5.8.0
Breaking Changes📦 auth0View on GitHub →
⚠ 2 breaking✨ 7 features🐛 3 fixes🔧 41 symbols
Summary
This release introduces significant breaking changes related to user date field typing and client update request schemas, alongside numerous feature additions for FedCM, Token Vaults, and Attack Protection.
⚠️ Breaking Changes
- The request types for social/FedCM login on `clients.update()` have changed from `NativeSocialLogin` / `FedCmLogin` to `NativeSocialLoginPatch` / `FedCmLoginPatch`. Code passing the old types to `update()` must switch to the `*Patch` variants.
- The `UserDateSchema` type has been removed. User date fields (`created_at`, `updated_at`, `last_login`, `last_password_reset`, and `multifactor_last_modified`) across user response schemas are now `Optional[datetime.datetime]`. Code reading these fields as strings or dicts must update to handle datetime objects.
Migration Steps
- When calling `clients.update()`, replace usage of `NativeSocialLogin` / `FedCmLogin` with `NativeSocialLoginPatch` / `FedCmLoginPatch` for social/FedCM request bodies.
- Update code that reads user date fields (`created_at`, `updated_at`, etc.) to expect and handle `datetime.datetime` objects instead of strings or dictionaries.
✨ New Features
- Added new FedCM/Google One Tap client configuration fields (`fedcm_login`) on create/update/response, enabling gating of the Google One Tap prompt via `fedcm_login.google.is_enabled`.
- Introduced `NativeSocialLoginPatch` wrapping patch variants for Apple, Facebook, and Google for use with `clients.update()`.
- Added `token_vault_privileged_access` field to client creation, update, and response, typed differently based on operation (`ClientTokenVaultPrivilegedAccessWithPublicKey` for create, `ClientTokenVaultPrivilegedAccessWithCredentialId` for update).
- Added `cross_app_access_requesting_app` field to connection creation/update, OIDC/Okta request types, and all connection response types.
- Widened the type for identity `user_id` to `Union[str, int]` across identity schemas and response content to support numeric IDs (e.g., from GitHub).
- Added `auth_email_by_code` value to `EmailTemplateNameEnum`.
- Introduced a new sub-client `attack_protection.phone_provider_protection` with `get()` and `patch(type=...)` methods, along with new enum `PhoneProviderProtectionBackoffStrategyEnum`.
🐛 Bug Fixes
- Improved 404 error handling across several raw clients (`keys.signing`, `organizations`, `roles.permissions`, `self_service_profiles.sso_ticket`, `user_attribute_profiles`, and `users`) to raise a typed `NotFoundError` instead of an unhandled parse error.
- Added `"CustomDomainHeader"` to `__all__`.
- Corrected the return type annotation for `CustomDomainHeader` from `Dict[str, Any]` to `RequestOptions`.
Affected Symbols
clients.update()NativeSocialLoginFedCmLoginNativeSocialLoginPatchFedCmLoginPatchUserDateSchemaauth0.management.typescreated_atupdated_atlast_loginlast_password_resetmultifactor_last_modifiedGetUserResponseContentCreateUserResponseContentUpdateUserResponseContentUserResponseSchemafedcm_loginFedCmLoginGoogleFedCmLoginGooglePatchtoken_vault_privileged_accessClientTokenVaultPrivilegedAccessWithPublicKeyClientTokenVaultPrivilegedAccessWithCredentialIdcross_app_access_requesting_appCrossAppAccessRequestingAppconnections.create()connections.update()UserIdentitySchemaUserIdentityDeleteUserIdentityResponseContentItemEmailTemplateNameEnumauth_email_by_codeattack_protection.phone_provider_protectionPhoneProviderProtectionBackoffStrategyEnumkeys.signingorganizationsroles.permissionsself_service_profiles.sso_ticketuser_attribute_profilesusersCustomDomainHeaderRequestOptions