Auth0 Changelog

Get the latest updates in Auth0

Changed: Authentication

2016-12-01

Upgraded Auth0 hosted login page to Lock 10.7.

Sebastian Iacomuzzi

Sebastian Iacomuzzi

Engineer

Added: API Authorization

2016-12-01

Added `expires_in` to oauth/token endpoint

Hernán Tierno

Hernán Tierno

Engineer

Added: MFA

2016-11-25

Published new mobile SDKs for iOS (Guardian.swift) and Android (Guardian.Android) to make it simple to build custom Guardian mobile applications.

Nicolas Ulrich

Nicolas Ulrich

Mobile Engineer

Hernan Zalazar

Hernan Zalazar

Engineer (Native UX)

Added: Authentication

2016-11-18

nonce parameter is now mandatory if you are using implicit grant flow

Samuel Judson

Samuel Judson

Application Security Engineer

Added: Lock

2016-11-02

Released new version of Lock for Web with several bugfixes and improvements including support for custom OAuth2 connections. See Lock's changelog for more information.

Germán Lena

Germán Lena

Engineer

Benjamín Flores

Benjamín Flores

User Interface Developer

Cristian Douce

Cristian Douce

Engineer

Added: MFA

2016-10-31

Release of the UI-less client libraries for Guardian, allowing users to build custom Guardian widgets. See the library here for more information

Damian Fortuna

Damian Fortuna

Front End Developer

Added: Settings

2016-10-26

Added new Tenant settings for:

  • default_audience - Specifies the audience that clients will receive as a default if one isn't explicitly requested
  • default_directory - Specifies a default directory connection to use when using password grant flow

Tomás Chernov

Tomás Chernov

Front End Developer

Martin Cabral

Martin Cabral

Engineer

Fixed: Authentication

2016-10-26

Double quotes in assertions caused invalid SAML signature.

Marcos Castany

Marcos Castany

Engineer

Fixed: Connections

2016-10-24

Verification email does not display given_name attribute for custom DB.

Eduardo Díaz Sanabria

Eduardo Díaz Sanabria

Engineer

Hernán Tierno

Hernán Tierno

Engineer

Added: Connections

2016-10-15

Added paging to Database Connctions page to support large volume of connections

Tomás Chernov

Tomás Chernov

Front End Developer

Hugo Arregui

Hugo Arregui

Engineer

Added: SDKs

2016-10-06

Published new mobile SDKs for iOS (Auth0.swift) and Android (Auth0.Android) to make it simple to build custom login screens using Auth0.

Hernan Zalazar

Hernan Zalazar

Engineer (Native UX)

Luciano Balmaceda

Luciano Balmaceda

Mobile Engineer

Added: MFA

2016-10-05

Auth0 Guardian now allows users to choose to 'remember this browser' and not be prompted for MFA for 30 days from a known system.

Fredrik Liljegren

Fredrik Liljegren

Engineer

Added: API

2016-10-05

It is now possible to disable automatic SMS and email notifications during Passwordless user creation. See the docs for more information.

Eduardo Díaz Sanabria

Eduardo Díaz Sanabria

Engineer

Added: Authentication

2016-09-26

When a user hits the rate limit for the delegation endpoint, log entries will now be visible in the tenant logs.

Hernán Tierno

Hernán Tierno

Engineer

Added: SSO

2016-09-22

SSO Session Timeout can be customized in Tenant Settings > Advanced. This allows you to specify how long the SSO Cookie is valid.

Sebastian Iacomuzzi

Sebastian Iacomuzzi

Engineer

Hugo Arregui

Hugo Arregui

Engineer

Tomás Chernov

Tomás Chernov

Front End Developer

Added: Lock

2016-09-21

Released new major version of Lock for Android with redesigned UI and new features like custom OAuth2 connections support, password policy, etc. See the docs for more information.

Luciano Balmaceda

Luciano Balmaceda

Mobile Engineer

Fixed: Authentication

2016-09-21

Fixed error when custom DB scripts are set to null

Hernán Tierno

Hernán Tierno

Engineer

Added: OAuth2

2016-09-21

You can now opt-in to preview the new OAuth2aaS pipeline in Account Settings > Advanced. This enables support for Advanced API Authorization scenarios including user consent.

Sebastian Iacomuzzi

Sebastian Iacomuzzi

Engineer

Martin Cabral

Martin Cabral

Engineer

Added: Connections

2016-09-19

Database Connections now allow customizing the minimum and maximum length for usernames, up to 128 characters. This only applies if Require Username is on.

username length

Tomás Chernov

Tomás Chernov

Front End Developer

Eduardo Díaz Sanabria

Eduardo Díaz Sanabria

Engineer

Hernan Zalazar

Hernan Zalazar

Engineer (Native UX)

Hugo Arregui

Hugo Arregui

Engineer

Changed: API

2016-09-13

Renamed the Delete All Users endpoint from DELETE /api/v2/users to DELETE /api/v2/allusers to avoid accidental deletion of users.

Hugo Arregui

Hugo Arregui

Engineer

Added: Enterprise Connections

2016-09-07

Add oid claim to Azure AD user profiles

Hernán Tierno

Hernán Tierno

Engineer

Added: API

2016-09-05

Update response from Device Credentials endpoint to include type and user_id.

Hugo Arregui

Hugo Arregui

Engineer

Added: Logs

2016-09-02

SAML Response is now displayed in Tenant Logs when Debug Mode is enabled in the SAML Connection.

Marcos Castany

Marcos Castany

Engineer

Added: MFA

2016-08-29

Added the ability to regenerate Guardian recovery codes. Please visit our documentation for details.

Fredrik Liljegren

Fredrik Liljegren

Engineer

Added: MFA

2016-08-25

Auth0 Guardian is now officially released -- a new and convenient way to perform multifactor authentication for logins. Guardian features 'push-notifications' as well as other standard authentication flows. See our full announcement here.

Damian Fortuna

Damian Fortuna

Front End Developer

Nicolas Ulrich

Nicolas Ulrich

Mobile Engineer

Hernan Zalazar

Hernan Zalazar

Engineer (Native UX)

Added: Password Breach Detection

2016-08-24

Releasing password breach detection, which protects Auth0 users in case their password is leaked via a breach at a different provider. Auth0 monitors announcments of breaches from other providers, and checks Auth0 users against the list of leaked accounts. In case of a match, the user will be prevented from logging in until their password is reset.

Jose Romaniello

Jose Romaniello

Head Of Engineering

Added: API

2016-08-24

Added ability to specify Client Logo on the client API

Germán Lena

Germán Lena

Engineer

Added: MFA

2016-08-17

Guardian template is now customizable via the Hosted Pages section.

Damian Fortuna

Damian Fortuna

Front End Developer

Fixed: Logs

2016-08-09

Fixed issue with Account Un-Linking where the secondary account would not show up in the Users list after being Un-Liked. Now, when Un-Linking two linked accounts, the secondary account will be restored and visible in Users.

Hugo Arregui

Hugo Arregui

Engineer

Added: MFA

2016-08-05

The API now has the ability to manage Guardian configuration. Please visit our documentation for full details.

Damian Fortuna

Damian Fortuna

Front End Developer

Added: Bulk Import

2016-08-05

Bulk Import API has been upgraded with the following changes:

  • Added option to specify if the operation should should insert or upsert
  • Added external_id parameter. The value is user defined and is returned with Job status; can be used for correlating multiple jobs.
  • Job Status shows summary totals of successful/failed/inserted/updated
  • Added ability to retrieve failed entries via API call to GET /api/v2/jobs/{id}/errors
  • Job Status is added to Tenant Logs which allows a custom WebHook to be trigged using the WebHook Logs Extension

Hugo Arregui

Hugo Arregui

Engineer

Added: Extensions

2016-08-01

The Bitbucket Deployments extension allows you to deploy rules and database connection scripts from Bitbucket to Auth0. You can configure a Bitbucket repository, keep all your rules and database connection scripts there, and have them automatically deployed to Auth0 each time you push to your repository. extensions

Sandrino Di Mattia

Sandrino Di Mattia

Customer Success Engineer

Added: Authentication

2016-07-22

The /authorize endpoint now supports response_mode=form_post when the response_type is either id_token or code token.

For example:
/authorize?response_mode=form_post&client_id=…&redirect_uri=…&response_type=id_token

Hernán Tierno

Hernán Tierno

Engineer

Added: Connections: Passwordless

2016-07-15

Added ability to change Email for users in Passwordless connections.

Eduardo Díaz Sanabria

Eduardo Díaz Sanabria

Engineer

Tomás Chernov

Tomás Chernov

Front End Developer

Jason Strutz

Jason Strutz

Engineer

Added: Password Policy

2016-07-15

Added password policy support for Password Dictionary and Password Personal Data.

Password Dictionary, when enabled, prevents the use of common passwords and allows for setting a custom dictionary with up to 200 entries.

Password Personal Data, when enabled, prevents using personal data in the password, such as the user's name, parts of the email address, etc...

Eduardo Díaz Sanabria

Eduardo Díaz Sanabria

Engineer

Jason Strutz

Jason Strutz

Engineer

Alex Stanciu

Alex Stanciu

Product Owner

Added: API Authorization

2016-07-15

Auth0 now supports full Client Credentials flow for API Authorizations. This allows server to server authorization for things like scripts, backend services, daemons, or any app that does not need to operate as a user.

Enabling the API section can be done via Account Settings or by adding a new Non Interactive Client.

The Application section in the Auth0 Dashboard has been renamed to Clients to clarify the distinction between APIs and Clients.

This is the first step we are taking towards more complex API authorization scenarios. Other flows, such as User Consent, will be added in the near future. Please visit our full documentation for detailed information about API Authorization.

Jared Hanson

Jared Hanson

Engineer

Martin Cabral

Martin Cabral

Engineer

Yohanna Etchemendy

Yohanna Etchemendy

Product Designer

Tomás Chernov

Tomás Chernov

Front End Developer

Cristian Douce

Cristian Douce

Engineer

Matías Woloski

Matías Woloski

Co-Founder, CTO

Added: Connections: Passwordless

2016-07-14

Added support for Twillio Copilot in Passwordless Connections.

Hernán Tierno

Hernán Tierno

Engineer

Jason Strutz

Jason Strutz

Engineer

Changed: Social Connections: Fitbit

2016-07-12

Support for Fitbit OAuth2 apps. Added an upgrade mechanism for OAuth1 (deprecated) connections.

Eduardo Díaz Sanabria

Eduardo Díaz Sanabria

Engineer

Jason Strutz

Jason Strutz

Engineer

Jeff Smith

Jeff Smith

Technical Writer

Changed: Passwordless

2016-07-02

If a user requests multiple passwordless links/codes, emails may not arrive or be displayed in the correct order. Up till now, only the last code issued was valid, causing issues when opening the wrong email. This change allows the last 5 codes sent to be valid, but once one is used, the rest are invalidated.

Hernán Tierno

Hernán Tierno

Engineer

Added: Extensions

2016-06-29

The GitHub Deployments extension allows you to deploy rules and database connection scripts from GitHub to Auth0. You can configure a GitHub repository, keep all your rules and database connection scripts there, and have them automatically deployed to Auth0 each time you push to your repository. extensions

Sandrino Di Mattia

Sandrino Di Mattia

Customer Success Engineer

Added: Password Policy

2016-06-21

Added Password History support to Database Connections' password policies.

Hernán Tierno

Hernán Tierno

Engineer

Tomás Chernov

Tomás Chernov

Front End Developer

Yohanna Etchemendy

Yohanna Etchemendy

Product Designer

Jason Strutz

Jason Strutz

Engineer

Alex Stanciu

Alex Stanciu

Product Owner

Added: Social Connections

2016-05-28

Added support for the new Firebase SDK v3.

Eduardo Díaz Sanabria

Eduardo Díaz Sanabria

Engineer

Added: Tenant Settings

2016-05-25

Introduced a new tenant settings flag enable_client_connections that will allow customers to switch between 2 flows when creating clients (Applications):

  • When creating a new client, create and enable existing connections (current flow, default)
  • When creating a new client, create but don't enable my existing connections (new flow)

This setting can be turned off in Account Settings > Advanced > Settings > Enable Client Connections or via the API using the GET /api/v2/tenants/settings endpoint.

Cristian Douce

Cristian Douce

Engineer

Added: Extensions

2016-05-16

Extensions gallery now supports documentation. From now on, you will be able to check documetion before and after installing an extension.

extensions extensions

Javier Centurion

Javier Centurion

Engineer

Victor Fernandez

Victor Fernandez

Lead Designer

Maria Paktiti

Maria Paktiti

Technical Writer

Added: Passwordless emails

2016-05-12

Provided access to the language in passwordless email templates

Eduardo Díaz Sanabria

Eduardo Díaz Sanabria

Engineer

Added: Social Connections: Bitbucket, Social Connections: Dropbox

2016-05-12

Added support for Bitbucket and Dropbox social connections.

If you are using Lock, please upgrade to v9.2.0.

Gabriel Andretta

Gabriel Andretta

Engineer

Victor Fernandez

Victor Fernandez

Lead Designer

Richard Seldon

Richard Seldon

Customer Success Engineer

Removed: API

2016-05-10

Remove support for JSONP on the /ssodata endpoint. The "Last time you logged in with" feature will no longer be supported on IE 9.

Jose Romaniello

Jose Romaniello

Head Of Engineering

Added: Rules

2016-05-09

Integrate Rules Debugging with Real-time Logs extension

extensions

Javier Centurion

Javier Centurion

Engineer

Added: Extensions

2016-05-08

We shipped 7 new logging extensions. You can now export Auth0 logs to one of the following external systems:

  • Auth0 Logs to Papertrail
  • Auth0 Logs to Sumologic
  • Auth0 Logs to Splunk
  • Auth0 Logs to Logstash
  • Auth0 Logs to Mixpanel
  • Auth0 Logs to Logentries

Export operation executes at configurable intervals to ensure you always have access to recent logs.

extensions

Sandrino Di Mattia

Sandrino Di Mattia

Customer Success Engineer

Richard Seldon

Richard Seldon

Customer Success Engineer

Javier Centurion

Javier Centurion

Engineer

Added: Extensions

2016-05-02

New Extension: Real-time Webtask Logs

This extension gives you the possibility to access to Webtask Logs in real-time. extensions extensions

Tomasz Janczuk

Tomasz Janczuk

Engineer

Javier Centurion

Javier Centurion

Engineer

Added: Server

2016-04-22

Added logout returnTo URL validation. If the returnTo URL is not in the Allowed Logout URLs list, the request will be rejected. See the docs for more information.

Hernán Tierno

Hernán Tierno

Engineer

Added: Extensions

2016-04-08

New Extension: Authorization Dashboard

This extension gives you the possibility to manage group memberships for your users.

Group Management

Allows you to create groups with a name and a description. Users can be added and removed from groups. This can happen by opening the group and managing users from there, or by opening the user and manage the user's group memberships from there.

extensions

User Management

Besides managing everything from the group point of view you can also open a user and manage his/her group memberships there but also see the "calculated" group memberships for that user.

extensions

Application Access

In Auth0 the application access is very coarse grained. All users in a connection that is enabled for the application are able to access the application. With this extension you are now able to take this a step further. You are able to define that only groups "Fabrikam Management" and "Fabrikam Finance" are able to access the "Reporting App" containing reports about the company's financials.

extensions

Sandrino Di Mattia

Sandrino Di Mattia

Customer Success Engineer

Javier Centurion

Javier Centurion

Engineer

Added: Management API

2016-04-07

Added a new property on the client entity to allow users to specify how the client is going to perform authentication with the token endpoint. Values are none, client_secret_post and client_secret_basic. The none option is introduced for native applications which can’t store secrets and use PKCE (see https://tools.ietf.org/html/rfc7636)

Martin Cabral

Martin Cabral

Engineer

Changed: Connections: Database

2016-04-06

Suppressed the error message in the change password flow in order to prevent user enumeration within the message. The API now returns HTTP 200.

Marcos Castany

Marcos Castany

Engineer

Fixed: Authentication API

2016-04-06

We included an extra validation in the /tokeninfo endpoint to verify that the account name in the URL matches the account for which the token was issued. Any call to the tokeninfo with a token from another account will return Unauthorized.

Sebastian Iacomuzzi

Sebastian Iacomuzzi

Engineer

Marcos Castany

Marcos Castany

Engineer

Deprecated: APIv2

2016-04-05

We deprecated the current_user_device_credentials scopes in the /api/v2/device-credentials endpoint for POST and DELETE methods. To use this endpoint we enabled Basic authentication with username and password from a database connection.

Sebastian Iacomuzzi

Sebastian Iacomuzzi

Engineer

Marcos Castany

Marcos Castany

Engineer

Added: Dashboard / Management API

2016-03-15

Users can now specify a list of URLs that are valid to redirect to after logging out from Auth0. The update can be done either from the Dashboard or using the Management API.

Hernán Tierno

Hernán Tierno

Engineer

Tomás Chernov

Tomás Chernov

Front End Developer

Cristian Douce

Cristian Douce

Engineer

Added: Enterprise Connections

2016-03-15

Added new ext_nested_groups option to waad connection strategy. When both ext_groups and ext_nested_groups are enabled we return all the groups that the user is a member of instead of only returning the ones that the user is direct member (for more information see this MSDN article)

Marcos Castany

Marcos Castany

Engineer

Added: Management API

2016-03-14

The device-credentials endpoint now supports basic authentication to perform GET, POST, and DELETE requests.

Sebastian Iacomuzzi

Sebastian Iacomuzzi

Engineer

Marcos Castany

Marcos Castany

Engineer

Added: Extensions Gallery

2016-03-11

Extensions Gallery updated!

This new version allows you to create your own extensions. extensions

Javier Centurion

Javier Centurion

Engineer

Victor Fernandez

Victor Fernandez

Lead Designer

Changed: Auth0 Lock v9

2016-03-01

The flow to reset a password has been updated.

In this new flow, users enter their username or email address and receive an email with instructions to choose a new password. The old flow which required users to enter their new password and then confirm the change via email is still available but has been deprecated: it is no longer available for new tenants and existing tenants are recommended to disable it.

Sebastian Iacomuzzi

Sebastian Iacomuzzi

Engineer

Gabriel Andretta

Gabriel Andretta

Engineer

Ricardo Rauch

Ricardo Rauch

Head of Design

Benjamín Flores

Benjamín Flores

User Interface Developer

Added: Extensions

2016-02-29

Extensions Gallery updated.

This new version gives users the possibility to search for an extension, easily check which ones are installed and access to more information about an extension before installing it. Also, includes new extensions such as Auth0 logs to Loggly, Auth0 logs to Azure blob storage, Auth0 logs to Application Insights, Auth0 AD/LDAP Connector Health Monitor and Auth0 Authentication API webhooks extensions

Javier Centurion

Javier Centurion

Engineer

Victor Fernandez

Victor Fernandez

Lead Designer

Added: Management API

2016-02-26

Users can query logs using the Management API v2.

You can use the new logs endpoints to query logs. This is the new recommended way to query logs. The API v1 logs endpoints will still be functional. See more info in the docs.

Hernán Tierno

Hernán Tierno

Engineer