Beginning April 30, 2018, Node.js v4 will be going out of long-term support (LTS), which means that the Node.js development team will no longer be back-porting critical security fixes to this version and this could expose your extensibility code to security vulnerabilities.
As such, Auth0 will be migrating from Node 4 to Node 8.
We will NOT be shutting down the Node 4 runtime after the April 30 LTS deadline. Your extensibility code will continue to run on Node 4, if you choose not to upgrade to Node 8 at this time. After April 30, you will assume the risk of potential security issues if you choose to continue with Node 4.
In this document, we:
- Provide recommendations on how you can ensure a smooth migration for your environment
- Detail the specific modules effected
Summary of the migration
The Webtask runtime powering the following Auth0 features utilize Node 4:
- Custom database connections
- Custom social connections
If you do not use any of the extensibility features mentioned above, you are not affected by this migration. Additionally, your tenant will automatically be upgraded to use the Node 8 runtime on April 30, 2018. This will ensure that any future extensibility code you author will be running on a secure runtime.
Due to the end of long-term support (LTS) for Node 4, we will be migrating the Webtask runtime to use Node 8. As part of this migration, the Auth0 development team has performed extensive testing to detect any breaking changes proactively.
However, there may be behavioral changes as a result of this migration. As such, we have provided a migration switch that allows you to control the migration of your environment to the new Webtask runtime using Node 8.
- 2018 April 17: The Webtask runtime using Node 8 becomes available to Auth0 customers
- 2018 April 23: All official Auth0 Extensions will be updated to run on Node 8 and available for you to upgrade in the Installed Extensions tab of the Extensions page
- 2018 April 30: Node 4 is no longer under long-term support (LTS)
- 2018 April 30: Tenants with NO Extensibility code will be automatically be upgraded to use Node 8
How to enable the Node 8 runtime
Node 8 can be enabled through the new Extensibility panel on the Advanced Tenant Settings page of the Dashboard.
How to ensure a stable migration
As part of the process of introducing Node 8 in our Webtask runtime, we ran a number of tests to determine which modules are not forward-compatible from Node 4 to 8. Most customers should be able to upgrade to Node 8 without any issues.
With that said, before you migrate, we highly recommend testing all of your:
- Custom Database Connections/Scripts
- Custom Social Connections
Furthermore, we recommend that the testing be done in your development tenant and migrating your production tenant only if you see no issues in development.
You can query the Management API for your Rules, Custom Database scripts, and Custom Social Connections. This will make it easier for you to move items from your production tenant to development tenant for testing purposes.
When using the
/connections endpoints in the Management API, Custom Database Scripts can be retrieved or updated using
Similarly, you can find Custom Social Connections in
You will need to manually copy over any Hooks-related code that you use since they cannot be accessed via the Management API.
We have created a migration assistant to help ease the copying of code between production and development tenants.
Please be sure to test each script individually with its associated Try button. You may, however, test all rules simultaneously with the Try All Rules With button.
In addition, test logging in using the development tenant to ensure that all of the following items that you have set up work as expected:
- Database Connections
- Custom Social Connections
If you are using the following built-in modules (that is, modules that you did not explicitly require), please be aware that some versions were updated to work with Node 8. The following table summarizes the changes.
|Module name||Old version||New version|
|jsonwebtoken||~0.4.1^*||~7.4.1 (w/ compatibility shim)|
^* These versions are no longer supported due to incompatibility with Node 8.
If you have manually pinned modules, you may need to manually update them so that your code runs with Node 8.
For example, you must change
var mysql = require(‘firstname.lastname@example.org’);
var mysql = require(‘mysql’);
or, if the module must be pinned to a specific version:
var mysql = require(‘email@example.com’);
Behavioral and syntactic changes
Some of the behavioral and syntactic changes in modules were not forward-compatible with Node 8.
For example, the default encoding of the
crypto module was changed from
utf8, and the use of
new Buffer() has been deprecated in favor of
To ensure that your Auth0 implementation functions as intended, please be sure to migrate to the Node 8 runtime before April 30 2018.