Migrating to Auth0.js v9
Auth0.js v9 has been improved to work better in embedded login scenarios. It operates with enhanced security and removes dependencies that have been deprecated as per Auth0's roadmap. In some cases, these security enhancements may impact application behavior when upgrading from an earlier versions of auth0.js.
Should I migrate to v9?
Auth0.js can be used to implement authentication in different ways:
In your application, to trigger centralized login, using the
.authorize()method, where the user is redirected from your website to an Auth0's Hosted Login Page.
In your application, to implement embedded login, using the
client.loginWithCredentials()methods, where the login dialog is displayed in the application's website.
In the Hosted Login Page, where you can use the same methods as in embedded login but from inside a customized Auth0's Hosted Login Page. Most customers don't customize Auth0 Hosted Login Page with auth0.js, so you probably don't need to worry about this scenario.
Migration to v9 will depend on how you are using auth0.js:
|Scenario||Migration to v9|
|In your application, to trigger centralized login||Required (*)|
|In your application, to implement embedded login||Required|
|In a customized hosted page||Not Supported|
(*) There a certain usage patterns with centralized login and auth0.js v8 that don't require migration. However, given that for those scenarios just updating the library version will work, we recommend that you always migrate to v9.
The documents below describe all the changes that you should be aware of when migrating from different versions of auth0.js to v9. Make sure you go through them before upgrading.