Releases: auth0/node-auth0
Releases · auth0/node-auth0
Release list
v6.0.0
Important: v6.0.0 introduces breaking changes related to type correctness and API alignment.
Please review the v6 Migration Guide for detailed upgrade instructions.
💥 Breaking Changes
ConnectionAttributeIdentifier replaced with identifier-specific types
ConnectionAttributeIdentifierhas been removed and replaced with three separatetypes: EmailAttributeIdentifier,PhoneAttributeIdentifier, andUsernameAttributeIdentifier.- Each type now correctly scopes the allowed values for default_method to its attribute.
- These changes are not backward compatible - update any code that references
ConnectionAttributeIdentifier.
PhoneProviderProtectionBackoffStrategyEnum value change
- The None variant (
value: "none") has been renamed to Default (value: "default") to align with the updated Auth0 API. - Update any code using
PhoneProviderProtectionBackoffStrategyEnum.None or the string "none".
federatedConnectionsTokensets sub-client removed
client.users.federatedConnectionsTokensetsand its list() / delete() methods have been removed.- Remove any calls to this sub-client from your code.
federated_connections_access_tokens removed from connection options
- The
federated_connections_access_tokensfield has been removed from all connection option types (create and update) across OIDC, Azure AD, Google Apps, and other connection strategies. - Remove this field from any create or update payloads.
✨ Highlights
- Passwordless type correctness:
PhoneAttributeIdentifiernow properly supportsphone_otpas a validdefault_method, fixing a gap in DB connection passwordless configuration. - Custom token exchange: Suspicious IP throttling stage support added.
- Org role members and third-party client access management added.
- OIDC connection updates with improved type coverage.
- Node.js 26 is now supported.
- The Authentication API client is fully compatible - no breaking changes in 5.x auth code.
📘 Migration Guide: v6_MIGRATION_GUIDE.md
v5.13.0
Added
- feat: add phone provider protection, token vault access, and cross-app connection support #1359 (fern-api[bot])
Fixed
- fix: Refactor artifact path and version handling in RL Scanner action #1287 (amitsingh05667)
- fix: replace DOM globals and with inline types in models.ts #1323 (amitsingh05667)
v5.12.0
Added
- feat: add tenant security headers, minute-based session lifetimes, and OIDC session expiry #1351 (developerkunal)
Fixed
- fix: implement retry logic for socket hang up errors in HTTP requests #1341 (amitsingh05667)
v5.11.0
Added
- feat: add rate limit policies, group/org role management, and user effective roles/permissions #1348 (fern-api[bot])
v4.37.1
Security
- Chore: Bump uuid dependency to version 11.1.1 #1345
v5.10.0
Added
- feat: add passkey authentication methods, online access support, and improved error handling #1342 (fern-api[bot])
v5.9.1
Security
- UUID Package Dependency Update #1337 (fern-api[bot])
v5.9.0
Added
- feat: add events SSE streaming, bulk refresh token revocation, and query string builder #1331 (fern-api[bot])
v5.8.0
- Removed
invitation_landing_client_idandallowed_rolesfields fromClientMyOrganizationPatchConfiguration,ClientMyOrganizationPostConfiguration, andClientMyOrganizationResponseConfiguration#1328 (fern-api[bot])
Added
- Session Transfer Delegation: new
delegationproperty onClientSessionTransferConfigurationwithClientSessionTransferDelegationConfigurationinterface supportingallow_delegated_accessandenforce_device_bindingoptions #1328 (fern-api[bot]) - Self-Service SSO Ticket Features: new
enabled_featuresproperty onCreateSelfServiceProfileSsoTicketRequestContentwithSelfServiceProfileSsoTicketEnabledFeaturesinterface supportingsso,domain_verification, andprovisioningtoggles #1328 (fern-api[bot]) - Self-Service SSO Ticket Domain Aliases: new
pending_domainsfield onSelfServiceProfileSsoTicketDomainAliasesConfig#1328 (fern-api[bot])
Changed
- Updated JSDoc descriptions for
default_forfield across Client Grant response types andCreateClientGrantRequestContent#1328 (fern-api[bot])
v5.7.0
Added
- feat: add third-party client security, synchronized groups, and new event stream types #1326 (fern-api[bot])