releases.shpreview
Auth0/Auth0 Changelog

Auth0 Changelog

$npx -y @buildinternet/releases show auth0-changelog
Mon
Wed
Fri
AprMayJunJulAugSepOctNovDecJanFebMarApr
Less
More
Releases224Avg69/moVersionsv202547 → v202614
Jul 31, 2025

Introducing a new capability for log streaming: PII Masking.

This feature allows customers to obfuscate (hash or mask) sensitive personal identifiable information (e.g., email address, phone number, username, etc.) within their log streams. This enhancement improves security and compliance for customers who stream their logs to data lakes or third-party tools.

Key Features:

  • Customizable PII Masking: Customers can select specific PII data to be masked in their log streams.
  • Enhanced Security and Compliance: This capability helps customers meet stricter compliance requirements by providing greater control over sensitive data in their logs.
  • Broad Applicability: PII masking will be available for both new and existing log streams.

This update aligns with Auth0's commitment to improving customer data security and providing more customization in log stream outputs

For more information - Log Streams

Introducing a new capability for log streaming: PII Masking.

This feature allows customers to obfuscate (hash or mask) sensitive personal identifiable information (e.g., email address, phone number, username, etc.) within their log streams. This enhancement improves security and compliance for customers who stream their logs to data lakes or third-party tools.

Key Features:

  • Customizable PII Masking: Customers can select specific PII data to be masked in their log streams.
  • Enhanced Security and Compliance: This capability helps customers meet stricter compliance requirements by providing greater control over sensitive data in their logs.
  • Broad Applicability: PII masking will be available for both new and existing log streams.

This update aligns with Auth0's commitment to improving customer data security and providing more customization in log stream outputs

For more information - Log Streams

Introducing a new capability for log streaming: PII Masking.

This feature allows customers to obfuscate (hash or mask) sensitive personal identifiable information (e.g., email address, phone number, username, etc.) within their log streams. This enhancement improves security and compliance for customers who stream their logs to data lakes or third-party tools.

Key Features:

  • Customizable PII Masking: Customers can select specific PII data to be masked in their log streams.
  • Enhanced Security and Compliance: This capability helps customers meet stricter compliance requirements by providing greater control over sensitive data in their logs.
  • Broad Applicability: PII masking will be available for both new and existing log streams.

This update aligns with Auth0's commitment to improving customer data security and providing more customization in log stream outputs

For more information - Log Streams

Jul 22, 2025

Auth0 is delighted to introduce Mexico as the latest AWS region for Private Cloud deployments.

This new region establishes our first Private Cloud presence in Mexico, directly addressing the needs of one of Latin America's largest and most dynamic digital economies. The addition of the Mexico region provides lower latency for customers throughout the country and helps meet local data residency and compliance requirements.

We remain committed to expanding our global footprint to serve our customers wherever they are in the world.

We’ve added support for Cascade Revocation in Native to Web SSO.

With this new capability, revoking the original refresh token used in a Native to Web flow will now automatically revoke all dependent web sessions and their issued refresh tokens.

This helps prevent stale or orphaned sessions and ensures that once the root token is no longer valid, all downstream access is properly revoked.

What’s new:

  • enable_cascade_revocation
    When enabled, revoking a native app’s refresh token also revokes all web sessions and refresh tokens created via session_transfer_token.

  • enable_online_refresh_tokens
    When enabled, refresh tokens issued during a Native to Web SSO flow are tied to the lifetime of their associated session (i.e., online tokens).

Default behavior:

Both of these settings are enabled by default, even when not explicitly configured.

This means:

  • All clients using Native to Web SSO today already benefit from cascade revocation.
  • Web-issued refresh tokens will automatically expire when their sessions expire.

You can manage or override these settings using the Auth0 Management API.

Why it matters:

This update provides stronger guarantees around token lifecycle and session integrity across platforms:

  • Prevents misuse of refresh tokens after logout or revocation
  • Reduces risk from long-lived sessions in embedded web views
  • Helps developers maintain a tighter, more secure cross-platform SSO experience

Learn more in our Native to Web SSO documentation

Auth0 is delighted to introduce Mexico as the latest AWS region for Private Cloud deployments.

This new region establishes our first Private Cloud presence in Mexico, directly addressing the needs of one of Latin America's largest and most dynamic digital economies. The addition of the Mexico region provides lower latency for customers throughout the country and helps meet local data residency and compliance requirements.

We remain committed to expanding our global footprint to serve our customers wherever they are in the world.

We’ve added support for Cascade Revocation in Native to Web SSO.

With this new capability, revoking the original refresh token used in a Native to Web flow will now automatically revoke all dependent web sessions and their issued refresh tokens.

This helps prevent stale or orphaned sessions and ensures that once the root token is no longer valid, all downstream access is properly revoked.

What’s new:

  • enable_cascade_revocation
    When enabled, revoking a native app’s refresh token also revokes all web sessions and refresh tokens created via session_transfer_token.

  • enable_online_refresh_tokens
    When enabled, refresh tokens issued during a Native to Web SSO flow are tied to the lifetime of their associated session (i.e., online tokens).

Default behavior:

Both of these settings are enabled by default, even when not explicitly configured.

This means:

  • All clients using Native to Web SSO today already benefit from cascade revocation.
  • Web-issued refresh tokens will automatically expire when their sessions expire.

You can manage or override these settings using the Auth0 Management API.

Why it matters:

This update provides stronger guarantees around token lifecycle and session integrity across platforms:

  • Prevents misuse of refresh tokens after logout or revocation
  • Reduces risk from long-lived sessions in embedded web views
  • Helps developers maintain a tighter, more secure cross-platform SSO experience

Learn more in our Native to Web SSO documentation

Auth0 is delighted to introduce Mexico as the latest AWS region for Private Cloud deployments.

This new region establishes our first Private Cloud presence in Mexico, directly addressing the needs of one of Latin America's largest and most dynamic digital economies. The addition of the Mexico region provides lower latency for customers throughout the country and helps meet local data residency and compliance requirements.

We remain committed to expanding our global footprint to serve our customers wherever they are in the world.

We’ve added support for Cascade Revocation in Native to Web SSO.

With this new capability, revoking the original refresh token used in a Native to Web flow will now automatically revoke all dependent web sessions and their issued refresh tokens.

This helps prevent stale or orphaned sessions and ensures that once the root token is no longer valid, all downstream access is properly revoked.

What’s new:

  • enable_cascade_revocation
    When enabled, revoking a native app’s refresh token also revokes all web sessions and refresh tokens created via session_transfer_token.

  • enable_online_refresh_tokens
    When enabled, refresh tokens issued during a Native to Web SSO flow are tied to the lifetime of their associated session (i.e., online tokens).

Default behavior:

Both of these settings are enabled by default, even when not explicitly configured.

This means:

  • All clients using Native to Web SSO today already benefit from cascade revocation.
  • Web-issued refresh tokens will automatically expire when their sessions expire.

You can manage or override these settings using the Auth0 Management API.

Why it matters:

This update provides stronger guarantees around token lifecycle and session integrity across platforms:

  • Prevents misuse of refresh tokens after logout or revocation
  • Reduces risk from long-lived sessions in embedded web views
  • Helps developers maintain a tighter, more secure cross-platform SSO experience

Learn more in our Native to Web SSO documentation

Auth0 is delighted to introduce Mexico as the latest AWS region for Private Cloud deployments.

This new region establishes our first Private Cloud presence in Mexico, directly addressing the needs of one of Latin America's largest and most dynamic digital economies. The addition of the Mexico region provides lower latency for customers throughout the country and helps meet local data residency and compliance requirements.

We remain committed to expanding our global footprint to serve our customers wherever they are in the world.

We’ve added support for Cascade Revocation in Native to Web SSO.

With this new capability, revoking the original refresh token used in a Native to Web flow will now automatically revoke all dependent web sessions and their issued refresh tokens.

This helps prevent stale or orphaned sessions and ensures that once the root token is no longer valid, all downstream access is properly revoked.

What’s new:

  • enable_cascade_revocation
    When enabled, revoking a native app’s refresh token also revokes all web sessions and refresh tokens created via session_transfer_token.

  • enable_online_refresh_tokens
    When enabled, refresh tokens issued during a Native to Web SSO flow are tied to the lifetime of their associated session (i.e., online tokens).

Default behavior:

Both of these settings are enabled by default, even when not explicitly configured.

This means:

  • All clients using Native to Web SSO today already benefit from cascade revocation.
  • Web-issued refresh tokens will automatically expire when their sessions expire.

You can manage or override these settings using the Auth0 Management API.

Why it matters:

This update provides stronger guarantees around token lifecycle and session integrity across platforms:

  • Prevents misuse of refresh tokens after logout or revocation
  • Reduces risk from long-lived sessions in embedded web views
  • Helps developers maintain a tighter, more secure cross-platform SSO experience

Learn more in our Native to Web SSO documentation

We’ve added support for Cascade Revocation in Native to Web SSO.

With this new capability, revoking the original refresh token used in a Native to Web flow will now automatically revoke all dependent web sessions and their issued refresh tokens.

This helps prevent stale or orphaned sessions and ensures that once the root token is no longer valid, all downstream access is properly revoked.

What’s new:

  • enable_cascade_revocation
    When enabled, revoking a native app’s refresh token also revokes all web sessions and refresh tokens created via session_transfer_token.

  • enable_online_refresh_tokens
    When enabled, refresh tokens issued during a Native to Web SSO flow are tied to the lifetime of their associated session (i.e., online tokens).

Default behavior:

Both of these settings are enabled by default, even when not explicitly configured.

This means:

  • All clients using Native to Web SSO today already benefit from cascade revocation.
  • Web-issued refresh tokens will automatically expire when their sessions expire.

You can manage or override these settings using the Auth0 Management API.

Why it matters:

This update provides stronger guarantees around token lifecycle and session integrity across platforms:

  • Prevents misuse of refresh tokens after logout or revocation
  • Reduces risk from long-lived sessions in embedded web views
  • Helps developers maintain a tighter, more secure cross-platform SSO experience

Learn more in our Native to Web SSO documentation

Auth0 is delighted to introduce Mexico as the latest AWS region for Private Cloud deployments.

This new region establishes our first Private Cloud presence in Mexico, directly addressing the needs of one of Latin America's largest and most dynamic digital economies. The addition of the Mexico region provides lower latency for customers throughout the country and helps meet local data residency and compliance requirements.

We remain committed to expanding our global footprint to serve our customers wherever they are in the world.

Jul 21, 2025

We are excited to introduce expanded passkey support for custom database connections! Now available without enabling import mode.

What’s New:

  • You can now enable passkey-based authentication for custom database connections without importing or trickle-migrating users into Auth0 (i.e., with import mode turned off).
  • End users can easily enroll in passkeys after their first successful login, requiring no prior passkey credentials in your external identity store.
  • Passkey credentials are securely stored in Auth0, while your external identity store continues to handle all other authentication logic.

This enhancement unlocks frictionless, passkey-based login experiences for enterprises that manage user credentials outside of Auth0 - without requiring user migration or changes to existing identity architecture.

To enable the Limited Early Access release in your Auth0 tenant, contact your Technical Account Manager to request access.

We are excited to introduce expanded passkey support for custom database connections! Now available without enabling import mode.

What’s New:

  • You can now enable passkey-based authentication for custom database connections without importing or trickle-migrating users into Auth0 (i.e., with import mode turned off).
  • End users can easily enroll in passkeys after their first successful login, requiring no prior passkey credentials in your external identity store.
  • Passkey credentials are securely stored in Auth0, while your external identity store continues to handle all other authentication logic.

This enhancement unlocks frictionless, passkey-based login experiences for enterprises that manage user credentials outside of Auth0 - without requiring user migration or changes to existing identity architecture.

To enable the Limited Early Access release in your Auth0 tenant, contact your Technical Account Manager to request access.

We are excited to introduce expanded passkey support for custom database connections! Now available without enabling import mode.

What’s New:

  • You can now enable passkey-based authentication for custom database connections without importing or trickle-migrating users into Auth0 (i.e., with import mode turned off).
  • End users can easily enroll in passkeys after their first successful login, requiring no prior passkey credentials in your external identity store.
  • Passkey credentials are securely stored in Auth0, while your external identity store continues to handle all other authentication logic.

This enhancement unlocks frictionless, passkey-based login experiences for enterprises that manage user credentials outside of Auth0 - without requiring user migration or changes to existing identity architecture.

To enable the Limited Early Access release in your Auth0 tenant, contact your Technical Account Manager to request access.

We are excited to introduce expanded passkey support for custom database connections! Now available without enabling import mode.

What’s New:

  • You can now enable passkey-based authentication for custom database connections without importing or trickle-migrating users into Auth0 (i.e., with import mode turned off).
  • End users can easily enroll in passkeys after their first successful login, requiring no prior passkey credentials in your external identity store.
  • Passkey credentials are securely stored in Auth0, while your external identity store continues to handle all other authentication logic.

This enhancement unlocks frictionless, passkey-based login experiences for enterprises that manage user credentials outside of Auth0 - without requiring user migration or changes to existing identity architecture.

To enable the Limited Early Access release in your Auth0 tenant, contact your Technical Account Manager to request access.

We are excited to introduce expanded passkey support for custom database connections! Now available without enabling import mode.

What’s New:

  • You can now enable passkey-based authentication for custom database connections without importing or trickle-migrating users into Auth0 (i.e., with import mode turned off).
  • End users can easily enroll in passkeys after their first successful login, requiring no prior passkey credentials in your external identity store.
  • Passkey credentials are securely stored in Auth0, while your external identity store continues to handle all other authentication logic.

This enhancement unlocks frictionless, passkey-based login experiences for enterprises that manage user credentials outside of Auth0 - without requiring user migration or changes to existing identity architecture.

To enable the Limited Early Access release in your Auth0 tenant, contact your Technical Account Manager to request access.

Jul 15, 2025

My Account API Explorer is now available! Navigate to: https://auth0.com/docs/api/myaccount to try it out and help navigate & build with the new My Account API (which is in Limited Early Availability).

Using My Account, customers can build self-service management experiences at scale, powered directly from their applications.

To learn more and request access to the My Account API feature, contact your Auth0 account manager.

We're thrilled to announce Multiple Custom Domains (MCD) support on a single Auth0 tenant bringing you simpler, more flexible branding and white-labeling. This powerful capability allows you to:

  • Deliver tailored, branded experiences for your users, including customized login URLs and emails.
  • Enhance security through consistent use of custom domains across end-user interactions.
  • Scale B2B SaaS usage rapidly through MCD on a single tenant.

This feature is available to our Enterprise customers.

With Early Access, you'll gain robust capabilities across our Management APIs, Manage Dashboard, and our developer tools (SDKs, Terraform provider, and CLI) for MCD management. You'll find new ways to customize Email templates based on custom domain information. The solution scales effortlessly to meet rapid growth and demanding needs.

Please refer to Auth0 docs for details - Multiple Custom Domains.

Interested in participating in the Early Access program? Please send a request through the Auth0 Support Center.

Previous2425262728Next
Latest
Apr 17, 2026
Source
auth0.com/changelog
Tracking Since
Sep 25, 2024
Last fetched Apr 18, 2026
.json·.md·.atom