Deprecations and Migrations
We are actively migrating customers to new behaviors for all deprecations listed below. Please review these carefully to ensure you've taken any necessary steps to avoid service disruption. You can also search tenant logs for any errors caused by using deprecated features. To learn more, read Search Logs for Deprecation Errors.
If you have any questions, visit the Community or create a ticket in our Support Center. To learn more, you can also read Migration Process.
New Management API Scopes Required for Connection Options
Deprecated: October 24, 2024
End of life: April 24, 2025
Requests to the following Management API endpoints will require the read:connections_options
scope to view the options
field:
Requests to the following Management API endpoints will require the update:connections_options
to modify the options
field:
Protected Properties in Non-Custom Social Connections
Deprecated: July 30, 2024
End of life: January 31, 2025
Management API endpoints for connections (GET
, POST
, and PATCH
) will no longer allow retrieving or setting values for the following protected properties in the context of the options
object for non-custom social connections:
authorizationURL
tokenURL
userInfoUrl
baseUrl
userAuthorizationURL
grant_type
Non-custom social connections refer to any social connection whose implementation logic is controlled entirely within the Auth0 service itself. This category excludes any connections explicitly created as custom social connectors or those available as Marketplace integrations that rely on custom social connection functionality.
Always Use HTTPS for Communication with Auth0
Deprecated: September 4, 2024
End of life: October 4, 2024
Starting October 4, 2024, Auth0 will no longer automatically redirect API requests using unencrypted HTTP to secure HTTPS and will respond with an error. To avoid any disruption in service, update any HTTP URLs you use or publish to use HTTPS instead.
Management API Transition: Updating Roles Assignment to Require Create Scope
Deprecated: March 7, 2024
End of life: September 10, 2024
Auth0 by Okta is updating the Management API scopes for the User-Roles endpoint (POST /api/v2/users/{id}/roles
) to represent their intended permissions. Currently, roles can be assigned to users with read:roles
scope via the Management API. This capability is being deprecated, and role updates will require the create:role_members
scope.
Update Applications that use Cross-Origin Authentication
Deprecated: April 25, 2024
End of life: October 10, 2024
New applications created in Auth0 will have cross-origin authentication disabled by default. Calls to some Management API endpoints (Get Clients, Get Client by ID) will need to be modified to use cross_origin_authentication
.
Rules and Hooks Deprecations
Deprecated: May 16, 2023
Read-only transition: November 18, 2024
End-of-life: TBA
On November 18, 2024, active Rules and Hooks will continue to execute, but will degrade to read-only mode. Auth0 has delayed the removal of Rules and Hooks functionality to a future date.
Read-only Rules and Hooks can be turned on and off and their respective configuration values or secrets can be modified, but their source code cannot be edited via the Dashboard or Management API, including CI/CD tooling like Terraform and Auth0 Deploy CLI.
If you will be unable to migrate to Actions ahead of the read-only transition, ensure that any automated CI/CD flow you have configured to deploy tenant configuration changes does not attempt to perform unsupported management operations on Rules and Hooks.
For more information, read Migrate from Rules to Actions and Migrate from Hooks to Actions.
Deprecate opt-in to WCAG 2.2 AA Compliant UI for Universal Login
Deprecated: August 23, 2024
End of Life: February 23, 2025
On February 23rd, 2025, Auth0 will remove the ability to use the legacy, non-compliant UI for Universal Login. The new WCAG compliant version ensures that end users, including those who rely on assistive technology, can access and engage with a customer’s product or service. Read our Universal Login Accessibility documentation for more information.