We are actively migrating customers to new behaviors for all deprecations listed below. Please review these carefully to ensure you've taken any necessary steps to avoid service disruption. You can also search tenant logs for any errors caused by using deprecated features. To learn more, read Search Logs for Deprecation Errors.
If you have any questions, visit the Migrations section of the Auth0 Community site or create a ticket in our Support Center. To learn more, you can also read Migration Process.
Opaque Access Token and Authorization Code Fixed Length
Deprecated: October 7, 2021
End of life: April 12, 2022
Beginning April 12, 2022, access token and authorization codes will be issued with varied lengths to support OAuth specification RFC6749 to avoid clients making assumptions about authorization code and access token values. Currently, the access token and authorization code sizes are fixed. The current size of the authorization code is shorter than what some security practitioners recommend. Through this change, Auth0 provides a stronger code and token while also improving the performance of Auth0 systems.
Customers with systems configured to rely on specific-sized authorization code and access token length must change from fixed-sized to variable-sized configurations before April 12, 2022.
Node.js v8 Extensibility Runtime End of Life
Deprecated: 15 April 2020
End of life: 25 February 2022
Beginning 13 December 2019, Node.js v8 was no longer under long-term support (LTS). This means that critical security fixes were no longer back-ported to this version. Customers who are still on Node 8 are out of security compliance and must migrate to Node 12 to eliminate security risks. To learn more about how to migrate your tenant-level Node version from 8 to 12, read Migrate from Node.js 8 to Node.js 12.
Because Node.js v12 is also going out of LTS in 2022, we also highly encourage all customers using Rules and Hooks to migrate to Actions using Node 16 as soon as possible, and before Node 12 support expires formally from the Node.js community on 30 April 2022. To learn more about required migration steps, read Migrate Rules and Hooks to Actions.
Private Cloud Custom Domain Deprecation
Deprecated: 17 June 2021
End of life: 20 December 2021
To achieve consistency across all Auth0 deployments and focus on enhancing the Auth0 Custom Domain feature, we are discontinuing the Private Cloud Custom Domain capability on December 20, 2021. Consistency enables us to enhance the feature and fix reliability issues faster, improving operational efficiency and enabling customers to get value out of custom domains more quickly. To learn more about migration to Auth0 Custom Domains, read Migrate Private Cloud Custom Domains.
Logout Redirect Validation
Deprecated: 25 May 2021
End of life: 01 December 2021
On 01 December 2021, the logout behavior will change to always redirect users to the URI passed to the Auth0 logout APIs instead of using the returnTo query parameter passed by Identity Providers to /login/callback during the execution of the logout. If Auth0 does not have a record of a preceding call to one of these APIs, logout will complete, but redirection will not occur and an error page will be displayed to end users. To learn more, read Logout Redirects Migration Guide.
Legacy Network Edge Deprecation
Deprecated: 05 May 2021 (Public Cloud)
End of life: 03 November 2021 (Public Cloud)
Auth0 legacy network edge will cease to function on Public Cloud. After 03 November 2021, Public Cloud tenants who have not completed a migration to the new Auth0 network edge will no longer receive traffic. All new custom domains are automatically created on the new network edge.
Application Admin Dashboard Role deprecation
Deprecated: 01 February 2021
End of life: 30 September 2021 (Public Cloud), September 2021 (Private Cloud monthly release)
Auth0 is changing the role-based access control to the Dashboard. The Application Administrator role as defined today is being deprecated. After 01 February 2021, administrators won't be able to invite members with the deprecated Application Administrator role. Existing application-specific administrators will continue to be able to use the Dashboard with the existing permission set until the end of life date.
A new set of Dashboard roles is available for improved and more secure collaboration among team members, including viewer and editor roles with limited access. A new Editor - Specific Apps role replaces the previous Application Administrator role for subscription plans where editor roles are supported.
Your tenants will be affected by this deprecation if the following criteria are met:
Created before 01 February 2021
Have at least one tenant member with the Application Admin role
Haven't opted-in to the Dashboard roles feature preview
Beginning on 01 February 2021, Auth0 will display a migration toggle to help you prepare for this change. To learn more, read Migrate to Manage Dashboard New Roles.
Unpaginated Management API v2 Request deprecation
Deprecated: 21 July 2020 (Public Cloud)
End of life: 26 January 2021 (Public Cloud)
After 26 January 2021, requests to the following Management API v2 endpoints will return a maximum of 50 items for Public Cloud tenants. To retrieve more items, you must include page and per_page parameters. Beginning on 21 July 2020, Auth0 will display tenant logs and a migration toggle to help you prepare for this change.
GET /api/v2/device-crecentialstypequery parameter is used)
All Public Cloud tenants are affected that are created before 21 July 2020 and are actively calling affected endpoints without passing the per_page parameter for queries that can return more than 1 result. Tenants are not affected if they are created after 21 July 2020, are not using the affected endpoints, are using the affected endpoints and passing the per_page parameter, or are making queries that always return only 1 result. To learn more, read Migrate to Management API v2 Endpoint Paginated Queries.