Skip to content

Releases: auth0/node-auth0

v6.0.0

Choose a tag to compare

@github-actions github-actions released this 15 Jul 15:12
a823058

Important: v6.0.0 introduces breaking changes related to type correctness and API alignment.
Please review the v6 Migration Guide for detailed upgrade instructions.

💥 Breaking Changes

ConnectionAttributeIdentifier replaced with identifier-specific types

  • ConnectionAttributeIdentifier has been removed and replaced with three separate types: EmailAttributeIdentifier, PhoneAttributeIdentifier, and UsernameAttributeIdentifier.
  • Each type now correctly scopes the allowed values for default_method to its attribute.
  • These changes are not backward compatible - update any code that references ConnectionAttributeIdentifier.

PhoneProviderProtectionBackoffStrategyEnum value change

  • The None variant (value: "none") has been renamed to Default (value: "default") to align with the updated Auth0 API.
  • Update any code using PhoneProviderProtectionBackoffStrategyEnum.None or the string "none".

federatedConnectionsTokensets sub-client removed

  • client.users.federatedConnectionsTokensets and its list() / delete() methods have been removed.
  • Remove any calls to this sub-client from your code.

federated_connections_access_tokens removed from connection options

  • The federated_connections_access_tokens field has been removed from all connection option types (create and update) across OIDC, Azure AD, Google Apps, and other connection strategies.
  • Remove this field from any create or update payloads.

✨ Highlights

  • Passwordless type correctness: PhoneAttributeIdentifier now properly supports phone_otp as a valid default_method, fixing a gap in DB connection passwordless configuration.
  • Custom token exchange: Suspicious IP throttling stage support added.
  • Org role members and third-party client access management added.
  • OIDC connection updates with improved type coverage.
  • Node.js 26 is now supported.
  • The Authentication API client is fully compatible - no breaking changes in 5.x auth code.

📘 Migration Guide: v6_MIGRATION_GUIDE.md

v5.13.0

Choose a tag to compare

@github-actions github-actions released this 24 Jun 08:15
df54749

Added

  • feat: add phone provider protection, token vault access, and cross-app connection support #1359 (fern-api[bot])

Fixed

v5.12.0

Choose a tag to compare

@github-actions github-actions released this 11 Jun 08:05
c3c7bb6

Added

  • feat: add tenant security headers, minute-based session lifetimes, and OIDC session expiry #1351 (developerkunal)

Fixed

v5.11.0

Choose a tag to compare

@github-actions github-actions released this 28 May 09:07
e23b4aa

Added

  • feat: add rate limit policies, group/org role management, and user effective roles/permissions #1348 (fern-api[bot])

v4.37.1

Choose a tag to compare

@github-actions github-actions released this 22 May 13:38
10785cb

Security

  • Chore: Bump uuid dependency to version 11.1.1 #1345

v5.10.0

Choose a tag to compare

@github-actions github-actions released this 13 May 08:08
7073592

Added

  • feat: add passkey authentication methods, online access support, and improved error handling #1342 (fern-api[bot])

v5.9.1

Choose a tag to compare

@github-actions github-actions released this 05 May 06:38
54c7b55

Security

v5.9.0

Choose a tag to compare

@github-actions github-actions released this 30 Apr 06:14
9aae2c8

Added

  • feat: add events SSE streaming, bulk refresh token revocation, and query string builder #1331 (fern-api[bot])

v5.8.0

Choose a tag to compare

@github-actions github-actions released this 22 Apr 06:39
76d9f3b

⚠️ BREAKING CHANGES

  • Removed invitation_landing_client_id and allowed_roles fields from ClientMyOrganizationPatchConfiguration, ClientMyOrganizationPostConfiguration, and ClientMyOrganizationResponseConfiguration #1328 (fern-api[bot])

Added

  • Session Transfer Delegation: new delegation property on ClientSessionTransferConfiguration with ClientSessionTransferDelegationConfiguration interface supporting allow_delegated_access and enforce_device_binding options #1328 (fern-api[bot])
  • Self-Service SSO Ticket Features: new enabled_features property on CreateSelfServiceProfileSsoTicketRequestContent with SelfServiceProfileSsoTicketEnabledFeatures interface supporting sso, domain_verification, and provisioning toggles #1328 (fern-api[bot])
  • Self-Service SSO Ticket Domain Aliases: new pending_domains field on SelfServiceProfileSsoTicketDomainAliasesConfig #1328 (fern-api[bot])

Changed

  • Updated JSDoc descriptions for default_for field across Client Grant response types and CreateClientGrantRequestContent #1328 (fern-api[bot])

v5.7.0

Choose a tag to compare

@github-actions github-actions released this 17 Apr 06:23
f3adbca

Added

  • feat: add third-party client security, synchronized groups, and new event stream types #1326 (fern-api[bot])