Auth0 Changelog

We’re thrilled to announce that Auth0 now supports Universal Logout integration with Okta Workforce Identity Cloud!

Okta Universal Logout is based on the Global Token Revocation specification and allows security incident management tools Okta Identity Threat Protection to send back-channel requests to revoke users' sessions and refresh tokens when they identify a change in risk.

With this feature, Auth0 customers federating with Okta Workforce Identity using the Okta, SAML, or OpenID Connect connection types no longer need to build a global token revocation endpoint. Instead, with minimal configuration required, they can provide the Okta admin with Auth0’s connection-specific endpoint URL.

This integration provides security benefits for apps that depend on refresh tokens and Auth0 sessions, as both are revoked when Auth0 receives a Universal Logout request for a user. This integration can also trigger Auth0's OIDC back-channel logout feature to terminate custom application sessions.

To learn more about Universal Logout support in Auth0, click here.

This feature will be rolled out to all public cloud environments over the next few days and to private cloud environments as per their release pipeline.

Customers now have Enhanced Rate Limit Reporting via Logs, including:

• Increased Rate Limit Log (api_limit) Publishing Frequency: receive 1X per minute notifications indicating when you have exhausted a rate limit.
• New Rate Limit Warning Log (api_limit_warning): receive 1X per minutes notifiactions indicating when you have exhuasted 80% of your rate limit request token allocation.
• Enhanced Logs Schema: additional attributes of HTTP path and method and bucket size will be included to allow for easier mapping between Logs and API Rate Limit Configuration Docs. https://auth0.com/docs/troubleshoot/customer-support/operational-policies/rate-limit-policy/rate-limit-configurations

We are excited to introduce the Per-Module Authorization feature. This enables large organizations to securely share authorization models by specifying which application credentials can update data for specific modules.

Teams that are responsible for their own separate services can now limit access to modification of authorization data on a per-module basis. Last year, we released Modular Models, where a single model could be separated into modules across multiple files, allowing teams to use features in their source code management platforms (such as GitHub’s CODEOWNERS feature) to enforce access on who can modify parts of a model.

Per-Module Authorization builds on top of that work to further define permissions for applications. Workflows can be implemented where different teams maintain their portion of an FGA model independently and also ensure that the services and applications owned by the respective teams can only modify their own authorization data.

For more details, refer to Okta FGA’s documentation on how to grant client credentials access to only specific modules.

We’re thrilled to announce that Auth0 now supports Universal Logout integration with Okta Workforce Identity Cloud!

Okta Universal Logout is based on the Global Token Revocation specification and allows security incident management tools Okta Identity Threat Protection to send back-channel requests to revoke users' sessions and refresh tokens when they identify a change in risk.

With this feature, Auth0 customers federating with Okta Workforce Identity using the Okta, SAML, or OpenID Connect connection types no longer need to build a global token revocation endpoint. Instead, with minimal configuration required, they can provide the Okta admin with Auth0’s connection-specific endpoint URL.

This integration provides security benefits for apps that depend on refresh tokens and Auth0 sessions, as both are revoked when Auth0 receives a Universal Logout request for a user. This integration can also trigger Auth0's OIDC back-channel logout feature to terminate custom application sessions.

To learn more about Universal Logout support in Auth0, click here.

This feature will be rolled out to all public cloud environments over the next few days and to private cloud environments as per their release pipeline.

Customers now have Enhanced Rate Limit Reporting via Logs, including:

• Increased Rate Limit Log (api_limit) Publishing Frequency: receive 1X per minute notifications indicating when you have exhausted a rate limit.
• New Rate Limit Warning Log (api_limit_warning): receive 1X per minutes notifiactions indicating when you have exhuasted 80% of your rate limit request token allocation.
• Enhanced Logs Schema: additional attributes of HTTP path and method and bucket size will be included to allow for easier mapping between Logs and API Rate Limit Configuration Docs. https://auth0.com/docs/troubleshoot/customer-support/operational-policies/rate-limit-policy/rate-limit-configurations

We are excited to introduce the Per-Module Authorization feature. This enables large organizations to securely share authorization models by specifying which application credentials can update data for specific modules.

Teams that are responsible for their own separate services can now limit access to modification of authorization data on a per-module basis. Last year, we released Modular Models, where a single model could be separated into modules across multiple files, allowing teams to use features in their source code management platforms (such as GitHub’s CODEOWNERS feature) to enforce access on who can modify parts of a model.

Per-Module Authorization builds on top of that work to further define permissions for applications. Workflows can be implemented where different teams maintain their portion of an FGA model independently and also ensure that the services and applications owned by the respective teams can only modify their own authorization data.

For more details, refer to Okta FGA’s documentation on how to grant client credentials access to only specific modules.

We’re thrilled to announce that Auth0 now supports Universal Logout integration with Okta Workforce Identity Cloud!

Okta Universal Logout is based on the Global Token Revocation specification and allows security incident management tools Okta Identity Threat Protection to send back-channel requests to revoke users' sessions and refresh tokens when they identify a change in risk.

With this feature, Auth0 customers federating with Okta Workforce Identity using the Okta, SAML, or OpenID Connect connection types no longer need to build a global token revocation endpoint. Instead, with minimal configuration required, they can provide the Okta admin with Auth0’s connection-specific endpoint URL.

This integration provides security benefits for apps that depend on refresh tokens and Auth0 sessions, as both are revoked when Auth0 receives a Universal Logout request for a user. This integration can also trigger Auth0's OIDC back-channel logout feature to terminate custom application sessions.

To learn more about Universal Logout support in Auth0, click here.

This feature will be rolled out to all public cloud environments over the next few days and to private cloud environments as per their release pipeline.

We are excited to introduce the Per-Module Authorization feature. This enables large organizations to securely share authorization models by specifying which application credentials can update data for specific modules.

Teams that are responsible for their own separate services can now limit access to modification of authorization data on a per-module basis. Last year, we released Modular Models, where a single model could be separated into modules across multiple files, allowing teams to use features in their source code management platforms (such as GitHub’s CODEOWNERS feature) to enforce access on who can modify parts of a model.

Per-Module Authorization builds on top of that work to further define permissions for applications. Workflows can be implemented where different teams maintain their portion of an FGA model independently and also ensure that the services and applications owned by the respective teams can only modify their own authorization data.

For more details, refer to Okta FGA’s documentation on how to grant client credentials access to only specific modules.

We’re thrilled to announce that Auth0 now supports Universal Logout integration with Okta Workforce Identity Cloud!

Okta Universal Logout is based on the Global Token Revocation specification and allows security incident management tools Okta Identity Threat Protection to send back-channel requests to revoke users' sessions and refresh tokens when they identify a change in risk.

With this feature, Auth0 customers federating with Okta Workforce Identity using the Okta, SAML, or OpenID Connect connection types no longer need to build a global token revocation endpoint. Instead, with minimal configuration required, they can provide the Okta admin with Auth0’s connection-specific endpoint URL.

This integration provides security benefits for apps that depend on refresh tokens and Auth0 sessions, as both are revoked when Auth0 receives a Universal Logout request for a user. This integration can also trigger Auth0's OIDC back-channel logout feature to terminate custom application sessions.

To learn more about Universal Logout support in Auth0, click here.

This feature will be rolled out to all public cloud environments over the next few days and to private cloud environments as per their release pipeline.

Customers now have Enhanced Rate Limit Reporting via Logs, including:

• Increased Rate Limit Log (api_limit) Publishing Frequency: receive 1X per minute notifications indicating when you have exhausted a rate limit.
• New Rate Limit Warning Log (api_limit_warning): receive 1X per minutes notifiactions indicating when you have exhuasted 80% of your rate limit request token allocation.
• Enhanced Logs Schema: additional attributes of HTTP path and method and bucket size will be included to allow for easier mapping between Logs and API Rate Limit Configuration Docs. https://auth0.com/docs/troubleshoot/customer-support/operational-policies/rate-limit-policy/rate-limit-configurations

We are excited to introduce the Per-Module Authorization feature. This enables large organizations to securely share authorization models by specifying which application credentials can update data for specific modules.

Teams that are responsible for their own separate services can now limit access to modification of authorization data on a per-module basis. Last year, we released Modular Models, where a single model could be separated into modules across multiple files, allowing teams to use features in their source code management platforms (such as GitHub’s CODEOWNERS feature) to enforce access on who can modify parts of a model.

Per-Module Authorization builds on top of that work to further define permissions for applications. Workflows can be implemented where different teams maintain their portion of an FGA model independently and also ensure that the services and applications owned by the respective teams can only modify their own authorization data.

For more details, refer to Okta FGA’s documentation on how to grant client credentials access to only specific modules.

We’re thrilled to announce that Auth0 now supports Universal Logout integration with Okta Workforce Identity Cloud!

Okta Universal Logout is based on the Global Token Revocation specification and allows security incident management tools Okta Identity Threat Protection to send back-channel requests to revoke users' sessions and refresh tokens when they identify a change in risk.

With this feature, Auth0 customers federating with Okta Workforce Identity using the Okta, SAML, or OpenID Connect connection types no longer need to build a global token revocation endpoint. Instead, with minimal configuration required, they can provide the Okta admin with Auth0’s connection-specific endpoint URL.

This integration provides security benefits for apps that depend on refresh tokens and Auth0 sessions, as both are revoked when Auth0 receives a Universal Logout request for a user. This integration can also trigger Auth0's OIDC back-channel logout feature to terminate custom application sessions.

To learn more about Universal Logout support in Auth0, click here.

This feature will be rolled out to all public cloud environments over the next few days and to private cloud environments as per their release pipeline.

Customers now have Enhanced Rate Limit Reporting via Logs, including:

• Increased Rate Limit Log (api_limit) Publishing Frequency: receive 1X per minute notifications indicating when you have exhausted a rate limit.
• New Rate Limit Warning Log (api_limit_warning): receive 1X per minutes notifiactions indicating when you have exhuasted 80% of your rate limit request token allocation.
• Enhanced Logs Schema: additional attributes of HTTP path and method and bucket size will be included to allow for easier mapping between Logs and API Rate Limit Configuration Docs. https://auth0.com/docs/troubleshoot/customer-support/operational-policies/rate-limit-policy/rate-limit-configurations

We are excited to introduce the Per-Module Authorization feature. This enables large organizations to securely share authorization models by specifying which application credentials can update data for specific modules.

Teams that are responsible for their own separate services can now limit access to modification of authorization data on a per-module basis. Last year, we released Modular Models, where a single model could be separated into modules across multiple files, allowing teams to use features in their source code management platforms (such as GitHub’s CODEOWNERS feature) to enforce access on who can modify parts of a model.

Per-Module Authorization builds on top of that work to further define permissions for applications. Workflows can be implemented where different teams maintain their portion of an FGA model independently and also ensure that the services and applications owned by the respective teams can only modify their own authorization data.

For more details, refer to Okta FGA’s documentation on how to grant client credentials access to only specific modules.

We’re thrilled to announce that Auth0 now supports Universal Logout integration with Okta Workforce Identity Cloud!

Okta Universal Logout is based on the Global Token Revocation specification and allows security incident management tools Okta Identity Threat Protection to send back-channel requests to revoke users' sessions and refresh tokens when they identify a change in risk.

With this feature, Auth0 customers federating with Okta Workforce Identity using the Okta, SAML, or OpenID Connect connection types no longer need to build a global token revocation endpoint. Instead, with minimal configuration required, they can provide the Okta admin with Auth0’s connection-specific endpoint URL.

This integration provides security benefits for apps that depend on refresh tokens and Auth0 sessions, as both are revoked when Auth0 receives a Universal Logout request for a user. This integration can also trigger Auth0's OIDC back-channel logout feature to terminate custom application sessions.

To learn more about Universal Logout support in Auth0, click here.

This feature will be rolled out to all public cloud environments over the next few days and to private cloud environments as per their release pipeline.

Customers now have Enhanced Rate Limit Reporting via Logs, including:

• Increased Rate Limit Log (api_limit) Publishing Frequency: receive 1X per minute notifications indicating when you have exhausted a rate limit.
• New Rate Limit Warning Log (api_limit_warning): receive 1X per minutes notifiactions indicating when you have exhuasted 80% of your rate limit request token allocation.
• Enhanced Logs Schema: additional attributes of HTTP path and method and bucket size will be included to allow for easier mapping between Logs and API Rate Limit Configuration Docs. https://auth0.com/docs/troubleshoot/customer-support/operational-policies/rate-limit-policy/rate-limit-configurations

We are excited to introduce the Per-Module Authorization feature. This enables large organizations to securely share authorization models by specifying which application credentials can update data for specific modules.

Teams that are responsible for their own separate services can now limit access to modification of authorization data on a per-module basis. Last year, we released Modular Models, where a single model could be separated into modules across multiple files, allowing teams to use features in their source code management platforms (such as GitHub’s CODEOWNERS feature) to enforce access on who can modify parts of a model.

Per-Module Authorization builds on top of that work to further define permissions for applications. Workflows can be implemented where different teams maintain their portion of an FGA model independently and also ensure that the services and applications owned by the respective teams can only modify their own authorization data.

For more details, refer to Okta FGA’s documentation on how to grant client credentials access to only specific modules.

Customers now have Enhanced Rate Limit Reporting via Logs, including:

• Increased Rate Limit Log (api_limit) Publishing Frequency: receive 1X per minute notifications indicating when you have exhausted a rate limit.
• New Rate Limit Warning Log (api_limit_warning): receive 1X per minutes notifiactions indicating when you have exhuasted 80% of your rate limit request token allocation.
• Enhanced Logs Schema: additional attributes of HTTP path and method and bucket size will be included to allow for easier mapping between Logs and API Rate Limit Configuration Docs. https://auth0.com/docs/troubleshoot/customer-support/operational-policies/rate-limit-policy/rate-limit-configurations

We’re thrilled to announce that Auth0 now supports Universal Logout integration with Okta Workforce Identity Cloud!

Okta Universal Logout is based on the Global Token Revocation specification and allows security incident management tools Okta Identity Threat Protection to send back-channel requests to revoke users' sessions and refresh tokens when they identify a change in risk.

With this feature, Auth0 customers federating with Okta Workforce Identity using the Okta, SAML, or OpenID Connect connection types no longer need to build a global token revocation endpoint. Instead, with minimal configuration required, they can provide the Okta admin with Auth0’s connection-specific endpoint URL.

This integration provides security benefits for apps that depend on refresh tokens and Auth0 sessions, as both are revoked when Auth0 receives a Universal Logout request for a user. This integration can also trigger Auth0's OIDC back-channel logout feature to terminate custom application sessions.

To learn more about Universal Logout support in Auth0, click here.

This feature will be rolled out to all public cloud environments over the next few days and to private cloud environments as per their release pipeline.

We are excited to announce the next major version of Next.js SDK. With the introduction of nextjs-auth0 v4, we now support Next.js 15 and React 19, allowing developers to leverage the latest features and improvements in both frameworks. This compatibility not only enhances the development experience but also ensures that applications can take full advantage of performance optimizations. This updated SDK features a simplified architecture and is edge-compatible by default, enhancing performance and flexibility for developers.

What’s new:

• Middleware-Based Authentication: Improved compatibility and reduced maintenance by moving to middleware-based handlers.
• Enhanced Security: Switched to encrypted cookies and removed outdated cookie logic.
• Resolved State Mismatch Issues: Fixed long-standing issues reported by the community.
• Improved Session Management: Implemented rolling sessions and eliminated cookie chunking.
• Improved Hooks and Helpers: Introduced useUser(), getAccessToken(), and getSession() for easier data fetching and session handling.
• Stateful Sessions with Custom Databases: Support for "Bring Your Own Database" (BYODB).
• Compatibility with Next.js 15, Turbopack, and React 19
• Simplified architecture, API, and configuration options

Learn More:

• Quickstart
• Migration Guide