Hi Community!
We wanted to let you all know that Cross-origin authentication is now disabled by default for new applications created in Auth0. If an application requires cross-origin authentication, tenant administrators can update the application in the Admin Dashboard.
Management API users will also no longer receive cross_origin_auth in the response to requests on the [Get clients] or the [Get client by id] API endpoints. A new setting, cross_origin_authentication, can be used to read and update the application settings.
Why are we making this change?
These changes will help improve our customer’s security and limit the exposure of applications that don’t require cross-origin authentication.
What action do you need to take?
If you have dependencies on either the [Get clients] or the [Get client by id] API endpoints, you will need to update these dependencies to no longer expect cross_origin_auth in response.
If you use the above endpoints to create or manage applications, you will need to specify cross_origin_authentication is set to true for the setting to take effect.
If you have documentation or training materials for applications that require cross-origin authentication, you will need to add an additional step for enabling the setting to ensure the scenario is successful.
Let us know down below if you have any questions!
