Deprecations and Migrations

We are actively migrating customers to new behaviors for all deprecations listed below. Please review these carefully to ensure you've taken any necessary steps to avoid service disruption. You can also search tenant logs for any errors caused by using deprecated features. To learn more, read Search Logs for Deprecation Errors.

If you have any questions, visit the Migrations section of the Auth0 Community site or create a ticket in our Support Center. To learn more, you can also read Migration Process.

Deprecated: December 7, 2023

End of life: February 5, 2024

Password reset and email verification links will no longer be logged to tenant logs. These links can be retrieved from the password reset or email verification Management API request response.

Reducing Maximum Expiration Time for Login Transactions

Deprecated: September 5, 2023 (Public Cloud), November 21, 2023 (Private Cloud)

End of life: February 21, 2024

With this change, we will enforce a maximum lifetime of 1 hour for redirection-based login flows. Login flows that take longer than 1 hour to complete will expire in both Universal and Classic Login. After expiration, subsequent actions from the end user’s browser (e.g. input email/password, redirect back to Actions/Rules, etc.) will result in either:

  • A redirect to the associated application’s default login route to reinitiate the flow as a new login transaction, or

  • An error page if the default login route is not configured.

Unregistered Scopes in Refresh Tokens Deprecation

Deprecated: July 12, 2023

End of life: January 17, 2024

We are improving scope evaluation during refresh token exchange to ensure that unregistered scopes cannot be requested. Custom scope values not registered against the aud or audience value (for an API registered in your tenant) are considered unregistered scopes.

With this change, the API scope evaluation will include any custom scopes requested during user authentication or injected through extensibility, such as Rules. This evaluation will validate that all scopes are registered, returning an error if any are not registered.

Rules and Hooks Deprecations

Deprecated: May 16, 2023

End of life: November 18, 2024 (note the longer-than-standard migration window of 18 months) 

Over the course of the next 18 months, we will be winding down support for Rules and Hooks in our products and navigating all customers to use Auth0 Actions as the main place for customization and extensibility. Rules and Hooks will continue to receive full maintenance support until end of life; however, no new functionality will be introduced.

If you are currently using Rules and/or Hooks, please make plans to migrate to Actions prior to the EOL date of November 18, 2024. Please see the resources below to aid in your migration planning.

Beginning on October 16, 2023, Rules and Hooks functionality will not be present in newly-created tenants. Any tenants created before this date will continue to have access to Rules and Hooks until the EOL date of November 18, 2024.

We recommend that you start building new extensibility use cases in Actions and, if you are able, start migrating your existing Rules and Hooks to Actions. To help aid you in your migration, please review the below documents:

Learn more