Auth0 Home Blog Docs

"Deprecation Notice" logs

lockjs
deprecation

#1

I realize that Auth0 is deprecating some APIs at various points in 2018. We have a handful of Auth0 APIs in play (e.g. Lock, Cordova API, .NET SDKs, Java SDKs, etc.). It isn’t going to be straight-forward to feel confident that we have removed the use of all instances of things being deprecated.

To that end, I have noticed the /logs endpoint occasionally show a Deprecation Notice log event. Can anyone explain when/why these Deprecation Notice logs appear? I assumed they would appear every time a deprecated API is used, but that doesn’t appear to be the case. I am seeing these logs for things that I don’t believe we leverage. I also see them when known deprecated items are used (e.g. old versions of Lock), but it isn’t consistent. I try to force these logs to appear by using an old version of the Lock, but that doesn’t cause them to appear consistently.


#2

One quick update. I searched the logs for a few of these deprecation notices (Legacy Lock API, Legacy Profile, SSOData). I notice that all three of these seem to appear in the logs at very similar intervals, at most once per hour, and not every hour.

Is Auth0 just putting these warnings in the logs at semi-random intervals just to remind us? It certainly doesn’t seem to be tied to use of the deprecated features as I had hoped it would be.


#3

These “Deprecation Notice” events that you’re seeing in the logs refer to endpoints that are being deprecated, not necessarily to old versions of the libraries. Some of these libraries have already been updated to use the new endpoints with some additional parameters, but the older features are also available to not break your applications. When using these soon-to-be deprecated endpoints, these deprecation notice logs will be shown. To help you figure out to what they refer to, they have an accompanying description message, such as these examples:

  • “Tokeninfo endpoint: This feature is
    being deprecated. Please refer to our
    documentation to learn how to migrate
    your application.”
  • “Legacy Profile: This feature is
    being deprecated. Please refer to our
    documentation to learn how to migrate
    your application.”
  • “oauth/ro: This feature is being
    deprecated. Please refer to our
    documentation to learn how to migrate
    your application.”

#4

Thanks. Can you speak to the frequency of these events? For example, I hit the /oauth/ro endpoint and successfully authenticated, and it did put a deprecation notice event in the logs. I then logged in with /oauth/ro with 2 different users, and I got no deprecation notice in the logs. So it doesn’t seem to log with each offending use of the feature that will be deprecated? That is very difficult if your task is to make sure all Auth0 touch-points stop using these deprecated features.


#5

For more detail, I only seem to get 1 depnote in the logs per hour, per type. So my guess is Auth0 will only add these logs once per hour, per depnote type? Again, that is very difficult if you are trying to find all the things that may trigger the use of these deprecated endpoints.


#6

@ricardo.batista

“Legacy profile information in id_token or /userinfo response”

The message says “refer to documentation”, but I haven’t been able to find the documentation on what the legacy info could be - can you point to that?

thanks!


#7

@ricardo.batista

“Legacy profile information in id_token or /userinfo response”

The message says “refer to documentation”, but I haven’t been able to find the documentation on what the legacy info could be - can you point to that?

thanks!


#8

You see more information about the legacy user profile information here: https://auth0.com/docs/guides/migration-legacy-flows


#9

@ricardo.batista thx - I saw that - but I was interpreting the deprecation message to indicate that I am putting a non-name-spaced and non-standard claim in there, but I can’t see that I am doing that. The log message indicates it found something, but it doesn’t tell me what the offending claim is.

We can still add custom claims, right, as long as we name-space them with an arbitrary string?


#10

@brad2 , @ricardo.batista - I agree that this “Legacy profile information” message isn’t very helpful. We’re getting those too. Hopefully the migration guide that is planned for Q1 will be more helpful to fix any “legacy profile” deprecation items.


#11

yes - mainly I’m concerned about something suddenly not working April 1 that I had thought was addressed, or never figured out how to confirm was addressed.


#12

I’ve got same deprecation notices into my Logs.
I’ve a custom login page on a React app consuming auht0-js v8 lib api. I guess those deprecation notices are due to auth0-js v8 consuming deprecated Auth0 api. I’m going to migrate auth0-js to v9 to figure out if I’m right, I’ll keep you informed about.