We have had some bad experience of thing changing a lot , from v1 to v2, which required implementation re-work, we have had issues with impersonation being switched off for new clients and we now have has search issues having had search switched off and now it seems it being discontinued or changed.
We are now building a new application with a deeper level of integration and it is worrying how much things are changing and how many decisions are being made that are effecting current implementations, we really can’t be sure of what to implement or what not to implement and what may change?
It also looks like rules are changing to hooks.? the docs say that hooks will eventually replace rules, but we don’t want be surprised one day, then have to scramble around trying to fix things.
Is there a roadmap where we can see some kind of plan, otherwise we will just be let down by having things switched off or changed at no notice. We can’t really afford to re-invest time and effort ALL the time on this type of integration, we really need some kind of abstraction where we can concentrate on our own features rather than constantly trying to figure out what still works and what has changed etc.
Its very difficult to make a decision right now to continue using Auth0.
The points you made are all perfectly valid and it was indeed something that was already being tracked as a known gap. In order to provide customers with more frequent and transparent product roadmap communications, Auth0 will now be publishing a quarterly Auth0 Roadmap Update to give you better visibility to upcoming new product features, security updates and associated feature deprecations.
You should already received a notification (email or within the dashboard) that provides you access to the first update done as part of this initiative. As a quick spoiler for this initial update there is no mention of rules or hooks changes so for those functionalities the only thing I can say for now is that they are both supported and although having some overlap they still mostly provide different functionalities.
Thanks for the update and the roadmap.
This is a step forward to making everyone aware, however it is very disappointing that features and APIs get depreciated so quickly, we have 2 applications that less than a year old that will now be rendered inoperable in July if we don’t make changes…that we now need to get customers to pay for.
I have PayPal implementations that have been running over a decade without change. I have dropped Auth0 in new applications, but looks like I will need to battle again before July to keep things up and running or remove Auth0. I am not a happy customer.
You make valid points and it’s hard to look at these deprecation notices and think they are positive, however, when it comes to security does it make sense to allow the continued used of methods and approaches that the passage of time lead them to be considered sub-optimal. You could argue we should have done it right the first time, but reality is security is a moving target; a bit like DRM you can continue to use old DRM methods, but do you gain anything from using them when there are already known exploits.