releases.shpreview
Auth0/Auth0 Changelog

Auth0 Changelog

$npx -y @buildinternet/releases show auth0-changelog
Mon
Wed
Fri
AprMayJunJulAugSepOctNovDecJanFebMarApr
Less
More
Releases219Avg67/moVersionsv202547 → v202614
Apr 7, 2026

We are excited to introduce Developer Preview, a new product release stage designed to get upcoming capabilities into your hands faster!

Developer Preview serves as a new release phase for new Auth0 product introductions. We utilize this stage when a new product capability will eventually be a paid feature, but we want to grant you access before the official pricing is applied.

Key Highlights:

  • Free Production Access: You can use Developer Preview features in your production environments for free during the preview period.
  • Clear Expectations: Participating in a Developer Preview provides a clear signal that the feature will include a paid component once it reaches General Availability (GA).
  • Help Shape the Product: Getting these features to you early allows us to collect valuable feedback to iterate on prior to the GA launch.

To participate in an active Developer Preview, you will simply need to sign up and accept the specific opt-in requirements for that feature.

To learn more about how Developer Preview fits into our overall release process, visit our updated Product Release Stages documentation.

We are excited to introduce Developer Preview, a new product release stage designed to get upcoming capabilities into your hands faster!

Developer Preview serves as a new release phase for new Auth0 product introductions. We utilize this stage when a new product capability will eventually be a paid feature, but we want to grant you access before the official pricing is applied.

Key Highlights:

  • Free Production Access: You can use Developer Preview features in your production environments for free during the preview period.
  • Clear Expectations: Participating in a Developer Preview provides a clear signal that the feature will include a paid component once it reaches General Availability (GA).
  • Help Shape the Product: Getting these features to you early allows us to collect valuable feedback to iterate on prior to the GA launch.

To participate in an active Developer Preview, you will simply need to sign up and accept the specific opt-in requirements for that feature.

To learn more about how Developer Preview fits into our overall release process, visit our updated Product Release Stages documentation.

Auth0 developers using Express Configuration with Okta now have a streamlined process for submitting applications to the Okta Integration Network. The OIN Wizard has been updated with a new section that automatically populates required configuration fields for OpenID Connect (OIDC), System for Cross-domain Identity Management (SCIM), and Global Token Revocation (GTR) integrations based on Auth0 Dashboard information.

Apr 2, 2026

You can now manage custom authentication screen partials directly in the Auth0 dashboard with a purpose-built visual editor. Instead of encoding HTML as strings and sending them through the API, you get a proper code editor with syntax highlighting and live feedback.

The editor includes supporting tools:

  • Code snippet library: pre-built snippets for common use cases like first and last name, phone number, terms of service checkboxes, and more, ready to insert with a click
  • Template variable reference: a clickable list of all context variables available in the partial, for quick insertion without leaving the editor
  • Actions shortcut: open Actions in a new window directly from the editor
  • Interactive preview: click into entry points to edit HTML inline, see visually which entry point each element belongs to, and toggle entry point wrappers off to preview what the prompt looks like in the login flow

This update also expands what's possible with partials:

  • Passkey screens: customize passkey authentication screens anywhere they appear in your flow; data capture is supported in the signup flow
  • Custom database connections: data captured from partials is now surfaced in custom database connection scripts

Head over to the Auth0 Docs to learn more.

You can now manage custom authentication screen partials directly in the Auth0 dashboard with a purpose-built visual editor. Instead of encoding HTML as strings and sending them through the API, you get a proper code editor with syntax highlighting and live feedback.

The editor includes supporting tools:

  • Code snippet library: pre-built snippets for common use cases like first and last name, phone number, terms of service checkboxes, and more, ready to insert with a click
  • Template variable reference: a clickable list of all context variables available in the partial, for quick insertion without leaving the editor
  • Actions shortcut: open Actions in a new window directly from the editor
  • Interactive preview: click into entry points to edit HTML inline, see visually which entry point each element belongs to, and toggle entry point wrappers off to preview what the prompt looks like in the login flow

This update also expands what's possible with partials:

  • Passkey screens: customize passkey authentication screens anywhere they appear in your flow; data capture is supported in the signup flow
  • Custom database connections: data captured from partials is now surfaced in custom database connection scripts

Head over to the Auth0 Docs to learn more.

You can now manage custom authentication screen partials directly in the Auth0 dashboard with a purpose-built visual editor. Instead of encoding HTML as strings and sending them through the API, you get a proper code editor with syntax highlighting and live feedback.

The editor includes supporting tools:

  • Code snippet library: pre-built snippets for common use cases like first and last name, phone number, terms of service checkboxes, and more, ready to insert with a click
  • Template variable reference: a clickable list of all context variables available in the partial, for quick insertion without leaving the editor
  • Actions shortcut: open Actions in a new window directly from the editor
  • Interactive preview: click into entry points to edit HTML inline, see visually which entry point each element belongs to, and toggle entry point wrappers off to preview what the prompt looks like in the login flow

This update also expands what's possible with partials:

  • Passkey screens: customize passkey authentication screens anywhere they appear in your flow; data capture is supported in the signup flow
  • Custom database connections: data captured from partials is now surfaced in custom database connection scripts

Head over to the Auth0 Docs to learn more.

You can now manage custom authentication screen partials directly in the Auth0 dashboard with a purpose-built visual editor. Instead of encoding HTML as strings and sending them through the API, you get a proper code editor with syntax highlighting and live feedback.

The editor includes supporting tools:

  • Code snippet library: pre-built snippets for common use cases like first and last name, phone number, terms of service checkboxes, and more, ready to insert with a click
  • Template variable reference: a clickable list of all context variables available in the partial, for quick insertion without leaving the editor
  • Actions shortcut: open Actions in a new window directly from the editor
  • Interactive preview: click into entry points to edit HTML inline, see visually which entry point each element belongs to, and toggle entry point wrappers off to preview what the prompt looks like in the login flow

This update also expands what's possible with partials:

  • Passkey screens: customize passkey authentication screens anywhere they appear in your flow; data capture is supported in the signup flow
  • Custom database connections: data captured from partials is now surfaced in custom database connection scripts

Head over to the Auth0 Docs to learn more.

You can now manage custom authentication screen partials directly in the Auth0 dashboard with a purpose-built visual editor. Instead of encoding HTML as strings and sending them through the API, you get a proper code editor with syntax highlighting and live feedback.

The editor includes supporting tools:

  • Code snippet library: pre-built snippets for common use cases like first and last name, phone number, terms of service checkboxes, and more, ready to insert with a click
  • Template variable reference: a clickable list of all context variables available in the partial, for quick insertion without leaving the editor
  • Actions shortcut: open Actions in a new window directly from the editor
  • Interactive preview: click into entry points to edit HTML inline, see visually which entry point each element belongs to, and toggle entry point wrappers off to preview what the prompt looks like in the login flow

This update also expands what's possible with partials:

  • Passkey screens: customize passkey authentication screens anywhere they appear in your flow; data capture is supported in the signup flow
  • Custom database connections: data captured from partials is now surfaced in custom database connection scripts

Head over to the Auth0 Docs to learn more.

A new product release stage designed to get upcoming capabilities into your hands faster. Developer Preview serves as a new release phase for new Auth0 product introductions, granting free production access before official pricing is applied. Key features include free production access, clear expectations about future paid components, and the ability to shape the product through early feedback.

Mar 26, 2026

What's new:                                                                                                  

We've updated session handling in SAML-P and WS-Fed authentication flows to align with industry best practices and our existing OAuth2/OIDC behavior. Following a successful login via SAML-P or WS-Fed, the session ID will now be rotated and a new session cookie will be issued.

What this means for you:                                                                       

If your implementation includes client-side logic, downstream services, or integrations that read or store session IDs across SAML-P or WS-Fed login flows, you will now receive a new session ID after authentication completes. Please review and update any such implementations accordingly.

This change brings SAML-P and WS-Fed session handling in line with the existing behavior of OAuth2 and OIDC flows, ensuring consistent and secure session management across all authentication protocols.

What's new:                                                                                                  

We've updated session handling in SAML-P and WS-Fed authentication flows to align with industry best practices and our existing OAuth2/OIDC behavior. Following a successful login via SAML-P or WS-Fed, the session ID will now be rotated and a new session cookie will be issued.

What this means for you:                                                                       

If your implementation includes client-side logic, downstream services, or integrations that read or store session IDs across SAML-P or WS-Fed login flows, you will now receive a new session ID after authentication completes. Please review and update any such implementations accordingly.

This change brings SAML-P and WS-Fed session handling in line with the existing behavior of OAuth2 and OIDC flows, ensuring consistent and secure session management across all authentication protocols.

What's new:                                                                                                  

We've updated session handling in SAML-P and WS-Fed authentication flows to align with industry best practices and our existing OAuth2/OIDC behavior. Following a successful login via SAML-P or WS-Fed, the session ID will now be rotated and a new session cookie will be issued.

What this means for you:                                                                       

If your implementation includes client-side logic, downstream services, or integrations that read or store session IDs across SAML-P or WS-Fed login flows, you will now receive a new session ID after authentication completes. Please review and update any such implementations accordingly.

This change brings SAML-P and WS-Fed session handling in line with the existing behavior of OAuth2 and OIDC flows, ensuring consistent and secure session management across all authentication protocols.

What's new:                                                                                                  

We've updated session handling in SAML-P and WS-Fed authentication flows to align with industry best practices and our existing OAuth2/OIDC behavior. Following a successful login via SAML-P or WS-Fed, the session ID will now be rotated and a new session cookie will be issued.

What this means for you:                                                                       

If your implementation includes client-side logic, downstream services, or integrations that read or store session IDs across SAML-P or WS-Fed login flows, you will now receive a new session ID after authentication completes. Please review and update any such implementations accordingly.

This change brings SAML-P and WS-Fed session handling in line with the existing behavior of OAuth2 and OIDC flows, ensuring consistent and secure session management across all authentication protocols.

What's new:                                                                                                  

We've updated session handling in SAML-P and WS-Fed authentication flows to align with industry best practices and our existing OAuth2/OIDC behavior. Following a successful login via SAML-P or WS-Fed, the session ID will now be rotated and a new session cookie will be issued.

What this means for you:                                                                       

If your implementation includes client-side logic, downstream services, or integrations that read or store session IDs across SAML-P or WS-Fed login flows, you will now receive a new session ID after authentication completes. Please review and update any such implementations accordingly.

This change brings SAML-P and WS-Fed session handling in line with the existing behavior of OAuth2 and OIDC flows, ensuring consistent and secure session management across all authentication protocols.

Customize Signup and Login Prompts: Dashboard UI, Passkey Support, and Custom Database Access

Manage custom authentication screen partials directly in the Auth0 dashboard with a purpose-built visual editor. Features include syntax highlighting, a code snippet library for common use cases, template variable reference, Actions shortcut, and interactive preview. The update also expands partials to support passkey screens and custom database connections with data capture.

Mar 17, 2026

We are excited to announce the release of auth0-springboot-api, a new official SDK designed to streamline authentication and security for Spring Boot backend applications.

Key Benefits:

  • Supports Spring Boot 3.2+ (Java 17+) and built for the modern filter-chain pattern.Developers can secure an API by injecting Auth0AuthenticationFilter into their SecurityFilterChain — just configure auth0.domain and auth0.audience in application.yml and go.
  • Abstracts the complexity of JWT validation. Developers no longer need to write fragile boilerplate code to check Audiences or Issuers. The SDK handles JWKS fetching, token validation, and scope-to-authority mapping (SCOPE_ prefix) out of the box.
  • Supports DPoP with flexible enforcement modes (Allowed, Required, Disabled). Enterprise customers can enforce proof-of-possession token security per RFC 9449 with a single config property — no controller changes needed.

Getting Started:

We are excited to announce the release of auth0-springboot-api, a new official SDK designed to streamline authentication and security for Spring Boot backend applications.

Key Benefits:

  • Supports Spring Boot 3.2+ (Java 17+) and built for the modern filter-chain pattern.Developers can secure an API by injecting Auth0AuthenticationFilter into their SecurityFilterChain — just configure auth0.domain and auth0.audience in application.yml and go.
  • Abstracts the complexity of JWT validation. Developers no longer need to write fragile boilerplate code to check Audiences or Issuers. The SDK handles JWKS fetching, token validation, and scope-to-authority mapping (SCOPE_ prefix) out of the box.
  • Supports DPoP with flexible enforcement modes (Allowed, Required, Disabled). Enterprise customers can enforce proof-of-possession token security per RFC 9449 with a single config property — no controller changes needed.

Getting Started:

We are excited to announce the release of auth0-springboot-api, a new official SDK designed to streamline authentication and security for Spring Boot backend applications.

Key Benefits:

  • Supports Spring Boot 3.2+ (Java 17+) and built for the modern filter-chain pattern.Developers can secure an API by injecting Auth0AuthenticationFilter into their SecurityFilterChain — just configure auth0.domain and auth0.audience in application.yml and go.
  • Abstracts the complexity of JWT validation. Developers no longer need to write fragile boilerplate code to check Audiences or Issuers. The SDK handles JWKS fetching, token validation, and scope-to-authority mapping (SCOPE_ prefix) out of the box.
  • Supports DPoP with flexible enforcement modes (Allowed, Required, Disabled). Enterprise customers can enforce proof-of-possession token security per RFC 9449 with a single config property — no controller changes needed.

Getting Started:

We are excited to announce the release of auth0-springboot-api, a new official SDK designed to streamline authentication and security for Spring Boot backend applications.

Key Benefits:

  • Supports Spring Boot 3.2+ (Java 17+) and built for the modern filter-chain pattern.Developers can secure an API by injecting Auth0AuthenticationFilter into their SecurityFilterChain — just configure auth0.domain and auth0.audience in application.yml and go.
  • Abstracts the complexity of JWT validation. Developers no longer need to write fragile boilerplate code to check Audiences or Issuers. The SDK handles JWKS fetching, token validation, and scope-to-authority mapping (SCOPE_ prefix) out of the box.
  • Supports DPoP with flexible enforcement modes (Allowed, Required, Disabled). Enterprise customers can enforce proof-of-possession token security per RFC 9449 with a single config property — no controller changes needed.

Getting Started:

We are excited to announce the release of auth0-springboot-api, a new official SDK designed to streamline authentication and security for Spring Boot backend applications.

Key Benefits:

  • Supports Spring Boot 3.2+ (Java 17+) and built for the modern filter-chain pattern.Developers can secure an API by injecting Auth0AuthenticationFilter into their SecurityFilterChain — just configure auth0.domain and auth0.audience in application.yml and go.
  • Abstracts the complexity of JWT validation. Developers no longer need to write fragile boilerplate code to check Audiences or Issuers. The SDK handles JWKS fetching, token validation, and scope-to-authority mapping (SCOPE_ prefix) out of the box.
  • Supports DPoP with flexible enforcement modes (Allowed, Required, Disabled). Enterprise customers can enforce proof-of-possession token security per RFC 9449 with a single config property — no controller changes needed.

Getting Started:

Previous12345Next
Latest
Apr 17, 2026
Source
auth0.com/changelog
Tracking Since
Sep 25, 2024
Last fetched Apr 18, 2026
.json·.md·.atom