Migrating to Lock v11
Lock v11 operates with enhanced security and removes dependencies that have been deprecated as per Auth0's roadmap. In some cases, these security enhancements may impact application behavior when upgrading from an earlier version of Lock.
Should I migrate to v11?
Everyone should migrate to v11. All previous versions are deprecated, and the Legacy Lock API was disabled on July 16, 2018. For applications that use Lock within an Auth0 login page, this migration is recommended; for applications with Lock embedded within them, this migration is mandatory.
Legacy Lock API Removed from Service
Previously, deprecated Lock versions were planned to be removed from service on April 1, 2018. However, the Removal of Service date was extended to July 16, 2018 due to a mitigation of the risks posed by deprecated versions.
As of the week of July 16, 2018, the Legacy Lock API will be disabled. This is a soft removal, so you will have a brief grace period during which you can temporarily re-enable the feature in order to make any necessary changes. See the soft removal announcement for more details.
The documents below describe all the changes that you should be aware of when migrating from different versions of Lock. Make sure you go through the relevant guide(s) before upgrading.
- Migrating from the lock-passwordless widget
- Migrating from Lock v10
- Migrating from Lock v10 in Angular 1.x Applications
- Migrating from Lock v10 in Angular 2+ Applications
- Migrating from Lock v10 in React Applications
- Migrating from Lock v10 in Cordova Applications
- Migrating from Lock v9
- Migrating from Lock v9 in Angular 1.x Applications
- Migrating from Lock v8
- Migrating from Lock v8 in Angular 1.x Applications
Disabling legacy Lock API
After completing the migration to the latest versions, make sure that you turn off the Legacy Lock API toggle in the Dashboard. This will make your Auth0 tenant behave as if the legacy API is no longer available. Starting on July 16, 2018, this option will be forcibly disabled, so it is recommended you opt-in before that time to verify that your configuration will work correctly.
You can find the setting in the Advanced section of Tenant Settings.
Lock takes long to display the login options
If Lock takes a lot of time to display the login options, it could be because the Allowed Web Origins property is not correctly set.
The specified redirect_uri 'https://YOUR_APP_URL' does not have a registered domain.
I upgraded but I still get deprecation warnings in the logs
You have already migrated to Lock 11 but you still see this error in your logs:
Legacy Lock API: This feature is being deprecated. Please refer to our documentation to learn how to migrate your application.
These deprecation notices most likely originate from a user visiting the Universal Login page directly without initiating the authentication flow from your app. This can happen if a user bookmarks the login page directly. If this happens after July 16, 2018 the user will not be able to log in.
Check out the Deprecation Error Reference for more information on deprecation related errors.