August 2023 Community News

Welcome back! Thank you to everyone who contributed to our developer forum in the month of August and we wish everyone a happy and productive September! Here’s what happened in Auth0 by Okta Community Forum during the past month!

New Community Programs, Initiatives & Announcements

Have you had a chance to check our Announcements category in August? If not we’ve got you covered:

• Share your thoughts on passkeys - and get swag!

Make sure to also tune in for what’s coming this month!

• New Auth0 Community Enhancements
• Ask Me Anything with Auth0 Terraform Provider

New Blog Articles

Here are the new blog articles published in the month of August. Let us know your questions and thoughts by sharing comments in blog discussion topics!

• Authentication with Laravel: Raising the Bar with a No Code Future
• Auth0 Stable Support For Next.js App Router!
• Strengthen Your Application Security beyond Authentication
• How to Validate JWTs in .NET
• Unlock Deeper Customization in Actions with Three New Capabilities

New FAQs

Looking for useful knowledge? We got you covered! Make sure to browse through the FAQs and Knowledge Articles we posted last month!

• When a user is deleted is their data removed?
• Groups claim using authorization extension
• Importing user profiles that do not have an email attribute
• How to add a ‘jti’ claim to the access token
• Error: Invalid login: Application-specific password required
• Change tenant ownership
• Bad request for Get users by email endpoint when + sign is included
• Connection’s display_name gets overwritten when it is updated
• Cloudflare blocking domain
• Auth0 Groups not accessible in Actions
• Email and OTP Slow Delivery
• Transfer paid subscription from one tenant to another
• Federated logout with Auth0 as SAML IdP and SP
• Attempt to create ADFS connection returns “Error! … Either adfs_server or fedMetadataXml must be set but not both.”
• Test SAML connection configuration programmatically
• Support for biometrics as 2FA supported with passwordless SMS
• Handle reset password email for users sign up with social connection
• Count the unique users who are triggering the breached password admin notifications
• JwksError: Bad Request with jwks-rsa
• Concatenate two fields in user export
• Add custom login button to the new universal login experience
• Cannot create OIDC Connection: ‘“options.set_user_root_attributes” must be a string’
• Azure AD profile mappings
• Change user search query timeout in PSaaS
• Can multiple passwordless connections be created for one tenant?
• 502 Bad Gateway nginx/1.22.1 Error When Accessing Login Link
• WhatsApp OTP integration
• Save before using Try option with Passwordless Connections
• Configuring a token endpoint that is not exposed in an IdP’s well-known discovery endpoint
• Support center: tenant missing from ‘Affected tenant’ dropdown
• Log ID structure
• State parameter lifetime
• Using Twilio SDK v4 in a hook causes hook timing out
• Expected behavior when all cookies are disabled when the user visits the login page
• Skip errors during imports with the Auth0 CLI tool
• Custom OAuth2 Social connection with Cognito returning error “Invalid user id”
• MFA for specific connections
• Lock authenticated event is not firing
• Cannot maintain multiple user sessions in same browser
• Customize breached password email
• Proof Key for Code Exchange is required for cross-origin authorization code redemption error
• Unable to upgrade my subscription
• Invite users created by the Management API
• Protect backend endpoints using auth in SPA
• Provide a page to allow a database user to change their password
• Remove auth0 badge from classic change password prompt
• Pass a dynamic encoded value as a state parameter to upstream IdP
• OAuth SSO with Canvas LMS as IdP
• SAML Addon can’t map an attribute more than once
• The /authorize/resume endpoint does not send to the default login page
• Multiple SMS Authentication Factors and changing SMS
• How are actions executed internally
• ‘Show RP-Initiated Logout Prompt’ turned off but still shows
• Sync session with Auth0 when using Next.js
• Typescript in actions and custom database scripts
• Retrieve language within a custom database connection script
• User invitation link returns error ‘this connection does not support signups (incompatible screen_hint)”
• Using a Custom Social Connection to make a second Apple connection
• Can I use Actions to set MFA factors of SMS on one app, and SMS and OTP on another app?
• Deploy CLI: ‘Refresh Token Revocation Deletes Grant’ toggle
• Deploy CLI error when changing session cookie mode: ‘Too few properties defined (0), minimum 1’
• Azure AD connection error
• Display custom lock error session inactivity
• Pass in Hard-coded values in SAML mapping
• Tooling for auditing Auth0 MAU
• Difference between Adaptive MFA’s UntrustedIP assessor and Bot detection’s IP reputation risk signal
• Enable Production mode in Singpass
• Auth0-deploy-cli does not delete default Username-Password-Authentication database connection
• Maximum period of time that can safely be elapsed between redirect and /continue
• Can you change the password policy strength to require all 4 of the character types?
• Case Custom social connection
• Error message: ‘Redirection is not available on /oauth/token endpoint’
• CORS errors on /oauth/token with Sentry
• Custom DB Mongo error: Unsupported OP_QUERY command
• Error: Access denied when accessing URL with Auth0-managed custom domain
• How can I enforce MFA for my own internal users but not require MFA for external customers?
• Remove claims from the ID token with actions
• Tenant log details.qs.state field doesn’t match with the state sent in /authorize request
• Post User Registration Action Logs missing
• Migrate connection from ADFS to Azure AD
• Invalid token - Invalid JOSE Header kid
• Install multiple LDAP connectors on a single windows host pointing to different environment tenants
• Rollback to Node 12
• Update metadata after custom database login
• NextJS - Intermittent invalid authorization code errors
• Organization.id and name are not available in password change emails
• Continue with Google button not present on New Universal Login
• Illegal ‘domain’ attribute “eu.auth0.com”
• SAML Error: NameQualifier
• auth0Client parameter in the /authorize request
• SAML addon mapping skipping duplicated attributes
• Authorization server not configured with default connection
• Azure AD attribute(s) that the Auth0 nickname attribute mapped to
• SAML login not working properly when connection included in the /authorize request
• isMobile attribute not present in logs exported via log streams
• Set the max number of groups to retrieve while creating an AD connection
• No error messages for passwordless/email login for non-existing user
• Node 12 End of Life
• Pre-registration Action with event.request.query
• Node 18 Beta - No Action logs in Realtime Webtask Logs
• Access env variable inside action scripts
• Active Directory Connector is restarting under load
• Add custom claims to access token without a namespace
• Lock.js does not support CSS customization
• Apple social connection failing to capture ‘name’ data correctly
• Are CRUD operations supported from enterprise connections?
• Lifetime for Dashboard users’ sessions
• Azure permissions not added to token
• Change the sub in the Auth0-generated jwt token
• Convert Test User Rule to Action
• “Error! Error while enrolling device. Please try again” when trying to add MFA factor on the dashboard
• User not being updated by API consistently
• “Sandbox Error: connect ECONNREFUSED 127.0.0.1:443” error when create user in custom DB
• Converting a rule to an action, how to deal with user.impersonated?
• Error “The specified sender domain has not been linked” on sending email
• Enable Biometrics later on after first having declined on Android
• “400 Bad Request: FederationMetadata not found at CUSTOMER_URL” error when create ADFS connection
• Different password complexity options on same tenant?
• Custom Oauth2 Social Connection occasionally throws “InternalOAuthError: Failed to obtain access token (status: 500…)”
• Implementing WebAuthn as first factor authentication for Passwordless users
• Auth0 Deploy CLI error
• Expose the app_metadata in custom Login flow action
• Clear Auth0 session cookie inside Action
• Event.user.multifactor property not showing each factor
• Masked fields in logs
• Override sub in ID token to contain a custom field instead of user_id
• Null Recovery Code value on second code request
• Not able to update access token expiration for Auth0 Management API
• Rate limits for MFA factors
• “Application credentials” limitation in the Entity Limits policy
• Home Realm Discovery not detecting email domain and redirecting to correct IdP
• MFA Grant Type with SPA
• Is it possible to create and use an OIDC connection without the jwks_uri parameter or to disable (ignore) it?
• Best Practice of Enforcing Email Verification
• Can the Auth0 Guardian app be “disabled” after we make our own authenticator app?
• Azure AD logins failure with “The provided client secret keys are expired” error
• ADFS connection error “IdP-Initiated login is not enabled for connection”
• Detect user login from different device or location
• Error: “Invalid connection strategy. It must either be a passwordless connection”
• MFA API - binding_code identical for /mfa/challenge
• Password dictionary not preventing certain passwords from being used
• “no capacity for SMS 2FA”/”SMS per tenant rate exceed” error
• Setting multiple possible values for AD/LDAP profile attributes
• Users prompted for biometrics MFA after they already declined biometrics for login
• Change the default order of the MFA enrollment options

New and Top Trending Feedback Cards

Make sure to advocate, add context and vote for the ones you are interested in!

• Create Tenants via Management API
• Feature Request - Add support for Client Certificate Authentication
• Implement Device Auth Flow with Organizations
• Web Accessibility: Universal Login Password Requirements Should be Improved for Screen Readers
• Give option to duplicate application with all of it’s setting, eventually have export functionality
• Allow Customization of the MFA Remember Browser Period
• Spring Boot 3 + Auth0 Java SDK Compatibility
• Personal Access Tokens or API Keys
• Feature request - “show password” eye on password request form
• Add rate limiting and cache for m2m token authentication endpoints
• Kotlin Multiplatform Support?
• Ability to provide organization name during Authorization Code Flow
• Only Tenant “Admin” can edit “Organizations”
• Feature request - need custom headers for Custom Log Streams using Webhooks
• Issue with viewing all permissions assigned to a user under the User Management section
• Moodle SSO integration
• Allow multiple custom domains for multitenant applications
• How can I access custom user properties in my custom action?
• Universal Login - provide a last login hint for returning users
• New Universal Login - Customization of input fields
• Feature Request - Ability to force MFA on tenant admins
• Biometrics Only Instead of Identifier + Biometrics exclamation
• Feature request: 2FA enforcement policy for auth0 tenant dashboard admins
• Automation for tenant creation
• Mobile Verification
• Management API support for managing tenant members
• Custom creation of tenant member accounts using Mgmt API
• Disable insecure tenant defaults
• Feature request: Add Google Cloud PubSub support for Log Streams
• .NET 7.0 Exceptions with Blazor Server when Logging In/Out
• Feature request: streaming Action logs
• Allow a Tenant to force all Auth0 Dashboard users to have MFA active
• Setting to require Proof Key for Code Exchange for OAuth Public Clients
• Map SAML attributes into app_metadata & user_metadata
• Default Verification email should list the expiration time
• Better documentation/comunication for feature flags
• Remove 1000 user limitation from search
• CAPTCHA Control Via API
• Change password interface in the management dashboard for tenant administrators
• Feature Justification: Enabling Shared Email Addresses in Auth0
• Pass Parameters to Custom SAML Identity Providers (IDPs)
• Add support to java-mvc-common SDK for running behind a reverse proxy
• Support/Replace Organization prompt screen with “choose organization” during login