Deprecations and Migrations
We are actively migrating customers to new behaviors for all deprecations listed below. Please review these carefully to ensure you've taken any necessary steps to avoid service disruption. You can also search tenant logs for any errors caused by using deprecated features. For details, see Search Logs for Deprecation Errors.
Application Admin Dashboard Role deprecation
Deprecated: 01 February 2021
End of life: 30 September 2021 (Public Cloud), September 2021 (Private Cloud monthly release)
Auth0 is changing the role-based access control to the Dashboard. The Application Administrator role as defined today is being deprecated. After 01 February 2021, administrators won't be able to invite members with the deprecated Application Administrator role. Existing application-specific administrators will continue to be able to use the Dashboard with the existing permission set until the end of life date.
A new set of Dashboard roles is available for improved and more secure collaboration among team members, including viewer and editor roles with limited access. A new Editor - Specific Apps role replaces the previous Application Administrator role for subscription plans where editor roles are supported.
Your tenants will be affected by this deprecation if the following criteria are met:
Created before 01 February 2021
Have at least one tenant member with the Application Admin role
Haven't opted-in to the Dashboard roles feature preview
Beginning on 01 February 2021, Auth0 will display a migration toggle to help you prepare for this change. For details, see Migrate to Manage Dashboard New Roles.
Legacy TLS Deprecation
Deprecated: 19 January 2021
End of life:
Public Cloud: 10 May 2021
Private Cloud: June Private Cloud Release (v2106)
As of 10 May 2021 for Public Cloud and the June Private Cloud Release (v2106), the Auth0 network edge will no longer accept TLS 1.0 or TLS 1.1 traffic. These legacy protocols are insecure, with well-known weaknesses and vulnerabilities within the industry. For maximum security, all Auth0 clients must upgrade to TLS 1.2 or later. The exact details and steps required will vary, depending on your application. For further details, see Upgrade to TLS 1.2, what action to take? posted in the Auth0 Community.
Azure AD/ADFS email verification deprecation
Public Cloud: 18 November 2020
Private Cloud: 1 December 2020
End of life:
Public Cloud: 30 April 2021
Private Cloud: May Private Cloud Release (v2015)
Auth0 previously set the
email_verified field to true in Azure AD and ADFS connections. If you used Azure AD/ADFS connections before this deprecation date, you have a tenant setting that overrides the connection setting for email verification and keeps the previous behavior.
On 30 April 2021 in Public Cloud and the May Private Cloud Release (v2015), Auth0 begins using the connection-level property for all Azure AD/ADFS connections. You should make sure all your connections are configured properly before that date. For further details, see Email Verification for Azure AD and ADFS.
Device credential metadata without user_id deprecation
Deprecated: 31 August 2020
End of life: 17 December 2020
Auth0 now requires that you provide the
user_id when you use the
GET /api/v2/device-credentials endpoint. If your request does not provide a
user_id, it will return a 400 status code. Check the
depnote in your tenant logs to see if you are affected by this deprecation. See Check Deprecation Errors for details.
Auth0 has identified tenants affected by this deprecation and contacted the administrators for those tenants. If your tenant is currently making requests without a
user_id, you should make the change as soon as possible.
User Search v2 deprecation
Deprecated: 10 November 2018
End of life: 30 June 2019 (Public Cloud), May 2021 (Private Cloud monthly release)
For Public Cloud, User Search v2 was deprecated and you should have taken action before 30 June 2019. Notifications were sent to customers that need to complete this migration.
For Private Cloud, User Search v1 and v2 endpoints will be no longer be available after the May Private Cloud monthly release and have been replaced with the new User Search v3 endpoint.
Unpaginated Management API v2 Request deprecation
Deprecated: 21 July 2020 (Public Cloud)
End of life: 26 January 2021 (Public Cloud)
After 26 January 2021, requests to the following Management API v2 endpoints will return a maximum of 50 items for Public Cloud tenants. To retrieve more items, you must include
per_page parameters. Beginning on 21 July 2020, Auth0 will display tenant logs and a migration toggle to help you prepare for this change.
typequery parameter is used)
All Public Cloud tenants are affected that are created before 21 July 2020 and are actively calling affected endpoints without passing the
per_page parameter for queries that can return more than 1 result. Tenants are not affected if they are created after 21 July 2020, are not using the affected endpoints, are using the affected endpoints and passing the
per_page parameter, or are making queries that always return only 1 result. For details, see Migrate to Management API v2 Endpoint Paginated Queries.
Node.js v8 Extensibility Runtime deprecation
Deprecated: 15 April 2020
End of life: TBA
The Webtask engine powering Auth0 extensibility points currently uses Node 8. Beginning 13 December 2019, Node.js v8 was no longer under long-term support (LTS). This means that critical security fixes were no longer back-ported to this version. As such, Auth0 is migrating the Webtask runtime from Node.js v8 to Node.js v12. On 15 April 2020, we made the Node 12 runtime available for extensibility to all public cloud customers. You have been provided a migration switch that allows you to control your environment's migration to the new runtime environment. For details about required migration steps, see Extensibility and Node 12 Migration.
Resource Owner Password /oauth/ro deprecation
Deprecation: 08 July 2017
End of life: TBD
As of 08 July 2017 Auth0 has deprecated the
/oauth/ro endpoint for both password and passwordless connections. You can now implement the same functionality using the
/oauth/token endpoint. For details, see Resource Owner Password Flow Migration.
Deprecation: January 2018
End of life: January 2021
Auth0 has deprecated the use of the auth0-analytics.js library that adds Facebook and Google Analytics integration with Lock. It listens for events in Lock and passes them to the Auth0-tag-manager.js library. It may still function in some legacy cases. This library is no longer maintained. You may need to write custom code to use auth0-tag-manage.js to manage proxy requests to third-party analytics libraries such as Facebook, Twitter, and Google.
Passwordless Endpoint from Confidential Applications deprecation
Auth0 has deprecated the use of the
/passwordless/start endpoint from confidential applications when Auth0 cannot authenticate that the call is made on behalf of the application. For details, see Migrate to Passwordless Endpoint from Confidential Applications.