Deprecations and Migrations
We are actively migrating customers to new behaviors for all deprecations listed below. Please review these carefully to ensure you've taken any necessary steps to avoid service disruption. You can also search tenant logs for any errors caused by using deprecated features. To learn more, read Search Logs for Deprecation Errors.
If you have any questions, visit the Migrations section of the Auth0 Community site or create a ticket in our Support Center. To learn more, you can also read Migration Process.
Checkpoint Pagination on Get Role Users Endpoint
Deprecated: November 9, 2022
End of life: May 9, 2023
To improve performance, the Get Role Users Management API endpoint will only return greater than 1,000 total results if the checkpoint pagination method is used. This pagination method is optimized to support large quantities of results. The offset pagination method will be capped at 1,000 results.
For implementation details for the two pagination methods, read the Management API documentation for the Get Role Users endpoint.
Legacy Custom Claims
Deprecated: July 28, 2022 (Public Cloud), August 31, 2022 (Private Cloud)
End of life: January 30, 2023 (Public Cloud), April 18, 2023 (Private Cloud)
Beginning January 30, 2023 in Public Cloud and April 18, 2023 in Private Cloud, Auth0 will allow the addition of non-namespaced custom claims to JWT tokens using Auth0 Actions and in responses from the Authentication API /userinfo
endpoint. Previously, Auth0 allowed namespaced claims on access and ID tokens via extensibility code (Rules / Hooks / Actions). The migration to custom claims allows private, non-namespaced custom claims and OIDC user profile claims to be added to access tokens; ID tokens currently support user profile claims and will additionally support private, non-namespaced custom claims. These claims will also be added to the Auth0 /userinfo
response. To begin migration, read the Custom Claims Migration Guide.
With the addition of non-namespaced, private claims, Auth0 is enforcing the following restrictions that could potentially affect your tenant:
Auth0 will restrict the custom claims payload to a maximum of 100KB.
Auth0 will restrict the customization/modification of OPENID standard claims or claims used internally by Auth0.
In the future, Auth0 may restrict the use of other claims not included in the above list. In those cases, customers will be notified with a reasonable time to migrate.
Auth0 will restrict the creation of private, non-namespaced custom claims on access tokens with an Auth0 audience, excluding the /userinfo endpoint.
Only specified OIDC user profile claims can be added to access tokens.
Auth0 will restrict creating a custom claim starting with a $ character.
To learn more about custom claims, review Create Custom Claims.
Legacy Private Cloud Platform
Deprecated: June 13, 2022
End of life: January 31, 2023
We’re making improvements to the underlying infrastructure that supports Auth0 Private Cloud by introducing a modern Kubernetes-based technology stack, as well as database upgrades. We are currently working with all Auth0 Private Cloud customers to schedule the upgrade of their private cloud deployment to the new infrastructure stack during the course of this year, and will be discontinuing the older stack by January 31, 2023.
In addition, 2205 (May 2022 release) is the last official release for the legacy Private Cloud platform. Any bugs or security vulnerabilities will be assessed and addressed in patch releases as necessary. Prior to upgrading to the new infrastructure stack, environments will need to be updated to the minimum compatible version to support the upgrade efforts.
Please reach out to your Technical Account Manager with any questions.
Tenant Hostname Validation
Deprecated: December 9, 2021 and December, 2021 (Private Cloud Release 2112.2)
End of life: June 9, 2022 and September 9, 2022 (Private Cloud)
As of June 9, 2022 in Public Cloud and September 9, 2022 in Private Cloud, Auth0 will increase the security of API calls by adding a validation step for tenant hostnames to the Authentication API’s identification process. When a call is made, the Authentication API will validate the entity identifier (eg: client_id
) of the requesting tenant as well as the tenant name in the URL domain. The tenant owning the identifier must be from the same tenant in the URL domain or the request will be rejected.
If your application or API calls any of the listed endpoints, you must configure your API calls to make sure the identifier of the requesting tenant and hostname are the same:
/oauth/token
/co/authenticate
/userinfo
/login
/oauth/revoke
/mfa/challenge
/p/<connection-type>/<ticket>
(Enterprise connection provisioning endpoint)
To learn more, read Tenant Hostname Validation Migration.
Opaque Access Token and Authorization Code Fixed Length
Deprecated: October 7, 2021 (Public Cloud), December 2021 (Private Cloud)
End of life: April 12, 2022 (Public Cloud), June 30, 2022 (Private Cloud)
Beginning April 12, 2022 in Public Cloud and with the December 2021 Private Cloud, access token and authorization codes will be issued with varied lengths to support OAuth specification RFC6749 to avoid clients making assumptions about authorization code and access token values. Currently, the access token and authorization code sizes are fixed. The current size of the authorization code is shorter than what some security practitioners recommend. Through this change, Auth0 provides a stronger code and token while also improving the performance of Auth0 systems.
Customers with systems configured to rely on specific-sized authorization code and access token length must change from fixed-sized to variable-sized configurations before April 12, 2022 in Public Cloud or the June 30, 2022 Private Cloud release.
Log Extensions
Deprecated: May 4th, 2022 (Public Cloud), June 9, 2022 (Private Cloud release 2205)
End of life: May 2nd, 2023 (Public Cloud), January 6, 2023 (Private Cloud)
Beginning November 2, 2023, in Public Cloud and January 6, 2023, in Private Cloud, the following Auth0 Log Extensions will be deprecated:
Auth0 Authentication API Webhooks
Auth0 Management API Webhooks
Logs to Cloudwatch
Logs to Logentries
Logs to Loggly
Logs to Logstash
Logs to Papertrail
Logs to Splunk
Logs to Sumo Logic
Deprecated: November 2nd, 2023 (Public Cloud)
End of life: May 2nd, 2023 (Public Cloud)
Beginning November 2, 2023, in Public Cloud, the following Auth0 Log Extensions will be deprecated:
Logs to Segment
Logs to Mixpanel
Logs to AppInsights
Logs to Azure Blob Storage
All the Log extensions listed above are now deprecated. You can set up equivalent functionality using log event streams or integrations on the Auth0 Marketplace. On November 2, 2022, Auth0 will no longer support the installed log extensions from the list above. On this page, you'll find instructions for migrating from specific log extensions.
For Private Cloud, the deprecation window will start with the 2205 release. On January 6, 2023, Auth0 will no longer support installed log extensions from the above list on Private Cloud.