July 2023 Community News

Welcome back! Thank you to everyone who contributed to our developer forum in the month of July and we wish everyone a happy and productive August! Here’s what happened in Auth0 by Okta Community Forum during the past month!

New Community Programs & Initiatives

Have you heard about new projects and programs we’ve launched in our forum? Check them out!

• Member Spotlight: Gianfranco Parascandolo
• Community Interactive Q&A Session I: Recap

New Product and Company Announcements

• Node 18 Support for Actions and other extensibility products

New Blog Articles

Here are the new blog articles published in the month of July. Let us know your questions and thoughts by sharing comments in blog discussion topics!

• Developer Day Is Coming to Oktane
• Deploy Secure Spring Boot Microservices on Amazon EKS Using Terraform and Kubernetes
• Blazor Server and the Logout Problem
• ChatGPT Tries to Add Auth0 Authentication to an iOS App, Round Two!
• Node 18 Now Available for Actions, Rules, and Hooks
• Startup Stories: Moves
• Use the Auth0 Python SDK for Querying and Storing Users’ Data
• What is Role-Based Access Control (RBAC) and How to Implement it in a Rails API?
• Streamline Your Authorization Workflow with Auth0 FGA

New FAQs

Looking for useful knowledge? We got you covered! Make sure to browse through the FAQs and Knowledge Articles we posted last month!

• User metadata is not correctly updated from a Rule
• “Unexpected Runtime Authn Adapter Integration Problem.” error from SAML login attempt
• Google Social error for web login from embedded browsers
• We are getting the error “queryMx ESERVFAIL” when attempting to send email to a specific domain
• 503 error by Cloudflare
• Wrong email or password prompt showing “UNKNOWN_ERROR”
• API Not found when registering M2M Application
• Get a list of users created after a particular date
• Custom database error “connect ECONNREFUSED”
• Definition of expires_in field in the response of POST /oauth/token endpoint
• “No connections enabled for the client” error
• Is it safe to delete the ‘Default App’ application?
• Error: Missing Refresh Token
• MOVEit Security Vulnerability
• Log event for verifying a custom domain
• Log event for adding a custom domain
• Limit of ext- parameters on universal login page
• Impact from LinkedIn API changes June 30, 2023
• Deprecated Segment capabilities break getTokenSilently()
• NextJS - Persistent “Invalid authorization code” errors
• Log malformed - duplicate entries
• Refresh token no longer returns id_token
• Why are ‘weak’ ciphers used on our login page?
• Prevent admin consent for Azure AD app for every user’s first login
• Options to host Universal Login in an iFrame
• OTP received for SMS-based passwordless users created via the management API sometimes does not work
• Remove email address from the password reset redirect URL
• ‘Not found’ error on callback URL in Android app
• Allowed web origins URLs not working with wildcard
• How to determine what tenant an application belongs to with the login page
• Can you access the Auth0 private key used to generate your own access tokens?
• Error: JWTVerificationException :: The Token can’t be used before [date/time]
• Is SSO possible between a Native App and Regular Web App?
• Unable to do API call during login flow due to failure while requesting the Axios module in Actions with Node 18
• SAML logout not redirecting to returnTo URL, stuck on screen that says OK
• Silent Auth returns login_required even when Auth0 cookie sent
• Users seeing consent prompt on every login
• What is the difference between “Allowed Origins (CORS)” and “Allowed Web Origins”?
• What is the purpose of the “Allowed Apps / APIs” application setting
• With nextjs-auth0, how can I get an access token with a different audience than I passed during the login?

New and Top Trending Feedback Cards

Make sure to advocate, add context and vote for the ones you are interested in!

• Personal Access Tokens or API Keys
• Different themes for different applications
• Adjust MFA Remember me cookie expiry
• Please add a “Back to” button when enrolling MFA using a ticket in New Universal Login
• Provide sending limits for password reset emails
• Mobile Verification
• Editor Role for APIs and Application Permissions
• Enable Background images at Mobile view for Universal Login
• Provide example/SDK for server side authentication with Auth0 for Sveltekit
• Universal login / Hosted Signup pages - Allow custom fields
• Auth0 Change Password Unexpected behaviour
• Feature request: Change password flow that requires the current password as a factor
• Add second factor authentication to password reset page
• Enable getting magic link for custom usage
• Support for organizations hierarchy
• Provide a possibility to set default MFA factor for Classic Login
• Utilization of authentication and security platforms
• Search Users by a specific permission
• Terms checkbox for New Universal Login
• Don’t use client name as unique identifier with deploy-cli
• Universal Login Page: Enroll with multiple MFA factors
• Utility to work with terraform auth0 provider
• Set TTL (or expiry) of Access Token in rules and hooks
• Allow for account linking with actions
• Support SCIM Provisioning for Auth0 Tenant
• Feature: pre-login Action (for email/password-based login attempts)
• How can I access custom user properties in my custom action?
• It should be possible to rename an action
• Feature Request: Log Stream - Notification about log stream deletion
• Feature Request: Logs and audit - Access to application tokens not logged
• Email verification as part of new universal login sign up process
• Magic Links in Universal Login Timeline
• Allow Wildcard port in Redirect URI as per RFC 8252
• New Universal Login ToS and Custom Fields