releases.shpreview
Home/Auth0
Auth0

Auth0

$npx -y @buildinternet/releases show auth0
Mon
Wed
Fri
AprMayJunJulAugSepOctNovDecJanFebMarApr
Less
More
Releases219Avg Interval10hAvg Cadence72/mo
Auth0 ChangelogPrimaryDaily
219+
auth0.com/changelog
80+/week avgv202547 → v202614
Overview44 releases · updated Apr 16, 2026

Multi-Resource Refresh Tokens reached GA with Dashboard support and Client Grants enforcement. MRRT simplifies token management by allowing a single refresh token to obtain access tokens for multiple APIs across native and web platforms. The visual refresh token policy editor in the Dashboard lets operators add, remove, and modify audience/scope policies directly in Application settings without reverting to Management API calls. Client Grants enforcement now ensures MRRT respects existing authorization boundaries, preventing applications from requesting tokens for APIs they haven't been granted access to.

My Organization API and Embeddable UI Components entered Early Access, targeting B2B SaaS use cases that need delegated admin consoles. The system API enables secure, scoped management of organization details and identity providers; the component library provides white-label UI building blocks for self-service. Built-in support for DPoP tokens and automatic step-up authentication, plus per-organization rate limiting and tenant logs, handle governance and observability without custom infrastructure.

DPoP for Enterprise Connections is in Early Access, enabling Okta and OIDC connections to generate Demonstrating Proof of Possession proofs during token exchange and userinfo calls. This lightweight proof-of-possession mechanism supports FAPI2 and IPSIE compliance without mTLS overhead.

Akamai Supplemental Signals shipped as GA, integrating bot risk scores and edge intelligence from Akamai Bot Manager and Account Protector into four new Action pipeline triggers: Pre-User Registration, Post-User Registration, Post-Challenge, and Post-Change Password. Organizations can now block automated signups before account creation and enforce adaptive security during critical authentication moments.

Universal Login password reset CTA changed from "Forgot Password" to "Reset Password" across all supported languages. The shift emphasizes action-oriented language. Custom text can be restored via language customization in Branding > Universal Login > Edit text and translations.

Domain
auth0.com
Tracking Since
Sep 25, 2024
Accounts
auth0
Last fetched Apr 18, 2026
.json·.md·.atom