when uploading custom logo in Tenant Settings section would crash the browser.- Fixed issue with users with special characters in their IDs that could not be seen in the dashboard.- Improved UI for User Identities in User Details: replaced the old JSON viewer for a better-looking code editor.- Fixed SAMLP default mappings example to avoid getting parsing errors by default.- Now the API section is displayed by default.
  • Tomás Chernov's Avatar

    Tomás Chernov

    Front End Developer

added: Authentication

New connection for PayPal Sandbox applications, it can be found in Social Connections in dashboard

  • Eduardo Díaz Sanabria's Avatar

    Eduardo Díaz Sanabria

    Engineer

fixed: SDKs - auth0.js

The postMessage handler now supports parsing objects as well. See the changelog entry for more information.

  • Luís Deschamps Rudge's Avatar

    Luís Deschamps Rudge

    Front End Engineer

fixed: SDKs - Lock Web

Fixed a few UI issues with long titles and error messages. See the changelog entry for more information.

  • Luís Deschamps Rudge's Avatar

    Luís Deschamps Rudge

    Front End Engineer

added: SDKs

The Java-JWT SDK adds a 'Key Provider' interface to support dynamic RSA or ECDSA Keys, making easier the use of JWKs files for token verification. Long claims are also supported. From this release on, the JWT#decode static method will return a DecodedJWT object instead of a JWT object. See the changelog entry for more information.

  • Luciano Balmaceda's Avatar

    Luciano Balmaceda

    Mobile Engineer

added: SDKs

The Auth0.Android SDK allows to revoke refresh_tokens. See the changelog entry for more information.

  • Luciano Balmaceda's Avatar

    Luciano Balmaceda

    Mobile Engineer

added: Lock

Lock for Android adds Paypal connection support and displays a Retry screen if it fails to load the Client settings. See the changelog entry for more information.

  • Luciano Balmaceda's Avatar

    Luciano Balmaceda

    Mobile Engineer

added: SDKs

Lock.swift - Added Passwordless SMS/Email connection support, paypal-sandbox connection support. See the changelog entry for more information.

  • Martin Walsh's Avatar

    Martin Walsh

    iOS Engineer

added: SDKs - Lock Web

Added support for the paypal-sandbox strategy. See the changelog entry for more information.

  • Luís Deschamps Rudge's Avatar

    Luís Deschamps Rudge

    Front End Engineer

fixed: SDKs - Lock Web

Fixed a few UI issues with mobile in landscape mode. See the changelog entry for more information.

  • Luís Deschamps Rudge's Avatar

    Luís Deschamps Rudge

    Front End Engineer

fixed: SDKs - auth0.js

Fixed an issue with nonce verification in the renewAuth method. See the changelog entry for more information.

  • Luís Deschamps Rudge's Avatar

    Luís Deschamps Rudge

    Front End Engineer

added: API Authorization

Server-side resource-owner password flows that use brute-force detection can now prevent erroneous blocking scenarios by utilizing the 'auth0-forwarded-for' header. See the documentation for more details.

  • Damian Fortuna's Avatar

    Damian Fortuna

    Engineer

added: SDKs

The Auth0.Android SDK on the event of a Rule error while trying to authenticate will parse any rule-defined custom error message. See the changelog entry for more information.

  • Luciano Balmaceda's Avatar

    Luciano Balmaceda

    Mobile Engineer

added: API Authorization

Added multifactor authentication capabilities to the oauth/token endpoint. See the documentation for more details.

  • Damian Fortuna's Avatar

    Damian Fortuna

    Engineer

  • José Luis Diaz's Avatar

    José Luis Diaz

    Engineer

  • Fredrik Liljegren's Avatar

    Fredrik Liljegren

    Engineer

fixed: Management Dashboard
  • Fixed outdated link in Sharepoint SSO Integration tutorial page.- Improved error message in the Email Templates section when the from field is not properly filled.- Fixed UI for form validations so they don’t linger after a successful submission of the form.- Added read:user_idp_tokens to available scopes for the Management API.
  • Tomás Chernov's Avatar

    Tomás Chernov

    Front End Developer

fixed: SDKs - Lock Web

Fixed a few UI inconsistencies with the username input. Also started disabling social buttons when terms were not accepted on sign up. See the changelog entry for more information.

  • Luís Deschamps Rudge's Avatar

    Luís Deschamps Rudge

    Front End Engineer

added: SDKs

Auth0.swift - Added method to check native authentication availability for IdP on device. See the changelog entry for more information.

  • Martin Walsh's Avatar

    Martin Walsh

    iOS Engineer

fixed: SDKs - auth0.js

Fixed an issue with the error handling callback. See the changelog entry for more information.

  • Luís Deschamps Rudge's Avatar

    Luís Deschamps Rudge

    Front End Engineer

added: SDKs

Auth0.swift - Added scope support to the renew method. See the changelog entry for more information.

  • Martin Walsh's Avatar

    Martin Walsh

    iOS Engineer

added: Authentication

user.last_password_reset will now be set immediately when the user changes their password, instead of waiting for the next login.

  • Germán Lena's Avatar

    Germán Lena

    Engineer

added: SDKs

Auth0.swift - Added Connection Scopes to webAuth and creation of webAuth instances from authentication instances. See the changelog entry for more information.

  • Martin Walsh's Avatar

    Martin Walsh

    iOS Engineer

fixed: SDKs - auth0.js

Fixed the error Nonce does not match when state option contains special characters. Also fixed popup authentication not being called with all the options. See the changelog entry for more information.

  • Luís Deschamps Rudge's Avatar

    Luís Deschamps Rudge

    Front End Engineer

fixed: SDKs - Lock Web

Fixed an issue when parsing a url fragment and the state had special characters. Also fixed an issue with incorrect error messages. See the changelog entry for more information.

  • Luís Deschamps Rudge's Avatar

    Luís Deschamps Rudge

    Front End Engineer

added: SDKs - Lock Web

Added Evernote strategy. See the changelog entry for more information.

  • Luís Deschamps Rudge's Avatar

    Luís Deschamps Rudge

    Front End Engineer

added: SDKs

Lock.swift - Added connection scope support for OAuth2 connections and added native authentication handler support. See the changelog entry for more information.

  • Martin Walsh's Avatar

    Martin Walsh

    iOS Engineer

fixed: Management Dashboard
  • Added functionality to filter-as-you-type the tenant list in the tenant dropdown for tenant lists with more than 10 tenants in them.- Updated UI for the <app_metadata> and <user_metadata> properties, in the User Details section, to feature a full-featured editor with code folding.- Renamed the “Setup” button in SAMLP connections list to “Setup Instructions”.- Fixed a series of issues with dashboard invitees:
    • Prevent non-owners from entering the “create SSO Integrations” route. - Prevent non-owners from entering the Logs section. - Prevent non-owners from entering the account sub-sections (Admins, Payment, etc.).
  • Updated UI for Dashboard Admins to fix XSS vulnerability when deleting dashboard admins and relocated the row to add an admin to always be on top of the list to avoid scrolling in long lists.- Updated UI for User Details to account for long <name> and <username> properties by truncating them.- Added the possibility to save Sharepoint SSO Integrations <external URLs> as a comma-separated list to set multiple of them.
  • Tomás Chernov's Avatar

    Tomás Chernov

    Front End Developer

added: Authentication

Added support for read:user scope when using Github social connections

  • Eduardo Díaz Sanabria's Avatar

    Eduardo Díaz Sanabria

    Engineer

added: Lock

Lock for Android Passwordless flow can now remember the identity of the last person who successfully signed in. See the changelog entry for more information.

  • Luciano Balmaceda's Avatar

    Luciano Balmaceda

    Mobile Engineer

fixed: SDKs - Lock Web

Started sending owp param in popup mode. See the changelog entry for more information.

  • Luís Deschamps Rudge's Avatar

    Luís Deschamps Rudge

    Front End Engineer

added: SDKs - Lock Web

Added checkbox as a custom input type for the option additionalSignUpFields. See the changelog entry for more information.

  • Luís Deschamps Rudge's Avatar

    Luís Deschamps Rudge

    Front End Engineer

added: SDKs

The Auth0.Android SDK adds the Management API's GET User Profile endpoint. See the changelog entry for more information.

  • Luciano Balmaceda's Avatar

    Luciano Balmaceda

    Mobile Engineer

fixed: SDKs - Lock Web

Fixed a few UI issues. Started filtering parameters send to the /authorize endpoint. See the changelog entry for more information.

  • Luís Deschamps Rudge's Avatar

    Luís Deschamps Rudge

    Front End Engineer

added: SDKs - auth0.js

Added flag _idTokenVerification to disable id_token verification for legacy clients. See the changelog entry for more information.

  • Luís Deschamps Rudge's Avatar

    Luís Deschamps Rudge

    Front End Engineer

added: Management API

Updated the UI for the API Explorer tab to be able to configure the token expiration for the Management API.

  • Tomás Chernov's Avatar

    Tomás Chernov

    Front End Developer

added: Authentication

Rules will now run when calling oauth/token with grant_type: password or grant_type: refresh_token. For more information, check out our documentation.

  • Samuel Judson's Avatar

    Samuel Judson

    Application Security Engineer

added: MFA

Guardian Authenticator for Android is now capable of scanning and managing any generic TOTP key.

  • Nicolas Ulrich's Avatar

    Nicolas Ulrich

    Mobile Engineer

added: Clients

Added a new property <description> for Clients, a free-text field to describe the client’s purpose.

  • Tomás Chernov's Avatar

    Tomás Chernov

    Front End Developer

added: SDKs

Released new Lock for iOS version written in Swift and migration guide to help the transition.

  • Hernan Zalazar's Avatar

    Hernan Zalazar

    Engineer

  • Martin Walsh's Avatar

    Martin Walsh

    iOS Engineer

added: SDKs

Auth0.swift - Added Native Authentication support and fixed support for OIDC conformant profiles. See the changelog entry for more information.

  • Martin Walsh's Avatar

    Martin Walsh

    iOS Engineer

added: SDKs

Published new SDK for Java (auth0-java) that supports Authentication API OAuth 2.0 endpoints and most of the Management API entities. See the changelog entry for more information.

  • Luciano Balmaceda's Avatar

    Luciano Balmaceda

    Mobile Engineer

added: Authentication

Added enhancements to SAML Single Logout to conform to the Single Logout Profile specification. With these enhancements, all SAML Service Providers you have configured for logout will be sent a LogoutRequest to the logout.callback URL you have configured in the SAML Add-on. If your Service Provider does not support Single Logout, you can set logout.slo_enabled: false in your SAML Add-on configuration. For more information, check out our Logout documentation and SAML configuration documentation.

  • Hernán Tierno's Avatar

    Hernán Tierno

    Engineer

  • Marcos Castany's Avatar

    Marcos Castany

    Engineering Lead

added: SDKs

The Java-JWT SDK can now handle Array claims and return the Payload claims as a Map<String, Claim>. See the changelog entry for more information.

  • Luciano Balmaceda's Avatar

    Luciano Balmaceda

    Mobile Engineer

added: Lock

Lock for Android now supports the use of custom URL schemes for Web Authentication. The Implicit Grant has been deprecated. See the changelog entry for more information.

  • Luciano Balmaceda's Avatar

    Luciano Balmaceda

    Mobile Engineer

added: SDKs

The Auth0.Android SDK adds a flag to decide if the API calls should be made using Open ID Connect conformant or Legacy endpoints. See the changelog entry for more information.

  • Luciano Balmaceda's Avatar

    Luciano Balmaceda

    Mobile Engineer

changed: Anomaly Detection

Consolidated brute-force detection into a single Shield.

  • José Luis Diaz's Avatar

    José Luis Diaz

    Engineer

added: SDKs

Auth0.swift - Added support for password-realm.grant_types and refresh_token.grant_types. Additional smaller changes have been made to support OIDC. See the changelog entry for more information.

  • Martin Walsh's Avatar

    Martin Walsh

    iOS Engineer

added: SDKs

The Auth0.Android SDK now supports sending audience value on Web Authentication. See the changelog entry for more information.

  • Luciano Balmaceda's Avatar

    Luciano Balmaceda

    Mobile Engineer

added: SDKs

Published new Java SDK (java-jwt) for Json Web Tokens verification and signing. Supports HMAC, RSA and ECDSA algorithms. See the changelog entry for more information.

  • Luciano Balmaceda's Avatar

    Luciano Balmaceda

    Mobile Engineer

added: MFA

It is now possible to pre-enroll users into Guardian via an enrollment email. See here for more information.

  • José Luis Diaz's Avatar

    José Luis Diaz

    Engineer

added: Authentication

Added client flag to disable SSO (sso_disabled) which can be set using the Management API. When this flag is set to true, an Auth0 session will not be created for any authentication using that client.

  • Hernán Tierno's Avatar

    Hernán Tierno

    Engineer

  • Hugo Arregui's Avatar

    Hugo Arregui

    Engineer

added: API Authorization

Added expires_in to oauth/token endpoint

  • Hernán Tierno's Avatar

    Hernán Tierno

    Engineer

changed: Authentication

Upgraded Auth0 hosted login page to Lock 10.7.

  • Sebastian Iacomuzzi's Avatar

    Sebastian Iacomuzzi

    Engineer

added: SDKs

The Auth0.Android SDK prepares to conform with Open ID Connect and adds the /userinfo and /oauth/token endpoints. Multiple response_type values are supported as well. See the changelog entry for more information.

  • Luciano Balmaceda's Avatar

    Luciano Balmaceda

    Mobile Engineer

added: MFA

Published new mobile SDKs for iOS (Guardian.swift) and Android (Guardian.Android) to make it simple to build custom Guardian mobile applications.

  • Nicolas Ulrich's Avatar

    Nicolas Ulrich

    Mobile Engineer

  • Hernan Zalazar's Avatar

    Hernan Zalazar

    Engineer

added: Lock

Lock for Android now allows to specify a custom Scope. See the changelog entry for more information.

  • Luciano Balmaceda's Avatar

    Luciano Balmaceda

    Mobile Engineer

added: Authentication

nonce parameter is now mandatory if you are using implicit grant flow

  • Samuel Judson's Avatar

    Samuel Judson

    Application Security Engineer

added: Lock

Released new version of Lock for Web with several bugfixes and improvements including support for custom OAuth2 connections. See Lock's changelog for more information.

  • Germán Lena's Avatar

    Germán Lena

    Engineer

  • Benjamín Flores's Avatar

    Benjamín Flores

    User Interface Developer

  • Cristian Douce's Avatar

    Cristian Douce

    Engineer

added: MFA

Release of the UI-less client libraries for Guardian, allowing users to build custom Guardian widgets. See the library here for more information

  • Damian Fortuna's Avatar

    Damian Fortuna

    Engineer

added: Settings

Added new Tenant settings for:

  • default_audience - Specifies the audience that clients will receive as a default if one isn't explicitly requested- default_directory - Specifies a default directory connection to use when using password grant flow
  • Tomás Chernov's Avatar

    Tomás Chernov

    Front End Developer

  • Martin Cabral's Avatar

    Martin Cabral

    Product Manager

fixed: Authentication

Double quotes in assertions caused invalid SAML signature.

  • Marcos Castany's Avatar

    Marcos Castany

    Engineering Lead

added: SDKs

Published new Android focused SDK (JWTDecode.Android) for decoding Json Web Tokens (JWT). See the changelog entry for more information.

  • Luciano Balmaceda's Avatar

    Luciano Balmaceda

    Mobile Engineer

fixed: Connections

Verification email does not display given_name attribute for custom DB.

  • Eduardo Díaz Sanabria's Avatar

    Eduardo Díaz Sanabria

    Engineer

  • Hernán Tierno's Avatar

    Hernán Tierno

    Engineer

changed: Lock

Lock for Android now uses Browser instead of WebView by default for authentication. See the changelog entry for more information.

  • Luciano Balmaceda's Avatar

    Luciano Balmaceda

    Mobile Engineer

added: Connections

Added paging to Database Connctions page to support large volume of connections

  • Tomás Chernov's Avatar

    Tomás Chernov

    Front End Developer

  • Hugo Arregui's Avatar

    Hugo Arregui

    Engineer

  • Damian Schenkelman's Avatar

    Damian Schenkelman

    Engineer

added: SDKs

Published new mobile SDKs for iOS (Auth0.swift) and Android (Auth0.Android) to make it simple to build custom login screens using Auth0.

  • Hernan Zalazar's Avatar

    Hernan Zalazar

    Engineer

  • Luciano Balmaceda's Avatar

    Luciano Balmaceda

    Mobile Engineer

added: MFA

Auth0 Guardian now allows users to choose to 'remember this browser' and not be prompted for MFA for 30 days from a known system.

  • Fredrik Liljegren's Avatar

    Fredrik Liljegren

    Engineer

added: API

It is now possible to disable automatic SMS and email notifications during Passwordless user creation. See the docs for more information.

  • Eduardo Díaz Sanabria's Avatar

    Eduardo Díaz Sanabria

    Engineer

added: Authentication

When a user hits the rate limit for the delegation endpoint, log entries will now be visible in the tenant logs.

  • Hernán Tierno's Avatar

    Hernán Tierno

    Engineer

added: SSO

SSO Session Timeout can be customized in Tenant Settings > Advanced. This allows you to specify how long the SSO Cookie is valid.

  • Sebastian Iacomuzzi's Avatar

    Sebastian Iacomuzzi

    Engineer

  • Hugo Arregui's Avatar

    Hugo Arregui

    Engineer

  • Tomás Chernov's Avatar

    Tomás Chernov

    Front End Developer

fixed: Authentication

Fixed error when custom DB scripts are set to null

  • Hernán Tierno's Avatar

    Hernán Tierno

    Engineer

added: OAuth2

You can now opt-in to preview the new OAuth2aaS pipeline in Account Settings > Advanced. This enables support for Advanced API Authorization scenarios including user consent.

  • Sebastian Iacomuzzi's Avatar

    Sebastian Iacomuzzi

    Engineer

  • Martin Cabral's Avatar

    Martin Cabral

    Product Manager

added: Lock

Released new major version of Lock for Android with redesigned UI and new features like custom OAuth2 connections support, password policy, etc. See the docs for more information.

  • Luciano Balmaceda's Avatar

    Luciano Balmaceda

    Mobile Engineer

added: Connections

Database Connections now allow customizing the minimum and maximum length for usernames, up to 128 characters. This only applies if Require Username is on.

username length

  • Tomás Chernov's Avatar

    Tomás Chernov

    Front End Developer

  • Eduardo Díaz Sanabria's Avatar

    Eduardo Díaz Sanabria

    Engineer

  • Hernan Zalazar's Avatar

    Hernan Zalazar

    Engineer

  • Hugo Arregui's Avatar

    Hugo Arregui

    Engineer

changed: API

Renamed the Delete All Users endpoint from DELETE /api/v2/users to DELETE /api/v2/allusers to avoid accidental deletion of users.

  • Hugo Arregui's Avatar

    Hugo Arregui

    Engineer

added: Enterprise Connections

Add oid claim to Azure AD user profiles

  • Hernán Tierno's Avatar

    Hernán Tierno

    Engineer

added: API

Update response from Device Credentials endpoint to include type and user_id.

  • Hugo Arregui's Avatar

    Hugo Arregui

    Engineer

added: Logs

SAML Response is now displayed in Tenant Logs when Debug Mode is enabled in the SAML Connection.

  • Marcos Castany's Avatar

    Marcos Castany

    Engineering Lead

added: MFA

Added the ability to regenerate Guardian recovery codes. Please visit our documentation for details.

  • Fredrik Liljegren's Avatar

    Fredrik Liljegren

    Engineer

added: MFA

Auth0 Guardian is now officially released -- a new and convenient way to perform multifactor authentication for logins. Guardian features 'push-notifications' as well as other standard authentication flows. See our full announcement here.

  • Damian Fortuna's Avatar

    Damian Fortuna

    Engineer

  • Nicolas Ulrich's Avatar

    Nicolas Ulrich

    Mobile Engineer

  • Hernan Zalazar's Avatar

    Hernan Zalazar

    Engineer

added: Password Breach Detection

Releasing password breach detection, which protects Auth0 users in case their password is leaked via a breach at a different provider. Auth0 monitors announcments of breaches from other providers, and checks Auth0 users against the list of leaked accounts. In case of a match, the user will be prevented from logging in until their password is reset.

  • Jose Romaniello's Avatar

    Jose Romaniello

    Head Of Engineering

added: API

Added ability to specify Client Logo on the client API

  • Germán Lena's Avatar

    Germán Lena

    Engineer

added: MFA

Guardian template is now customizable via the Hosted Pages section.

  • Damian Fortuna's Avatar

    Damian Fortuna

    Engineer

fixed: Logs

Fixed issue with Account Un-Linking where the secondary account would not show up in the Users list after being Un-Liked. Now, when Un-Linking two linked accounts, the secondary account will be restored and visible in Users.

  • Hugo Arregui's Avatar

    Hugo Arregui

    Engineer

added: MFA

The API now has the ability to manage Guardian configuration. Please visit our documentation for full details.

  • Damian Fortuna's Avatar

    Damian Fortuna

    Engineer

added: Bulk Import

Bulk Import API has been upgraded with the following changes:

  • Added option to specify if the operation should should insert or upsert - Added external_id parameter. The value is user defined and is returned with Job status; can be used for correlating multiple jobs. - Job Status shows summary totals of successful/failed/inserted/updated - Added ability to retrieve failed entries via API call to GET /api/v2/jobs/{id}/errors - Job Status is added to Tenant Logs which allows a custom WebHook to be trigged using the WebHook Logs Extension
  • Hugo Arregui's Avatar

    Hugo Arregui

    Engineer

added: Extensions

The Bitbucket Deployments extension allows you to deploy rules and database connection scripts from Bitbucket to Auth0. You can configure a Bitbucket repository, keep all your rules and database connection scripts there, and have them automatically deployed to Auth0 each time you push to your repository. extensions

  • Sandrino Di Mattia's Avatar

    Sandrino Di Mattia

    Engineer Lead

added: Authentication

The /authorize endpoint now supports response_mode=form_post when the response_type is either id_token or code token.

For example:
/authorize?response_mode=form_post&client_id=…&redirect_uri=…&response_type=id_token

  • Hernán Tierno's Avatar

    Hernán Tierno

    Engineer

added: Password Policy

Added password policy support for Password Dictionary and Password Personal Data.

Password Dictionary, when enabled, prevents the use of common passwords and allows for setting a custom dictionary with up to 200 entries.

Password Personal Data, when enabled, prevents using personal data in the password, such as the user's name, parts of the email address, etc...

  • Eduardo Díaz Sanabria's Avatar

    Eduardo Díaz Sanabria

    Engineer

  • Jason Strutz's Avatar

    Jason Strutz

    Engineer

  • Alex Stanciu's Avatar

    Alex Stanciu

    Engineer

added: API Authorization

Auth0 now supports full Client Credentials flow for API Authorizations. This allows server to server authorization for things like scripts, backend services, daemons, or any app that does not need to operate as a user.

Enabling the API section can be done via Account Settings or by adding a new Non Interactive Client.

The Application section in the Auth0 Dashboard has been renamed to Clients to clarify the distinction between APIs and Clients.

This is the first step we are taking towards more complex API authorization scenarios. Other flows, such as User Consent, will be added in the near future. Please visit our full documentation for detailed information about API Authorization.

  • Jared Hanson's Avatar

    Jared Hanson

    Engineer

  • Martin Cabral's Avatar

    Martin Cabral

    Product Manager

  • Yohanna Etchemendy's Avatar

    Yohanna Etchemendy

    Product Designer

  • Tomás Chernov's Avatar

    Tomás Chernov

    Front End Developer

  • Cristian Douce's Avatar

    Cristian Douce

    Engineer

  • Matías Woloski's Avatar

    Matías Woloski

    Co-Founder, CTO

added: Connections: Passwordless

Added ability to change Email for users in Passwordless connections.

  • Eduardo Díaz Sanabria's Avatar

    Eduardo Díaz Sanabria

    Engineer

  • Tomás Chernov's Avatar

    Tomás Chernov

    Front End Developer

  • Jason Strutz's Avatar

    Jason Strutz

    Engineer

added: Connections: Passwordless

Added support for Twillio Copilot in Passwordless Connections.

  • Hernán Tierno's Avatar

    Hernán Tierno

    Engineer

  • Jason Strutz's Avatar

    Jason Strutz

    Engineer

changed: Social Connections: Fitbit

Support for Fitbit OAuth2 apps. Added an upgrade mechanism for OAuth1 (deprecated) connections.

  • Eduardo Díaz Sanabria's Avatar

    Eduardo Díaz Sanabria

    Engineer

  • Jason Strutz's Avatar

    Jason Strutz

    Engineer

changed: Passwordless

If a user requests multiple passwordless links/codes, emails may not arrive or be displayed in the correct order. Up till now, only the last code issued was valid, causing issues when opening the wrong email. This change allows the last 5 codes sent to be valid, but once one is used, the rest are invalidated.

  • Hernán Tierno's Avatar

    Hernán Tierno

    Engineer

added: Extensions

The GitHub Deployments extension allows you to deploy rules and database connection scripts from GitHub to Auth0. You can configure a GitHub repository, keep all your rules and database connection scripts there, and have them automatically deployed to Auth0 each time you push to your repository. extensions

  • Sandrino Di Mattia's Avatar

    Sandrino Di Mattia

    Engineer Lead

added: Password Policy

Added Password History support to Database Connections' password policies.

  • Hernán Tierno's Avatar

    Hernán Tierno

    Engineer

  • Tomás Chernov's Avatar

    Tomás Chernov

    Front End Developer

  • Yohanna Etchemendy's Avatar

    Yohanna Etchemendy

    Product Designer

  • Jason Strutz's Avatar

    Jason Strutz

    Engineer

  • Alex Stanciu's Avatar

    Alex Stanciu

    Engineer

added: Social Connections

Added support for the new Firebase SDK v3.

  • Martin Cabral's Avatar

    Martin Cabral

    Product Manager

  • Eduardo Díaz Sanabria's Avatar

    Eduardo Díaz Sanabria

    Engineer

added: Tenant Settings

Introduced a new tenant settings flag enable_client_connections that will allow customers to switch between 2 flows when creating clients (Applications):

  • When creating a new client, create and enable existing connections (current flow, default) - When creating a new client, create but don't enable my existing connections (new flow)

This setting can be turned off in Account Settings > Advanced > Settings > Enable Client Connections or via the API using the GET /api/v2/tenants/settings endpoint.

  • Cristian Douce's Avatar

    Cristian Douce

    Engineer

added: Extensions

Extensions gallery now supports documentation. From now on, you will be able to check documetion before and after installing an extension.

extensions extensions

  • Javier Centurion's Avatar

    Javier Centurion

    Engineer

  • Victor Fernandez's Avatar

    Victor Fernandez

    Lead Designer

  • Maria Paktiti's Avatar

    Maria Paktiti

    Technical Writer

added: Social Connections: Bitbucket, Social Connections: Dropbox

Added support for Bitbucket and Dropbox social connections.

If you are using Lock, please upgrade to v9.2.0.

  • Gabriel Andretta's Avatar

    Gabriel Andretta

    Engineer

  • Victor Fernandez's Avatar

    Victor Fernandez

    Lead Designer

  • Richard Seldon's Avatar

    Richard Seldon

    Customer Success Engineer

added: Passwordless emails

Provided access to the language in passwordless email templates

  • Eduardo Díaz Sanabria's Avatar

    Eduardo Díaz Sanabria

    Engineer

removed: API

Remove support for JSONP on the /ssodata endpoint. The "Last time you logged in with" feature will no longer be supported on IE 9.

  • Jose Romaniello's Avatar

    Jose Romaniello

    Head Of Engineering

added: Rules

Integrate Rules Debugging with Real-time Logs extension

extensions

  • Javier Centurion's Avatar

    Javier Centurion

    Engineer

added: Extensions

We shipped 7 new logging extensions. You can now export Auth0 logs to one of the following external systems:

  • Auth0 Logs to Papertrail- Auth0 Logs to Sumologic- Auth0 Logs to Splunk- Auth0 Logs to Logstash- Auth0 Logs to Mixpanel- Auth0 Logs to Logentries

Export operation executes at configurable intervals to ensure you always have access to recent logs.

extensions

  • Sandrino Di Mattia's Avatar

    Sandrino Di Mattia

    Engineer Lead

  • Richard Seldon's Avatar

    Richard Seldon

    Customer Success Engineer

  • Javier Centurion's Avatar

    Javier Centurion

    Engineer

added: Extensions

New Extension: Real-time Webtask Logs

This extension gives you the possibility to access to Webtask Logs in real-time. extensions extensions

  • Tomasz Janczuk's Avatar

    Tomasz Janczuk

    Engineer

  • Javier Centurion's Avatar

    Javier Centurion

    Engineer

added: Server

Added logout returnTo URL validation. If the returnTo URL is not in the Allowed Logout URLs list, the request will be rejected. See the docs for more information.

  • Hernán Tierno's Avatar

    Hernán Tierno

    Engineer

added: Extensions

New Extension: Authorization Dashboard

This extension gives you the possibility to manage group memberships for your users.

Group Management

Allows you to create groups with a name and a description. Users can be added and removed from groups. This can happen by opening the group and managing users from there, or by opening the user and manage the user's group memberships from there.

extensions

User Management

Besides managing everything from the group point of view you can also open a user and manage his/her group memberships there but also see the "calculated" group memberships for that user.

extensions

Application Access

In Auth0 the application access is very coarse grained. All users in a connection that is enabled for the application are able to access the application. With this extension you are now able to take this a step further. You are able to define that only groups "Fabrikam Management" and "Fabrikam Finance" are able to access the "Reporting App" containing reports about the company's financials.

extensions

  • Sandrino Di Mattia's Avatar

    Sandrino Di Mattia

    Engineer Lead

  • Javier Centurion's Avatar

    Javier Centurion

    Engineer

added: Management API

Added a new property on the client entity to allow users to specify how the client is going to perform authentication with the token endpoint. Values are none, client_secret_post and client_secret_basic. The none option is introduced for native applications which can’t store secrets and use PKCE (see https://tools.ietf.org/html/rfc7636)

  • Martin Cabral's Avatar

    Martin Cabral

    Product Manager

fixed: Authentication API

We included an extra validation in the /tokeninfo endpoint to verify that the account name in the URL matches the account for which the token was issued. Any call to the tokeninfo with a token from another account will return Unauthorized.

  • Sebastian Iacomuzzi's Avatar

    Sebastian Iacomuzzi

    Engineer

  • Marcos Castany's Avatar

    Marcos Castany

    Engineering Lead

changed: Connections: Database

Suppressed the error message in the change password flow in order to prevent user enumeration within the message. The API now returns HTTP 200.

  • Marcos Castany's Avatar

    Marcos Castany

    Engineering Lead

deprecated: APIv2

We deprecated the current_user_device_credentials scopes in the /api/v2/device-credentials endpoint for POST and DELETE methods. To use this endpoint we enabled Basic authentication with username and password from a database connection.

  • Sebastian Iacomuzzi's Avatar

    Sebastian Iacomuzzi

    Engineer

  • Marcos Castany's Avatar

    Marcos Castany

    Engineering Lead

added: Dashboard / Management API

Users can now specify a list of URLs that are valid to redirect to after logging out from Auth0. The update can be done either from the Dashboard or using the Management API.

  • Hernán Tierno's Avatar

    Hernán Tierno

    Engineer

  • Tomás Chernov's Avatar

    Tomás Chernov

    Front End Developer

  • Cristian Douce's Avatar

    Cristian Douce

    Engineer

added: Enterprise Connections

Added new ext_nested_groups option to waad connection strategy. When both ext_groups and ext_nested_groups are enabled we return all the groups that the user is a member of instead of only returning the ones that the user is direct member (for more information see this MSDN article)

  • Marcos Castany's Avatar

    Marcos Castany

    Engineering Lead

added: Management API

The device-credentials endpoint now supports basic authentication to perform GET, POST, and DELETE requests.

  • Sebastian Iacomuzzi's Avatar

    Sebastian Iacomuzzi

    Engineer

  • Marcos Castany's Avatar

    Marcos Castany

    Engineering Lead

added: Extensions Gallery

Extensions Gallery updated!

This new version allows you to create your own extensions. extensions

  • Javier Centurion's Avatar

    Javier Centurion

    Engineer

  • Victor Fernandez's Avatar

    Victor Fernandez

    Lead Designer

changed: Auth0 Lock v9

The flow to reset a password has been updated.

In this new flow, users enter their username or email address and receive an email with instructions to choose a new password. The old flow which required users to enter their new password and then confirm the change via email is still available but has been deprecated: it is no longer available for new tenants and existing tenants are recommended to disable it.

  • Sebastian Iacomuzzi's Avatar

    Sebastian Iacomuzzi

    Engineer

  • Gabriel Andretta's Avatar

    Gabriel Andretta

    Engineer

  • Benjamín Flores's Avatar

    Benjamín Flores

    User Interface Developer

changed: Auth0 Lock v9

The flow to reset a password has been updated.

In this new flow, users enter their username or email address and receive an email with instructions to choose a new password. The old flow which required users to enter their new password and then confirm the change via email is still available but has been deprecated: it is no longer available for new tenants and existing tenants are recommended to disable it.

  • Sebastian Iacomuzzi's Avatar

    Sebastian Iacomuzzi

    Engineer

  • Gabriel Andretta's Avatar

    Gabriel Andretta

    Engineer

  • Benjamín Flores's Avatar

    Benjamín Flores

    User Interface Developer

added: extensions

Extensions Gallery updated.

This new version gives users the possibility to search for an extension, easily check which ones are installed and access to more information about an extension before installing it. Also, includes new extensions such as Auth0 logs to Loggly, Auth0 logs to Azure blob storage, Auth0 logs to Application Insights, Auth0 AD/LDAP Connector Health Monitor and Auth0 Authentication API webhooks extensions

  • Javier Centurion's Avatar

    Javier Centurion

    Engineer

  • Victor Fernandez's Avatar

    Victor Fernandez

    Lead Designer

added: Management API

Users can query logs using the Management API v2.

You can use the new logs endpoints to query logs. This is the new recommended way to query logs. The API v1 logs endpoints will still be functional. See more info in the docs.

  • Hernán Tierno's Avatar

    Hernán Tierno

    Engineer

deprecated: SDKs

The Auth0.Android SDK has deprecated the usage of the WebView for authentication. All web authentication should be done using the Browser. See the changelog entry for more information.

  • Luciano Balmaceda's Avatar

    Luciano Balmaceda

    Mobile Engineer