Change8

5.8.0

Breaking Changes
📦 auth0View on GitHub →
2 breaking7 features🐛 3 fixes🔧 41 symbols

Summary

This release introduces significant breaking changes related to user date field typing and client update request schemas, alongside numerous feature additions for FedCM, Token Vaults, and Attack Protection.

⚠️ Breaking Changes

  • The request types for social/FedCM login on `clients.update()` have changed from `NativeSocialLogin` / `FedCmLogin` to `NativeSocialLoginPatch` / `FedCmLoginPatch`. Code passing the old types to `update()` must switch to the `*Patch` variants.
  • The `UserDateSchema` type has been removed. User date fields (`created_at`, `updated_at`, `last_login`, `last_password_reset`, and `multifactor_last_modified`) across user response schemas are now `Optional[datetime.datetime]`. Code reading these fields as strings or dicts must update to handle datetime objects.

Migration Steps

  1. When calling `clients.update()`, replace usage of `NativeSocialLogin` / `FedCmLogin` with `NativeSocialLoginPatch` / `FedCmLoginPatch` for social/FedCM request bodies.
  2. Update code that reads user date fields (`created_at`, `updated_at`, etc.) to expect and handle `datetime.datetime` objects instead of strings or dictionaries.

✨ New Features

  • Added new FedCM/Google One Tap client configuration fields (`fedcm_login`) on create/update/response, enabling gating of the Google One Tap prompt via `fedcm_login.google.is_enabled`.
  • Introduced `NativeSocialLoginPatch` wrapping patch variants for Apple, Facebook, and Google for use with `clients.update()`.
  • Added `token_vault_privileged_access` field to client creation, update, and response, typed differently based on operation (`ClientTokenVaultPrivilegedAccessWithPublicKey` for create, `ClientTokenVaultPrivilegedAccessWithCredentialId` for update).
  • Added `cross_app_access_requesting_app` field to connection creation/update, OIDC/Okta request types, and all connection response types.
  • Widened the type for identity `user_id` to `Union[str, int]` across identity schemas and response content to support numeric IDs (e.g., from GitHub).
  • Added `auth_email_by_code` value to `EmailTemplateNameEnum`.
  • Introduced a new sub-client `attack_protection.phone_provider_protection` with `get()` and `patch(type=...)` methods, along with new enum `PhoneProviderProtectionBackoffStrategyEnum`.

🐛 Bug Fixes

  • Improved 404 error handling across several raw clients (`keys.signing`, `organizations`, `roles.permissions`, `self_service_profiles.sso_ticket`, `user_attribute_profiles`, and `users`) to raise a typed `NotFoundError` instead of an unhandled parse error.
  • Added `"CustomDomainHeader"` to `__all__`.
  • Corrected the return type annotation for `CustomDomainHeader` from `Dict[str, Any]` to `RequestOptions`.

Affected Symbols