Account Linking (28)

• Account Link Extension and Custom Domains
• Account Linking Considerations for Email Case Sensitivity
• Account Linking Did Not Occur Because loginsCount = 2 on First Apparent Login
• Account Linking Error "Cannot find module 'request@2.56.0'" when Using Node 18
• Account Linking Extension and Accounts on the Same Connection
• Account Linking Extension and Enforcing Unique Email Addresses
• Account Linking Extension Not Linking Two Accounts with Same Email
• Account Linking Extension | Account-Linking Metadata Not Merging After Node.js Runtime Upgrade
• Account Linking in Actions - How to Keep the User Logged In
• Account Linking with Actions: setPrimaryUser Update Lost Between Redirects
• Action Required: Configure Your Account Link Extension
• Auth0 Account Linking Actions Resolution
• Auth0 Account Linking Rules Resolution
• Auth0 Session Expiration Behavior with Linked Social Identity Providers and Database Accounts
• Change a Database User's user_id without Reimporting the Password Hash
• Custom Workaround to Account Linking with Action
• Customize Account Link Extension Text
• Find the Correct Linked User
• Hide Skip Button on Account Linking Extension
• How to Check Whether a User Has a Linked Profile
• Impact of Deleting Connections and Linked Accounts
• Implement Client-Side User Initiated Account Linking
• last_login and logins_count Attributes not Updated after Account Linking
• Lifetime of the Unblock Account Link
• Maximum Delivery Timeframe for Auth0 OIDC Back-Channel Logout Notifications
• Pre-User Registration Action To Prevent Duplicate Users Not Working
• Refresh Token Exchange Fails after Account Linking for Tokens Originally Issued to What is Now a Secondary Account
• User ID Used in Token with Linked Accounts

Actions (294)

• "Access Deny" from Action Shows No Error
• "Extensibility Error" Displays Instead of Custom Error
• "Invalid Configuration" Error When Trying to Submit a Form
• "Unable to delete an action bound to a trigger" Error When Deleting Custom Phone Provider Action
• 404 - Login Attempt to Not Found Account
• Access Environment Variables Inside Action Scripts
• Accessing Query String Parameters in a Pre-User Registration Action
• Account Linking in Actions - How to Keep the User Logged In
• Account Linking with Actions: setPrimaryUser Update Lost Between Redirects
• Action Details Tab Missing from Dashboard Logs in /oauth/ro Logins
• Action Error is Not Displayed in the Universal Login Page
• Action Fails When Executed after upgrading to Node 18 or Node 22 Runtime
• Action Redirect Does Not Allow to Add a "state" Parameter
• Action says Deployed but Was Not Executed
• Action Triggered MFA Using enrollWith and challengeWith
• Action: Check If User Is Part of an Enterprise Connection
• Actions Behavior after Calling "api.access.deny()"
• Actions Cache Consistency between Different Actions
• Actions Cache Consistency Between Executions
• Actions Log Output Appears Incomplete or Truncated
• Actions Not Triggered With Social Login
• Actions Taking Longer than Expected Despite Logic for Exiting Early
• Actions Typed Definitions for Offline Authoring
• Add or Update User Metadata in Post-Login Actions
• Add Organization Roles and Permissions to the SAML Response
• Add Roles and Permissions to the ID Token Using Actions
• Add User's Current GeoIP to Email Template
• Adding CC or BCC Recipients to Auth0 Email Templates
• Adding Custom Claims to Tokens
• Allow Users to Choose MFA Enrollment Using Auth0 Forms and Actions
• api.access.deny Not Working as Expected in Pre/Post User Registration Action
• api.accessToken.setCustomClaim Does Not Set the Custom Email Claim
• api.authentication is Undefined in Post-Login Action
• Application Insights Integration for Sending Logs from Actions
• Assign Auth0 Roles Based on Okta Groups Using Post-Login Action
• Auth0 Account Linking Actions Resolution
• Auth0 Action Status
• Auth0 Actions - The Value of "error" in the Error Response has been Changed from "unauthorized" to "access_denied"
• Auth0 Custom Login Pages Parameters
• Auth0 Groups not Accessible in Actions
• Authenticate with No Session
• Authorization Extension Unable To Resolve Jtn To Webtask Token Error
• Automatically Resend Verification Email Upon Login when Link Expires
• Behavior and Risks of Unawaited Asynchronous Promises in Actions
• Behavior of the allowRememberBrowser Option When Using api.multifactor.enable in Actions
• Best Practice for Redirect Pages with Regards to Domains
• Best Practices Beyond Connection Metadata
• Best practices for testing Action code
• Biometric Prompt Not Triggered on First Login After Enrollment for New Users
• Block Certain Phone Numbers from Receiving SMS for MFA
• Block or Deny User Sign-up by Email Domain
• Block Signups via API While Allowing Signups via Auth0 Universal Login
• Block Social Signups for Certain Applications With Actions
• Block Specific Characters in a User's Email Address During Registration
• Block Specific Email Domains Using a Post-Login Action
• Blocking Social User Logins for Unregistered Users
• Blocking Users in Bulk
• Bypass a Sign-up Form for Certain Users
• Bypass MFA for a Certain User
• Caching Access Tokens and Renewing Upon Expiration
• Can NodeJS Version Be Reverted to NodeJs12
• Can we manage Marketplace Actions via the Management API and Deploy CLI?
• Cannot Get Back to Login Screen After an Action Denies Access
• Challenge MFA for User Once Per Session Action
• Challenge the User for MFA before a redirection in Actions
• Client Metadata Was Not Updated in Actions
• Client Request Error in Auth0 Actions Due to Uncaught Exception
• Condition the Access of Certain Users and Redirect Them Accordingly using Actions
• Conditionally Enable Biometric Authentication Using Auth0 Actions
• Conditions that Cause the 'mfa-detect-browser-capabilities' Screen to be Displayed
• Configure Auth0 to Send Encrypted SAML Assertion with Custom Keys
• Configure Content-Type:application/vnd.api+json When Setting Up an HTTP Request in Action Flow
• Connection Level Email Verification
• Connection Timeout for Redirect Action
• Connection_id Missing in Logs for Successful Login
• Controlling Session and Refresh Token Expiry Using Action Code
• CORS Errors While Redirecting With Actions
• Custom Claims Added to the ID Token Are Not Available in `session.user` of Auth0 NextJS SDK
• Custom Claims from Actions Not Present in Auth0 Management API Access Tokens
• Custom Database Action Script Did Not Run
• Custom Email Provider Action Not Visible Under "Actions" in Auth0 After Terraform Deployment
• Custom Email Provider user_id Format: Database Connection Email Verification Behavior
• Custom MFA Enrollment and WebAuthn issues
• Custom Phone Provider Action Receives an Incomplete Event Object
• Custom Scheme and Deep Link with Redirects - "Invalid Redirect URI"
• Custom Workaround to Account Linking with Action
• Customizing the Duration Between MFA Prompts on a Per User Level
• Deactivate MFA for Specific Users
• Delegated Admin Extension and Organizations
• Delete a social connection user
• Delete standard claims of IDTokens from Actions
• Delete User or App Metadata from the User Profile with a Post-Login Action
• Deleting a User from a Custom Database with Import Mode OFF
• Deny User Access Based on Auth0 Form Input
• Deny User Access to Application if User is on IPV6
• Deploy and Enable Actions Using Auth0 Deploy CLI
• Deploy CLI Action Error: "Bad Request: A draft must be in the 'built' state before it can be deployed."
• Difference Between Localization Parameters in Actions
• Difference Between Properties of event.session in a Post-login Action
• Differentiate User Logins From Session Reuse (SSO) in Post-Login Actions
• Discrepancies Between Last Login and Login Logs in Auth0
• Duplicate User IDs Resulting in Actions Returning Wrong Profile
• email_verified Not Available in Pre-User Registration Action
• Empty Session Object in Post-Login Actions Event
• Enable MFA per User and Give Users the Option to Turn It On/Off Themselves
• Enforce Email Verification Using a Post-Login Action or One-Time Password
• Enforce MFA for Internal Users but not for External Customers
• Enforce Multi-Factor Authentication on Every Login Using Actions
• Enforce PKCE with Actions
• Enforce Policy Acceptance on Social Signup
• Equivalent of context.addonConfiguration.aws in Actions
• Error "MFA customized via PostLogin action but feature is not enabled" when Using a Post-Login Action
• Error when Creating Custom Action: "Error! You don?t have permissions to access the resource"
• Error: SELECT Command Denied to User Seen in Action Logs
• Error: The Connection Strategy waad Is Not Supported for This Operation
• event.authentication.methods Does Not Update After MFA Completion
• event.request.query is Overwritten Between Post-Login Actions after MFA Challenge
• Event.session Object and Related Properties Are Not Populated in Actions
• Execution of the Action after a User Has Successfully Completed an MFA Challenge
• Expose the app_metadata in custom Login flow action
• Failed Login with Error "Cannot find module..."
• Failed Silent Authentication - Multifactor Authentication Required Issue
• Federated Claims in Auth0 Actions Migration
• Find Requested Scopes in Actions for "Refresh token", "Client Credential Exchange" or "Resource Owner Password Grant"
• Find the Correct Linked User
• Find the Current Value of a Custom Database Connection Action Script Environment Variable
• Force a Password Reset After a Certain Amount of Days for Specific Connections or Users
• Force a Password Reset after a Specific Number of Days
• Force New User to Change Password on First Login
• Force Users to Verify their Accounts Before Logging in
• GeoIP Accuracy and Location Discrepancies
• Getting Error of "Missing or invalid standard claims" during Actions Redirect
• Granular Timing Debugging in Actions
• Handling Self-Signed Certificates in Auth0 Custom Database Connections
• Hitting 30 Secrets per Action Limit
• How to Add organization_id in Metadata With Actions
• How to Assign a User to an Organization Using a Post-Login Action
• How to Change Organization Metadata in Actions
• How to Check which Tenant Admin made Changes to an Action
• How to Clear Auth0 Session Cookie Inside an Action
• How to Create a Paywall or Restrict Usage to an App for Subscribed Users Only
• How to Customize Action code in Different Tenants with Auth0 Deploy CLI
• How to Disable MFA for Users Based on a Client Name or Client ID
• How to Enable MFA for a Subset of Users
• How to Find the Users MFA Enrollments in Actions
• How to Get SMS MFA Enrollments with Full Phone Numbers
• How To Get the 'phone_number_verified' Claim in the ID Token
• How To Get the Output From Forms for Actions
• How to Handle Inconsistent SAML IdP Responses when Auth0 Is Acting as a Service Provider
• How to Know which Button is Selected in a Form within the onContinuePostLogin Function of the Action
• How to Make an Axios API Call and Store it as a Custom Claim using Actions
• How to Pass Custom Data in POST Requests to 'oauth/device/code' with Device Code Flow
• How to Pass Transient Data Between Actions
• How to Pass Variables between Actions in the Login Flow per User
• How To Prevent Users from Using Social Connections
• How to Restrict Email Domains from Registering to the Passwordless Email Connection
• How to Set Action Secrets Programmatically
• How to Store and Use a Custom Signing Key and Certificate for SAML with Actions
• How to Test the OTP Phone Message
• How to trigger a Custom MFA Page with a Post-Login Action
• How to Verify a User's Email Within an Auth0 Action
• Identify Sign Up Event in Post Login Action
• Impact of the Migration of Rules to Actions on Database Action Scripts
• Implementing a Redirect with Actions and Passing Data Back to Auth0
• Inaccurate Usage Notification for Node 12 / 16 Extensibility Runtimes
• Inconsistent Behaviour when Using "Remember browser" - allowRememberBrowser Flag in Actions
• Is it Possible to Use a Post-User Registration Action (or Hook) to Update a User
• Is Real-time Webtask Logs Extension Available to Developers without Tenant Admin Role
• Issues Enrolling Additional Factors using Actions
• Keyword Preservation Not Working With Action Secrets or Flow Actions
• Limit on How Many Times a User can be Redirected using Actions in an Authorization Flow
• Login Action - api.access.deny and api.redirect.sendUserTo Looping after Call
• Logins Fail for Particular Connection when Actions are Enabled with Error "cannot unmarshal string"
• Making MFA Enrollment Optional
• Management API Error "Trying to Create a Binding for an Action That Has Not Been Deployed Yet"
• Management.sendEmailVerification is Not a Function
• Managing Auth0 Actions and Forms Quota Exceedance Notifications
• Map Incoming Azure Groups to Auth0 ID Token
• Meaning of the Action Limitation of 32kB for user_metadata and app_metadata Per Session
• Methods to Block All Logins in an Auth0 Tenant
• MFA Auth Method Is Not Present after Login
• MFA Customization / Flexible Factor Selection Not Compatible with the Non-Interactive Flows
• Migrate Actions from Node.js 16 to Node.js 18
• Migrate Away from MFA with Actions
• Migrating Auth0 Node.js V18 to V22
• Migrating from Rules to Actions
• Missing auth_time claim on ID token after update password before continue Action
• Multiple Node 18 Runtime Values for Actions-Based Extensibility
• No Events Logged If a User is Redirected from an Action and Does Not Come Back to Auth0
• Node-auth0 v4 Updates
• Not a Function Error while Calling api.accessToken.addScope Inside an Action
• Not Possible to Remove the Scopes in the Token for Machine-to-Machine Applications Inside an Credentials-Exchange Action
• Only Allow a Set List of Users to Sign-up
• Only Allow Access for Certain Active Directory User Groups
• Organization ID in Tokens using the Resource Owner Password Grant Flow
• Pass Custom param from Lock to Actions
• Pass Data Between Actions and Forms
• Passing a Custom Field in the Forms from Actions
• Passing Additional Parameters to Custom Database Action Scripts
• Passing Custom Parameters From Universal Login to Auth0 Actions
• Password Reset / Post Challenge Actions Do Not Appear in Logs
• Passwordless User Login Trigger Pre/Post User Registration Actions
• Possibility to Enroll in Email MFA or OTP
• Post User Registration Action is not Triggered
• Post User Registration Action Logs missing
• Post-Login Action Not Setting App_Metadata
• Post-Login Action to Trigger MFA OTP or Email as Fallback
• Pre-Registration Action with event.request.query
• Pre-User Registration Action To Prevent Duplicate Users Not Working
• Prevent Action Execution Without Removing it from the Trigger
• Prevent Logins from a Particular Client without Blocking the IP Address
• Prevent Sign-Up When Email Address Already Exists Using an Action
• Prompt Biometrics During Flows or Actions Before Authentication Has Completed
• Prompt for MFA on New Device Logins Only
• Push Data to External Endpoint within Actions
• Redirect Blocked Users to a Custom Error Page Using Rules or Actions
• Redirect Users After Password Reset with Actions
• Remember this Device for 30 Days Ignored in challengeWith Followed by enrollWith
• Remove Claims from ID Token with Post Login Action
• Remove Claims from the ID Token with Actions
• Resend Button for OTP via Email with Forms for Actions
• Resolution for Auth0 Action "TypeError: cannot read properties of undefined"
• Resource Exhausted Error When Users Attempt to Log In
• Restrict the Use of Special Characters in Sign Up Emails
• Retrieve User's Last Login Within an Action
• Retrospective Access to Auth0 Action Execution Logs
• Roles Custom Claim is Empty after Roles Are Set on User Creation (via Auto-import)
• Run Actions Only Once per Session
• SAML Addon Mappings from ID Token Custom Claims in Actions
• SAML Attribute Mapping in Actions
• SAML Attribute Mapping in SAML2 AddOn vs. Post-Login Action
• SAML Flow: acr_values is a String Instead of an Array of Strings
• Sanctioned Country Traffic Blocked by Auth0
• Save a SAML Assertion Attribute to User or App Metadata Using Actions
• Selective Implementation of MFA for Specific Auth0 Database Connections
• Send a Verification Email from a Post-Login Action
• Send Change Password Email from Post-User Registration Action
• Send Email Invitations for Application Signup - Additional Information
• Send Notification to Users when their Email Address is Updated in Auth0
• Send Password Reset Link to an Email Registered in user_metadata
• Sending Multi Language Emails from Actions
• Set a Custom Lifetime for a Variable in Action Cache
• Set Access Token Claims Using Actions
• Set Custom NameIdentifier Attribute in SAML Response from Auth0
• Set ID Token Claims Using Actions
• Set SAML Issuer in Actions (Auth0 as IdP)
• Setting a SAML Attribute in an Action Fails
• Setting email_verified to True Using the Management API
• Setting Metadata Property in an Action Overwrites the Existing Value
• Setting Privacy Policy Checkbox on Password Reset Page
• Setting the Error Value Returned when Denying Access within Auth0 Action via "api.access.deny"
• Skip MFA from Actions with api.multifactor.enable('none');
• Slow Action Execution with High Runtime Boot Duration
• Strategies to Prompt MFA at Customized Intervals
• Stream Auth0 Action Logs
• Support for the Rules 'context.sso' Object in Actions
• Temporarily Editing or Anonymising User Attributes Using Actions for Custom SAML Assertion
• Terraform Action Trigger Binding Based on Variable
• Terraform Custom Email Provider "409 Conflict Error: No deployed action of type custom-email-provider was found"
• Test Auth0 Custom Phone Provider and OTP Delivery Without an Active SMS Provider
• The event.user.enrolledFactors is not Set or is Undefined when Accessed in Actions
• The send-phone-message Action Trigger does not Appear to be Executing
• Timed Out While Persisting Metadata Error
• Top-level event.user Attributes Added by Azure Missing from the event.user in the Post-Login Action
• Transaction ID in Post-Login Actions Available in Additional Login Flows
• Trigger MFA for Certain Active Directory User Groups
• Trigger was Updated and will Take Effect on the Next Deploy Message in Actions
• Troubleshooting the "access_denied" Error
• Typescript in Actions and Custom Database Scripts
• Unable to Construct Login User Due to Invalid User ID in Action
• Unable to Process Redirect Callback
• Unable to Update Node Version for Actions
• Unexpected Characters in JWT Tokens
• Unexpected Claims in the Client Credentials Access Token
• Update Made in Post-User Registration Action Not Available in Post-Login Action
• Update User Metadata from Within a Post Change Password Action
• Upgrading or Downgrading Node Extensibility Runtimes
• Upgrading the Action Runtime to Node18, Error "unexpected end of file" on Login
• Use api.authentication.enrollWithAny to Enroll in Recovery Code after Enrolling in Another Factor
• User Metadata Set by Action is Not Available in First Time Passwordless Login
• User or App Metadata was not Updated in Actions
• User Unable to Login
• Users Are Not Prompted to Use MFA after Enrolling a Factor
• Users Receiving Rules Deprecation Email Alerts when No Active Rules are in Place
• Using Actions - MFA Authentication Method is Missing on First Login
• Using an HTTP Connection Pool in Actions with Node18 vs Node22
• Using the Management API in Actions
• Verifying an Email Address Using an OTP Instead of a Link
• Warning Message in Actions Editor "We've updated the Actions Post Login API which will change how redirects are handled in your Actions going forward"
• Webauthn Setup via API
• WhatsApp integration in Auth0 with Forms for Actions
• When Will the Post-User-Registration Action Event Object Not Contain Email and/or Username
• Will the Actions in User Registration Flows be Triggered when Creating Users via Dashboard
• Workflow for Email and Phone Number

Additional Extensibility (54)

• "Error! The Specified New Email Already Exists" - Custom DB Connections
• Action Required: Configure Your Account Link Extension
• Actions Typed Definitions for Offline Authoring
• Add a Prefix to SAML Response Signature Namespace - Auth0 as SAML IdP
• Auth0 Actions - The Value of "error" in the Error Response has been Changed from "unauthorized" to "access_denied"
• Auth0 Groups not Accessible in Actions
• Best Practice for Redirect Pages with Regards to Domains
• Can NodeJS Version Be Reverted to NodeJs12
• Cannot Save Database Script - Error "Additional properties not allowed: challenge_type' on property email"
• Cannot set AppMetadata or UserMetaData in Passwordless flow with Pre-registration Action / Hook
• Case Custom Social Connection
• Check Last Password Reset within Rule
• Configure Auth0 to Send Encrypted SAML Assertion with Custom Keys
• Connection Problems to MySQL Database After Upgrading NodeJs Runtime to 16
• Connection_id Missing in Logs for Successful Login
• Custom Database Action Script Did Not Run
• Debugging Custom Database Scripts in Auth0
• Delete standard claims of IDTokens from Actions
• Disable Context Object in Custom Database Scripts
• Does Auth0 Have Support for Partitioned Cookies (CHIPS)
• Dynamically Set SAML SSO Callback URL Based on User Organization
• Equivalent of context.addonConfiguration.aws in Actions
• Failed Login with Error "Cannot find module..."
• Federated Claims in Auth0 Actions Migration
• Find the Current Value of a Custom Database Connection Action Script Environment Variable
• Handling Self-Signed Certificates in Auth0 Custom Database Connections
• How to Request a New Module for Custom Database Scripts
• Impact of the Migration of Rules to Actions on Database Action Scripts
• Is it possible to run a rule when a user requests a password reset?
• Is it Possible to Update an NPM Package for Rules
• Migrating from Rules to Actions
• Pass Language Parameters To Amazon Web Services Cognito Using Upstream Parameters
• Passing Additional Parameters to Custom Database Action Scripts
• Prevent Action Execution Without Removing it from the Trigger
• Redirect Blocked Users to a Custom Error Page Using Rules or Actions
• Resource Exhausted Error When Users Attempt to Log In
• Returning Metadata after Custom Database Login
• Save a SAML Assertion Attribute to User or App Metadata Using Actions
• Set a user_id in a Pre-Registration Hook
• setAppMetadata Changes in Post Login Hook Not Persisted when Calling api.access.deny
• Sleep Execution in the Delegated Admin Extensions Hooks
• Support for the Rules 'context.sso' Object in Actions
• Terraform Tips for Resource Management
• The send-phone-message Action Trigger does not Appear to be Executing
• Twilio Verify Error - "Guardian - Error on send-phone-message-hook: 60204 Custom code not allowed"
• Typescript in Actions and Custom Database Scripts
• Unable To Retrieve Given Name From User During Rule Flow
• Unexpected Claims in the Client Credentials Access Token
• Update User Profile is Not Working Inside Verify Custom Database Script - "change_email script does not exist"
• User Metadata Disappearing from Custom OAuth2 Social Connection Users
• User Metadata is Not Correctly Updated from a Rule
• User Search Malfunction in Delegated Administration Extension(DAE) with Filter Hook
• Users Receiving Rules Deprecation Email Alerts when No Active Rules are in Place
• Using Twilio SDK v4 in a hook causes a syntax error which results in the hook timing out

Additional Features (719)

• "Cannot Read Property 'toLowerCase' of undefined error" when Opening Applications
• "Confirm Password" Field on Sign Up
• "Confirm Resubmission" Error when Navigating between Password Reset Pages After Resending Email
• "Error! Failed to create tenant" Error
• "External Active User" Counts Discrepancy
• "Failed login: Invalid URI" When a User Logs In or Signs Up
• "Login failed: \PKCE_NOT_ALLOWED" Error After Logging in on a Native Application
• "missing scope read:users" error in Delegated Admin extension
• "ModuleNotFoundError: No module named 'auth0.v3'" Error when Running Python Script
• "Problem creating clients" Error with Deploy CLI
• "Support Access - DEPRECATED" Role Displayed on Management Dashboard
• "Verify Custom DB Scripts" Option Is Not Visible in Tenant Settings
• /authorize/resume does not send to the default login page
• 403 Errors from Refresh Token Calls
• 403 Forbidden Error for Custom webhook Log Stream
• 403 Forbidden Error when Configuring mTLS Authentication Flow
• 409 Errors when Updating Page Templates
• `isMobile` Attribute not Present in Logs Exported via Log Streams
• Ability to Use Features that Are Not Part of the Subscription Plan
• Access Control List Rule Fails to Trigger for VPN Traffic
• Access Raw JSON with Management API
• Accessibility - Clear Button is not Focusable for Keyboard Navigation
• Account Has Been Blocked - Brute Force Protection Allows Login from a New IP
• Action Required: Password Reset and Email Verification Links Removed from Tenant Logs
• Active Directory Connector is Restarting Under Load
• AD / LDAP Agent Connection Error When Using Replicated Configuration
• AD/LDAP Connector Login Fails Due to Incorrect LDAP_USER_BY_NAME Configuration
• AD/LDAP Connector Self-Signed Certificate Expiration
• Add Username to Email Template Variables
• Adding Email Addresses to Receive Auth0 Notification Emails
• Adding Request Headers to Logs
• After Password Hash Export - Some Users Have custom_password_hash Value
• Allow Users to Grant Specific Scopes to an Application
• Altering the Device Name Does Not Work as Expected - "device" Parameter
• Announcing the Enhanced Auth0 Support Center
• API Explorer Page on Dashboard Throws "Error! API Error. Please contact support if the problem persists"
• Api_limit Logs Missing from Tenant Logs
• App and User Metadata Not Updated
• App has been Removed from Google Play Store because Google is Not Able to Test OTP Authentication
• App Login Fails with Code Exchange Unsuccessful Error
• app_metadata Properties Appearing in Root Profile
• Application Details
• Application with SAML Connection Redirects to Incorrect URL After Successful Login
• Apply Custom Text Changes to Multiple Languages Simultaneously
• Are custom hashes upgraded / updated
• Associating Tenants With Correct Enterprise Plan With Multiple Plans
• Asterisk (*) Symbol on the Login Widget
• Attempt to Update User Phone Number Returns Error: ?Cannot Update phone_number for Non-SMS User?
• Attempting to Enable Import Mode Returns Error: 'You Cannot Change "options.enabledDatabaseCustomization" setting'
• Auth Challenge from Bot Detection Not Properly Visible
• Auth0 - Non Profit Pricing
• Auth0 and Segment Integration
• Auth0 API Timeouts
• Auth0 Authorization Extension Error "The AWS Access Key ID you provided does not exist in our records"
• Auth0 Authorization Extension with AWS S3 Buckets Error ?The specified bucket is not valid?
• Auth0 Availability in the KSA Region
• Auth0 Bulk User Import Fails With Custom Hashes Using Prefixed and Suffixed Salts
• Auth0 Deploy CLI - Should NOT have Additional Properties
• Auth0 Deploy CLI Causing Global Rate Limit Error 429 While Exporting Configuration
• Auth0 Displays Custom Gravatar Images for Some Users and Default Images for Others
• Auth0 Email Validation
• Auth0 Forcing IPv4 or IPv6 instead of Dual Stack
• Auth0 GeoIP Information Source
• Auth0 Log Stream Working in One Tenant but Failing in Another
• Auth0 Login Page Accessibility Issue with FastPass - ?The <html> element does not have a lang attribute?
• Auth0 Management API OpenAPI Specification
• Auth0 New Member Unable to Login
• Auth0 Rapid7 IDR Integration
• Auth0 Snapshot FAQ
• Auth0 Terraform Provider (v1.0.0) 404 Error When Using the Resource "auth0_role_permissions"
• Auth0 Terraform Provider 1.0.0-beta.2 Missing Client Secret
• Auth0 Terraform v1.6 Install Error Key Expired
• Auth0 WordPress Plugin Conflicts With "Elementor"
• Auth0 WordPress Plugin v4 issues
• Auth0-deploy-cli as Node Module not Working as Expected
• Auth0-Java-MVC-Common SDK With Reverse Proxy has 403 Error: The Redirect URI is Wrong
• Auth0-Splunk Integration
• Authorization Extension 500kb Storage Limit Error
• Authorization Extension is Throwing Compilation Errors
• Authorization Extension Reached the Memory Maximum (500Kb)
• AWS Authorizer Error: "the issuer in the OIDC discovery endpoint metadata does not match the configured issuer"
• Axios Write Hook in Delegated Admin Extension Causes "Unexpected End of File" Error
• Azure AD / ADFS Toggle Button Missing from Migration Section of New Tenant
• Azure AD Attribute Mapped to the Auth0 Nickname Attribute
• Azure AD Logins Failing with Error "AADSTS7000222: The provided client secret keys are expired"
• Azure Gov Connect with Azure AD for US Government
• Background Image is Not Loading for Custom Page Template
• Bad Audience Error
• Billing With a Payment Method Other Than a Credit Card
• Block Login Traffic from Russia and Other Banned Countries
• Blocked User by Brute Force Protection - The User Is Not Showing Up in the User List on the Dashboard
• Boolean Parsing on Auth0 Flows
• Bot Detection Auth0 Challenge Is Not Allowing User Interaction
• Bot Detection not Generating PLA Logs for Certain Failed Logins
• BotDetection (Auth Challenge) Behaves Differently in Browser Developer Tools
• Branding Changed After Reusing Brute Force Unblock Link
• Brute Force Protection Blocked User "User (email) attempted 10 consecutive logins unsuccessfully"
• Brute-force Block Without Password Attempt Failure in Logs
• Brute-Force Unblock Link in Emails Consumed by Security Scanners
• Bulk Import - Payload Limit
• Bulk User Import and Lazy Migration
• Bypass Passwordless Login for Automated Tests
• Calling /login Endpoint Directly Results in Error "Missing client parameter"
• Cannot Find Users With the Get-Users-By-Email Endpoint
• Cannot Preview Metadata in the Subject in Email Templates
• Cannot Reset Password on the Auth0 Dashboard
• Cannot Switch Between All Tenants in Deploy CLI Tool
• Cannot View Support Cases in the Support Center UI
• Captcha - Pre-login Risk Assessment
• Capturing Original Sender IPs in Logs for Client Credentials Grant Using auth0-forwarded-for
• Change from Startup Plan to B2B or B2C Professional or Essential Plans
• Change Password Link Template Button Does Not Appear in Desktop Outlook
• Change the Email Associated with the Social Account
• Change the Password rReset (code) and Password Reset (link) Templates via Terraform
• Change User Email Address
• Changing Signing Algorithm for an Existing API
• Changing the Billing Email Address
• Changing the Default Auth0 Tenant
• Changing the Login Provider or Authentication Method for Tenant Members
• Changing the Message "Choose an account to continue to auth0.com" On Sign In With Google
• Changing the Teams Payment Method for a Self-Service Subscription Team as a Team Owner
• Changing user_id Value for Custom Database Users
• Check Time Synchronization Status of Auth0 Server
• Clarification on the Inclusion of Social Users in Username-Password-Authentication User Exports
• Clear Text Credentials Visible in Browser Tools During Login POST Request
• Cloudflare Workers Modifying "redirect_uri" Parameter
• Compat Cookie Attributes
• Configuration During Domain Change with Google
• Configuration Guidance for the Password Reset Flow Using the Change Password Email (Link)
• Configure Alert for Large Number of User Signups
• Configure Custom Error Page for Dashboard 'Readiness Check' via Terraform
• Configure Terraform for Multiple Environments
• Configure Web Proxy When Using express-openid-connect
• Configuring Brute Force Protection by Applications
• Configuring Different Password Complexity Requirements on the Same Tenant
• Connect Two Auth0 Tenants
• Connecting to a Tenant via IPv6
• CORS Error when Trying to Fetch Font Files from the Customized Login Page
• Country-Based Access Control Full Country Code List
• Create an Email Verification Ticket
• Credential Stuffing Logs
• Cross-origin Authentication(CORS) Does Not Work when Third-Party Cookies are Disabled in Microsoft Edge
• Custom Branding Not Applying to Brute-Force Protection Screens
• Custom Database - User Sign Up Error "We're sorry, something sent wrong when attempting to sign up"
• Custom Database Login Script Does Not Display Errors
• Custom Database Mongo Error "Unsupported OP_QUERY command"
• Custom Database Not Able to Create User "Sandbox Error: connect ECONNREFUSED 127.0.0.1:443"
• Custom Database on Free Trial Subscription
• Custom Database: Password Reset Email Sent to User Before Auth0 Profile Creation
• Custom DB Change_Password Script Handling of Usernames
• Custom DB Email Verification Flow Not Updating the email_verified Field During First Log In
• Custom DB Gives Error "Please Verify the Provided Email / Username or Password"
• Custom DB Login Error: Missing Identifying Attribute in Profile
• Custom Error Description of Passwordless Email Magic Link
• Custom Login Page For Specific Client Through Management API
• Custom Login Page localization of Auth Challenge CAPTCHA
• Custom Notifications for Suspicious Activity
• Custom Parameters with Dynamic Values in Email Redirect URIs
• Custom Password Validation on Login/Reset Password Page
• Custom Phone Provider Configuration in Directory Mode
• Custom Prompts Error "The data you submitted is too long"
• Custom Text Customizations are Not Working as Expected in Login Page 'sign-up' Prompt
• Customization of Email Template Not Working when Using Custom Email Provider
• Customize Change Password Page Language
• Customize Maximum Password Length
• Customize Welcome Email Flow
• Customizing Email Templates Per Application
• Customizing Widgets Using Auth0 CLI and Liquid Template Language
• Dashboard Login via Microsoft Social Login
• Database Settings Used for the Secrets in Custom DB are Deleted After an Update with Auth0 Deploy CLI Tool
• Datadog Log Stream Integration for Regions in Japan
• Default Audience Dashboard API Error Please Contact Support if the Problem Persists
• Default Error Page does Not Support Language Customization
• Default Template when Using Page Templates
• Default Values for Auth0 Suspicious IP Throttling
• Delegated Administration Extension Error Compilation Failed: Cannot Find Module 'lodash@4.8.2'
• Delete or Decommission a Startup Plan
• Delete root@auth0.com Admin account
• Deleted User Still Appearing in Authorization Extension Groups
• Deleting Users Who Have Been Inactive for a Period of Time
• Deploy CLI Error When Importing - Error: Missing Required Property api_key
• Deploy CLI Error: "Additional Properties not Allowed: Paginate"
• Deploy CLI Export Causes SMTP User to Output as ##SMTP_USER##
• Deploy CLI Failing role_users_offset_pagination_over_thousand on Property Flags
• Deploy CLI Runtime Error "invalid memory address or nil pointer dereference"
• Determining if the 'Import Users to Auth0' Option in Custom Databases is an Enterprise Feature
• Difference between a User's "created_at" and "multifactor_last_modified" Fields
• Difference Between Auth0 CLI and Auth0 Deploy CLI
• Difference Between fcpr and fcp Log Types
• Difference between Refresh Token Reuse Interval and Token Generated in Future Leeway
• Difference between the option Security > Monitoring and Monitoring > Streams
• Difference in Log Streaming Information
• Differences between Scopes and Permissions
• Different Bot Detection Logic For Login And Signup Flows
• Disable Remember Device for 30 Days on Login
• Disable Username/Password Login for Linked Enterprise Accounts
• Disable Verification Email Sent on User Creation
• Disabling User Import or Export Email Notifications
• Disaster Recovery Plan for Auth0/Customer Identity Cloud
• Discrepancy Between Count of Brute-Force Block logs and Data in Security Center
• Display Expiration Time for Link in Email Custom Template
• Does Auth0 Support Federation for Non-Human Entities
• Does Auth0 Support WhatsApp for Passwordless Login
• Does Terraform Provider Detect Changes Made in Dashboard
• Does the "com.auth0:mvc-auth-commons" Library Support Jakarta EE
• Does the Post-Change-Password Action Execute when Updating Passwords with the Management API?
• Dynamic Client Registration
• Dynamically Customize the 'From' Address in Email Templates
• Dynamically Set baseURL Per Request in express-openid-connect
• E2E Test Flow
• Edit Application settings via API
• Elevated Support Access Role Did Not Take Effect Immediately
• Email Branding is Not Working
• Email Length Limits and Validation
• Email Template Error "Template Cannot Be Rendered: Invalid Content Error"
• Email Template Showing Broken Images
• Employee/Internal Users Quota for Enterprise Agreements
• Empty data.details.prompts Array in Auth0 Success Login Logs
• Enable client_id or client_secret Fields on Application Section
• Enable for JWT for Client Authentication Feature
• Enabling Native to Web SSO with Terraform
• End of Life for search_engine v2
• End-of-Life Rollout for Unprocessed Q Parameter in Management API Clients Endpoint
• Enforce CAPTCHA for the Password Reset Flow Option is Not Shown in the Dashboard
• Ensuring Unique User_ids in Auth0 Across Multiple Tenants
• Entity Limits When Creating Applications with an Enterprise Subscription
• Error "access_denied: Cannot read property 'endsWith' of undefined" when trying to Debug the Keycloak Application
• Error "Forbidden attribute in app_metadata: username" when Creating a User via API Call
• Error "Invalid action" on Consent Screen when Using a Custom Page Template
• Error "rejecting request of a tenant under quarantine" when Authenticating
• Error "Request Entity Too Large: Payload content length greater than maximum allowed: 1048576" when Updating the Client with Management API
• Error "The country is invalid" when Updating a Debit or Credit Card
• Error "Too Many Logins with the Same Username"
• Error "You cannot use a custom login page with Identifier First" when Selecting Identifier First
• Error "You may have pressed the back button"
• Error Causing Application to Crash: "Failed to Get JWT Signing Key Error: unable to get local issuer certificate"
• Error Client is Not Authorized to Access API
• Error Creating a User With the Phone Number Attribute Via the Management API
• Error Grant Type Not Allowed For The Client
• Error Missing Required Parameter Code During Login
• Error on Native App ?You may have pressed the back button??
• Error on the New Hosted Login Page does Not Disappear when a New Value is Typed
• Error Updating Team Settings When Changing Team Name
• Error When Opening Passwordless Magic Link From A Different Browser
• Error when Running the Terraform Apply Command "403 Forbidden" on auth0_client Resource
• Error When Saving Custom Error Page URL
• Error While Enrolling New Device with Auth0 Guardian App
• Error: "Callback Handler Failed. CAUSE: Access_denied (Invalid Network Change. Login Again From a Trusted Network.)"
• Error: "Cannot convert undefined or null to object" when Attempting to Sign In
• error:04099079 When Using Auth0 as SP and Keycloak as IDP
• event.user.groups is Not Bringing in Updated Information
• Excluding Properties From an Auth0 deploy-cli Export
• Export Logs to a Third Party Log Aggregation Tool
• Exporting Tenant Logs
• Facebook Console Error
• Facebook Failed Login(f) with "Permissions error"
• Failed Exchange Errors "Expected auth0-forwarded-for header to be a valid IP address"
• Failed Login Due to SHA1 Hashed User Bulk Import
• Failed login: Invalid bit length repeat / distance too far back / code -- missing end-of-block / code lengths set
• Failed Sending Notification (fn) Log is not Showing in the User's History
• Failed Silent Authentication (FSA) Logs with "Login required" Error
• FCPR Logs with Description "Ticket required for verification"
• Feature Flags: Cloning a Tenant using the deploy-cli Tool
• Fields that can be Exported using the Bulk Export Tool
• Find the Quota Utilization per Country
• Finding the Number of Active Users
• Finding VPNs or IPs from Other Countries
• Fixing Issues Caused By Toggling Import Mode in Custom DB
• Force Apple Users to Share Their Email Address
• Format and Special Character Use for the user_id
• Free Tenants Can Not Open Support Tickets
• Frequently Asked Questions on Backup and Restore
• General Troubleshooting Best Practices / How To Report Defect or Outage
• Generating a HAR Capture on an iOS Device
• Generating Passwordless Login Magic Link
• Generation of the Threat Behavior Graph in the Security Center
• Get Rate Limit Information from node-auth0
• Getting (403) Forbidden Exception When Accessing '/testall' Endpoint
• Getting an Auth0 Access Token in a Custom GPT
• Getting Masked OTP While Testing Verification Email (Code) Template
• Getting the NAT IPs
• Gold Success Plan Enterprise Subscription
• Gold Success Plan Enterprise Subscription Changes
• Google Error After Federated Logout from Electron App: "The browser you're using doesn't support JavaScript..."
• Google One Tap integration
• Google Security Warning on Auth0 Redirect Domains
• Google to deprecate OAuth out-of-band (OOB) flow on October 3, 2022,
• Google Workspace Enterprise Authentication Tied to One User
• Granting API Access to Applications with Terraform
• Groups Claim Is Not Added to Token When Using Authorization Extension
• HAR File Too Large to Upload to the Support Case
• HIPAA / BAA Agreement for Self-Service Subscription
• How Auth0 Maintenance Window Are Determined
• How Often is the Well-Known Endpoint Content Changed
• How Submit a Penetration Test Request for Self-Service & Enterprise Subscription
• How To Access Support Center for Heroku Tenant
• How to Add Custom Headers to Log Stream
• How to Avoid Increasing Monthly Active User Count With Test Users
• How to Block Access to the Delegated Admin Extension Based on IP Address
• How to Bulk Add Roles to Users
• How To Bypass Identity Screen When Using HRD
• How to Cancel, Downgrade, or Change a Subscription
• How to Check Auth0 Health
• How to Check the History of Changes Made to Scopes Granted to an Application
• How to Contact the Auth0 Security Team
• How to Customize Already Existing Email Error Description on Sign Up
• How to Customize Error Message Returned to Application Callback Endpoint
• How to Customize Password Reset Page with Terraform Provider
• How To Delete an Auth0, Auth0 Community Forum Account
• How to Determine if a User is in a Consent Flow or has Given Consent to an Application
• How to Determine Remaining Requests Before Reaching Rate-Limits
• How to Determine the User that Performed Change via Delegated Admin Portal
• How to Enable Phone Attribute as Identifier via Terraform
• How to Find an Okta Tax ID
• How to Get Group IDs from Azure
• How To Get Role By Role Name
• How to Import Legacy Usernames with Non-Allowed Characters
• How to Import Password Hashes from Gigya to Auth0
• How to Insert Datadog Trace IDs or Other Custom Info into Auth0 Logs
• How to Manage a Linked Account with SCIM
• How to Manage an Auth0 Support Ticket
• How to Manage User Updates with Terraform
• How to Manually Verify a User's Email
• How to Monitor Bot Protection Usage
• How to Pass the Client IP to /passwordless/start
• How To Redirect Users After Login
• How to Report Issues and Product Feedback
• How to Require TLS 1.3 and Not Allow 1.2
• How To Reset User Passwords after Bulk Import when Password Hashes are in an Unsupported Format
• How to Search and Filter User Metadata and App Metadata in the Management API
• How to Specify Multiple Audiences
• How to Stream Multiple Types of Logs Towards Log Stream Services
• How to Test changes to Maximum Expiration Time for Login Transactions Deprecation
• How to Turn Off IPv6 Support
• How to Use a Self-Signed Certificate on LDAP Server
• How to Use Auth0's "ManagementClient" Module
• How to Use Bulk Import Job with Upsert Enabled
• HRD "Identity Provider Domains" that Contain Upper Case Letters Do Not Get Matched
• HTTP Request to Domain Exceeded 5 Second Limit Error With Splunk Log Stream
• https://status.auth0.com/ is currently not working,
• Identify Log Showing When email_verified was Set from true to false
• If we change the Google account for our Google social login, will users be impacted in any way?
• Import/Export Extension - "Payload Too Large" Error
• Importing User Profiles that Do Not Have an Email Attribute
• Importing Users from Okta to Auth0
• Importing Users with pbkdf2 Hashed Passwords
• Inability to Login and Latency Issues in China
• Inconsistent Labeling in Quota Utilization Report - Enterprise Active Users vs. Active Users
• Incorrect Email Template Variables When Pressing 'Try' on the Dashboard
• Increase Allowed Callback URLs Entity Limit
• Increasing Permitted Limit of "Allowed Web Origins" and / or "Allowed Origins (CORS)"
• Information to Provide when Opening an Auth0 Support Case
• Installing Multiple LDAP Connectors on a Single Windows Host
• Intermittent Failed Login: ?You may have pressed the back button?
• Intermittent Management API Timeouts for Apps Hosted in AWS
• Internal Server Error when Attempting to Change Password "Error!API Error. Please contact support if the problem persists"
• Invalid Payload 400 Error on POST to SCIM Users Endpoint
• Invalid Thumbprint for ADFS
• Invalidate Password when Sending Password Reset Email
• Invalidating Password Reset Links After Password Change
• Invited User Unable to Receive Reset Password Email
• iOS Application does not Recognize Auth0 Associated Domain
• IP Contained in "auth0-forwarded-for" Not Shown in Logs
• Is a Load-Test Request Required when Testing an Internal Product
• Is it Possible to Import Users with Hashed Passwords from Salesforce Communities
• Is It Safe to Delete the 'Default App' Application
• Is Teams Feature Supported by Terraform Provider/Deploy CLI
• Isolated Handshake Failure (SSL) with Endpoints - Reason: Write EPROTO - SSL Alert Number 40
• JWT Verification from a Backend API
• Lazy Migration Between Two Auth0 Tenants
• LDAP Connector is Offline
• Limit of Entities Error Adding Applications to Staging or Dev Tenants
• Limit of Identities that Can Be Linked to a Single Profile
• Limit on IP Addresses to the Allowlist of Bot Detection
• Limiting the Number of Roles Shown for Role Assignment
• Linking Two User Accounts from the Auth0 Dashboard
• Load Testing Availability for Self-Service Subscription
• Location of Tenant's Global Client ID and Client Secret
• Log Event while Adding a Custom Domain
• Log Stream Failing to Send Logs to Splunk
• Log Stream Webhook is Triggered Only After 5 minutes
• Log Streaming unable to verify the first certificate
• Log Streams Export to Google Cloud Platform SecOps
• Login Error "Not Found" Appears after Configuring the Java Spring Boot Application
• Login is Rate-Limited for /passwordless/start
• Login Links in Emails and Safe Links Scanners Leading to Rate Limit Issues
• login transaction redirects to apps login route with 'iss' param such as 'https://mydomain.com/login?iss='
• login_hint Behavior with Identifier First Flow and Additional Signup Fields
• Logins_Count and Last_Login Updated After Failed Login Attempt
• Logout Error: post_logout_redirect_uri Parameter Not Defined as a Valid URL
• Logs Not Delivered from Auth0 to Amazon EventBridge using Log Streams
• Management API Global Limit Preventing Administration via Terraform
• Maximum Number of Log Streams Per Tenant
• Meaning of "limit_sul" Error
• Meaning of allow_magiclink_verify_without_session:true when Exporting Configs
• Meaning of ID Token "sub" Claim
• Members in Tenant are Not Removed when Deleted from Teams
• Migrating From ADFS to Azure AD With Active Authentication
• MIME Message Is Missing 'From' Header Error With Passwordless Email Login
• Minimum Information Required to Import Users with the Import Export Extension
• Missing "Back to My Application" Button on Expired /u/reset-password Page
• Missing Fields in Auth0 Bulk User Export
• Missing Required Parameter Error Logs When Using Censys Scanner
• Missing Users in Password Hash Export are Present in Bulk User Export from a Custom Database
• Mixpanel Log Stream Fails with Error "Authenticated user does not have permission"
• Model Context Protocol (MCP) Common Questions
• Modify Contents of Tenant Log like Type or Description
• Modifying the 'robots.txt' File
• Monitor Auth0 Services
• Monitoring Auth0 Tenant Quota Usage and Statistics
• Monitoring Change Password Email Request
• Monthly Active Users (MAU) Reports per Application
• Newly Invited Users to Teams Unable to Login to Auth0 Management Portal
• Node18 Environment and MongoDB Do Not Work
• Non-Email Based Login in Auth0
• Not Able to Login to a Newly Created Tenant Dashboard
• Notification is Not Sent when the Account is Blocked
• Notification When an Issue Fix or Enhancement Is Available
• Office 365 Deprecation of Basic Authentication
• Okta Inbound SCIM with Roles Fails with Invalid Payload fscim Error
• Okta OIN Provisioning Rate Limit Error
• Optional Approach to Email Invitations for Application Signup
• Organization Invitation Error "The specified account is not allowed to accept the current invitation"
• Pass Additional Parameters to Passwordless Email
• Passing Extra Parameters to the Password Reset URL
• Password Breach and Brute Force Lockout Notifications and Unverified Emails
• Password Change Behaviour for a Non-Existent User
• Password Change Redirect Behavior
• Password Change Required after Password Hash Import
• Password Change Ticket Error: "Invalid property result_url"
• Password Dictionary Not Preventing Certain Passwords from Being Used
• Password Entry in Authentication Methods Example
• Password Hash Import with Firebase's Scrypt Algorithm
• Password Policy Does Not Support Requiring All Four Character Types
• Password Reset Before First Login with Automatic Migration Enabled
• Password Reset Emails Not Received
• Password Reset Requests Not Blocked after Suspicious IP Banned
• Password Strength Validation Effect on User Import
• Passwordless Login Fails with Error: "Client Authentication is Required"
• Passwordless SMS Attack Mitigation
• Passwordless Verification Code Rate Limit
• Payload Validation Error while Configuring Login URI
• Payload Validation Errors When Attempting to Set the datatype undefined in Metadata
• Payment Card Industry (PCI) Data Security Standard (DSS) Attestation of Compliance (AOC) Certificate
• Performance Issue in Login Flow
• Personal Data Password Policy Allows Parts of Email Address
• Plan Upgrade from Professional to Enterprise not Reflecting Changes
• Possibility of a New User Being Created with a Previously Deleted user_id
• Possibility to Access Auth0 Using HTTP Instead of HTTPS or a Port Other than 443
• Post User Registration Flow API Object
• Prerequisites for Bulk Users Import
• Prevent Admin Consent for Azure AD App for Every User's First Login
• Prioritized Log Streams Explained
• Private Key JWT Authentication for Single Page Applications
• Provisioning Users with Roles and Permissions Before First Log In
• Public Cloud (US, EU, AU, and JP) IP Addresses Update - July 2025
• Python Certificate Verification Failed with Error "unable to get local issuer certificate"
• Query Users Blocked by Brute Force Protection Using the Management API
• Real-time Webtask Logs - Stuck at Connecting
• Reason for Many Low Confidence Impossible Travel Scores
• Receiving Email to Upgrade Auth0 Plan but the Tenant Quota Usage is not Exceeded
• Receiving Error that Scopes Exceeds the Allowed Maximum of 100
• Recommended Parameters for AWS CloudFront Reverse Proxy
• Recover Admin Access to a Tenant
• Recovering and Rolling Back Configuration Changes Made with the Auth0 CLI
• Redirect Users after Logout
• Redirecting Users to a Signup Page if Account Does Not Exist
• Redirects from "onContinuePostLogin" Stopped Working and Now Work Again
• Remove Admin Block after Password Reset
• Remove Email Address from the Password Reset Redirect URL
• Remove the ?auth0|? Prefix of the User ID
• Reporting a Security Vulnerability
• Request Additional Operational Attributes from AD/LDAP Connector
• Request Failed with Status Code 404
• Request of W9
• Request to Webtask Exceeded Allowed Execution Time
• Require New Users to Change Password Before Logging In
• Resend Tenant Member Invitation to Self
• Reseting Password sets Email Verified to True, but Does Not Send a Welcome Email
• Resource Owner Password flow with Realm Support on Postman
• Restore Deleted Client
• Restore Deleted Users
• Restrict Access to Dashboard by IP Address
• Retrieve a List of Successful and Failed Logins within a Given Timeframe
• Retrieve All SPA and Regular Web Applications via the Management API
• Retrieve Complete User Profile using Management API
• Retrieve List of All Applications and API in a Tenant
• Retrieve Logins Count per Application
• Return An Error From Custom Database Login Script That Does Not Emit `fp` nor `fu`
• Reusing a Previous Email Address after it is Changed to a New Email Address
• Reusing the Same Auth0 Application Across Multiple End-user Apps
• Revert the Upgrade to New Structure Self-Service Subscription
• Roles and Permissions Per Application
• ROPG Flow Contributes to the Database Login Limits
• ROPG Grants Failed Logins Not Intuitive Outcome - fepft - fp
• ROPG Returns Wrong Email or Password
• Rotate the Global Client Secret in Auth0
• RSA SHA-512 (RS512) Signing Algorithm Support
• Safari & IOS Browsers Not Able to Sign Up with Silent Authentication
• Safari Browser Throws "Error: invalid_request" at Login
• Salesforce User Cannot Login Because their Email is Not Verified
• Salt Length Used by Auth0 when Hashing Passwords
• Sanitizing HTTP Traces
• Search by User ID in Dashboard
• Search by Username does not Return Result Even When User Exists
• Search for Users by Email with Auth0 Management API Endpoint
• Searching for Users by External Identity Provider ID
• Searching the User with the Management API Returns the IdP Token
• Secret Handling in Terraform
• Security Alert from Microsoft Regarding Risk of Privilege Escalation Using the Email Claim
• Security Headers on /.well-known/jwks.json Endpoint
• Security Questions about Password Management
• Security Questions on Keys used for Secret Encryption
• Security Scan Tools
• Selective Use of Bot Detection
• Self-Service Subscription Billing Cycle
• Send an Email Verification Job
• Send Invitation Link as Plain Text
• Send Unique or Separate Emails Per Application
• Sending Email Notifications for Brute-Force Blocks to Users with Phone and Email Identifiers
• Sending Password Change Email for New Users
• Sequence of Statuses for User Export Job Status
• Set Security Headers in All Authentication Pages
• Set the Change Password (Link) Email Template URL Expiry Time
• Setting Callback URLs for Mobile App
• Setting Multiple Possible Values for AD/LDAP Profile Attributes
• Should TLS 1.2 Be Enforced when Making Requests to Auth0
• Show Custom Alert on Auth0 Login Page
• Show Friendly Name in Tenant List in Dashboard
• Show Password Icon Is Not Visible on the Classic Login With Lock Template
• Show RP-Initiated Logout Prompt' Turned Off but Still Shows
• Signing Certificate Shows the Same Issuer and Issued By Domain
• Single Log Out from SPAs Opened in Different Windows Without Relying on 3rd party Cookies
• Skip Errors during Imports with the CLI Tool
• Slack Integration Installation Instructions
• SMS Passwordless Blocked by Brute Force Attack Fails to Notify User
• Some Log Event Types Are Not Available in Dashboard Search Results
• Some PII Are Not Obfuscated in Log Stream Even If Masking or xxHash is Enabled
• SSL Certificate Renewal Schedule
• Startup Private Key JWT
• Startup Subscription Auth0 Quota Exceeded
• Static IP Addresses for Allowlisting
• Status Page RSS Feed Returns Error: "Please check your domain parameter."
• Staying Updated with Auth0 Terraform Provider Releases
• Stop Verification Email from Sending for Certain Applications
• Stream Export Files are not Available when using Auth0 Deploy CLI Export Command
• Stream Logs to Kafka
• Subscribe to Atom/RSS Feed for Status Page with Multiple Tenants in Different Regions
• Support Access Role Cannot be Created from Support Center
• Support for 64-byte TOTP secrets
• Support for Sender Constraint Mechanisms such as mTLS and DPoP
• Suspicious IP Throttling - Default Values for Login Threshold and Sign Up Threshold
• Suspicious IP Throttling - How the Number of Allowed Login Attempts will Recover
• Suspicious IP throttling rate management API and dashboard disparity
• Suspicious IP Throttling Reset Frequency
• Switching Dashboard SSO IdP from One Account (OIDC) to Okta (SAML)
• Synchronization Failure During User Provisioning Between Microsoft Entra ID and Auth0
• Team Invitation Error The User Already Exists
• Team Member Invitation Fails and Enters Dashboard Login Loop
• Tenant Access Control List (ACL) Use Case Examples
• Tenant Admin Unable to Login With Other Connections
• Tenant Admins: Leverage the Auth0 Support Center to Review and Update your Company's Primary Security Contact and CIO/CISO Contact
• Tenant log `details.qs.state` field doesn't match with the `state` sent in /authorize request
• Tenant Log for Successful Logout Has No User Information
• Tenant Member Added Through Teams Cannot be Edited on Tenant Dashboard
• Tenant Member Cannot Invite New Members / Dashboard Users
• Tenant Member Invitation Link Expiration Time
• Tenant Member Role 'Editor - Specific Apps' Only Showing First 100 Applications
• Tenant Missing from Affected Tenant Dropdown in Support Center
• Tenant Model of Auth0 Public Cloud
• Tenant Signing Keys Using SHA1 Instead of SHA256 Algorithm
• Terraform - passing output of other resources during execution
• Terraform CI/CD
• Terraform Created Applications Disappear and Email Templates Fail to Update
• Terraform Deployment is Slow in Dev or Staging Tenants
• Terraform Error "feccft / ReferenceError on credentials-exchange: scope is not defined"
• Terraform Error after Migrating to Version 1.0.0: "auth0_trigger_binding.password_change_flow"
• Terraform Error: 409 Maximum Log Streams
• Terraform Flag for "Use a generic response in public signup API error message"
• Terraform Provider and Cross-Origin Authentication
• The "content" Property from the limit_mu Event Code Mismatches the Suspicious IP Throttling Configuration when Using Datadog for Log Streaming
• The Description Field is Empty in Some Log Types Sent by the Log Stream
• The Function of POST /api/v2/device-credentials Endpoint
• The Password Reset Link Generated for a Specific Application Returns an "Invalid Link" Error
• The Purpose of the "Allowed Apps / APIs" Application Setting
• The schema definition for logs appears to be inaccurate
• The SCRIPT Tag Breaks the Auth0 CLI Storybook
• The Specified Account is not Allowed to Accept the Current Invitation in Azure AD
• The User is Marked "BLOCKED(BRUTEFORCE)" although the User IP is in the Allowlist of the Brute Force Protection
• Third-Party Service Cannot Interpret User ID Because it Contains the Pipe ( | ) Character
• TimeoutError: Specified timeout of 5000ms was reached
• Tooling for auditing Auth0 missing active user (MAU)
• Trace Logs for Client Deletion
• Transfer Ownership of Startup Plan Subscription
• Trigger for Email Indicating "A user's account may have been hacked, compromised, or stolen."
• Trigger for Just-in-Time Membership
• Troubleshoot Real-Time Webtask Logs Extension's "Connection error"
• Troubleshooting Rate-Limit Exceeded During Authentication
• Unable to Access Tenant Through Auth0 Teams Because of Incomplete Profile Setup
• Unable to Activate the "Flexible Identifiers" Feature
• Unable to Assign an Application to User, No Applications Display in Authorized Applications
• Unable to Click on Auth0 Team Members
• Unable to Display Personalized Information on the Password Reset Page using the Classic Login Password Reset Page Editor
• Unable to Find Users by Email Due to Invisible Unicode Characters in Email Address
• Unable to Find Users When Querying by Fields Such as last_password_reset and blocked_for
• Unable to Generate a ?User doesn?t exist? Message During Login
• Unable to Load Applications Page
• Unable to Search the Details Object in Tenant Logs
• Unable to Switch Tenants
• Unable to upgrade my subscription: "Error! Payment for this subscription requires additional user acction before it can be completed successfully..."
• Unable to View Auth0 Payment and Billing Info
• Understanding and Testing the Non-Verifiable Callback URI Consent Screen
• Understanding Scopes and UserInfo Scopes
• Unexpected Usage of the Log Endpoint /api/v2/logs
• Universal Passwordless Links Are Not Working With Redirect
• Update Auth0 Dashboard User Profile
• Update or Remove the Gravatar Image from User Profile
• Update Password for Users who Did Not Receive the the Password Reset Email
• Update Tenant Settings sandbox_version
• Update the Phone Number of Users with Management API for Custom Database
• Update the Role of an Existing Team Member
• Update Webtask Extension Settings / Secrets
• Updating a secondary account
• Updating or Creating Users Fails with Dotted Fields Error
• Updating User Profile Root Attributes
• Updating Users with Duplicate user_ids
• Upgrade Auth0 Terraform Provider from Version v0.x to v1.x and Avoiding Conflicts
• Upgrade Auth0-deploy-cli version to address security vulnerabilities
• Upgrade Tenant-Wide Extensibility Runtime Node Version using Auth0 Deploy CLI and Terraform
• Upsert app_metadata with the User Import API and Merging app_metadata
• Upstream Requests to Auth0 Timeout when Using Reverse Proxy
• Use Auth0 Dashboard on Mobile Browsers
• Use Authorization Core and Authorization Extension Together
• Use Case: Bulk Exporting Auth0 Users Using Filters
• Use Office365 Accounts to Register/Authenticate to the Application
• User Account is Not Blocked When 'Block compromised user accounts' Feature is Enabled
• User Agent Differs in Log Sent to Log Stream vs the Same Log in Auth0
• User Blocked by Brute Force Protection - Blocked Field of the Delegated Admin Extension (DAE) Still Displays NO
• User Bulk-Export Numbers
• User Can Be Created with Invalid Email Format
• User Can Signup with Email that Received Brute Force Block
• User Can Still Log In after Brute Force Block
• User Export Stuck at 0%
• User Export: Include Applications Through which the User has Authenticated
• User Fuzzy / Proximity Search Not Working on Dashboard and Management API Request
• User History - Missing Failed Login Log Events
• User ID in the Log is Unexpected
• User Import / Export Extension - Nothing to Export Prompt
• User Import Export Extension Not Loading for Large Database
• User Import Fails with Error: "Error in passwordHash Property - String does not Match Pattern"
• User Import from LDAP Database Getting Incorrect Username/Password
• User Import Without Password Hashes
• User Import/Export Extension Results in "Auth0 Oops!, something went wrong"
• User Import/Export Extension: Error in Email Property, Expected Type String but Found Type Null
• User in a Redirecting Loop after Account is Manually Blocked
• User not Assigned to the Client Application Error at Log In
• User Password Not Randomly Generated During User Import via API Call
• User Passwords Not Working After Bulk Importing Users with MD4 Algorithm Specified
• User Profile Encryption
• User Search - AND Query Involving Object Elements of Array Not Working as Expected
• User Search Sometimes Does Not Return Newly Created Users
• User Search with Multiple Queries with GET /api/v2/users Endpoint
• User with Blocked(Bruteforce) is Able to Login
• User's email_verified Flag to be Set to True once the User Reset their Password
• User_ID Listed as 'SUB'
• Usernames and special characters
• Users are Required to Enter Recovery Code when Installing Auth0 Audience on Mobile Device
• Users Blocking Feature Not Working As Expected
• Users Created Through Import Users API not Searchable after Job Completes
• Users Deleted in Active Directory Not Reflected in Auth0
• Users Forced to Login after Email Verification
• Users from Custom Database Blocked by Brute-Force Protection with Special Character in Username
• Users Getting Logged out of the Auth0 Dashboard
• Users Lucene Search Not Working for blocked:false
• Users Seeing Consent Prompt on Every Login
• Using Auth0 in Safari with ITP Enabled
• Using Customer user_id Instead of an Auth0 Generated user_id
• Using the Authorization Code Flow Without a Redirect
• Using the Delegated Admin Extension Creates Deprecation Notice Logs
• Valid Characters of User Profile's "given_name" and "family_name"
• Validate Captcha Enforcement due to Bot Detection with Risky Option Enabled
• Validate State Parameter
• Variable application.name in Change Password Template Appearing as Tenant Name
• Verification Email Error Message
• Verification Email Flow Leads to Error Page Instead of Redirecting to Custom URL
• Verification Email Redirect: Pass User Email Address as a Parameter
• Verification Emails Are Not Getting Sent
• Verification Failed for the Provided custom_password_hash
• Verification Template "From" Field is Not Reflected in Passwordless Email
• Verify Email Address Before Signup Completes
• Viewing Large Numbers of Logs in the Auth0 Dashboard
• Viewing User Log History in Dashboard Results in ?Error trying to fetch this log entry?
• Vulnerability CVE-2023-4863 and Impact on Auth0
• Weak TLS Cipher Suites Usable in Auth0 Endpoints
• Webtask Container questions
• What Does a User from a Sanctioned Country Blocked by Auth0 See on a Login Attempt?
• What Does BLOCKED(BRUTEFORCE) Mean for a User
• What Happens to User Data when an Account is Deleted via API Delete Endpoint
• What Happens when the "prompt" Parameter is Not Sent to /authorize
• What Happens when the Auth0 Free Trial Expires
• What is "callback_url_template" Property
• What is "Devices" in the User Profile
• What is the "All Applications" Application
• What Is the Category "None" in Thread Behavior by App Report
• What to Set the `Limit` Value to Export All Users
• When Do the Attempts for Brute Force Protection Reset
• When Is the "ublkdu" Log Produced
• When to Use a Separate User Database
• Where to find the Log Event Schema
• Why Are Wildcard Subdomains Considered Insecure
• Why Authentication Methods Are Not Included in Auth0 User Search Results
• Why Does Auth0 Not Allow Wildcards in an Application's Allowed Callback URL List
• Why the q Parameter is Appended to the Lang Parameter in Error Handles in the Custom Error Pages
• Wildcards Cannot be Used to Query Logs by IP Address
• Will Auth0 Support Node 20 Runtime
• Will End-users Be Forced to Change Passwords when the Password Strength is Updated
• Windows Live Error: "Error retrieving AzureAD profile"
• Wordpress Login Error: "Client authentication is required"
• Wordpress: Users are Not Being Created in Auth0 because of Bot Detection

Admin Management (115)

• Admin Cannot Login to Dashboard - Error "access_denied user is not part of the organization"
• Admin Receives Permission Error When Viewing Support Tickets
• Application settings Missing the toggle for Trust Token Endpoint IP Header
• Arbitrary Custom Script Names in Database Connections
• Auth0 CLI Warning When Deleting Applications
• Auth0 Dashboard SMS Multi-Factor Authentication Code Not Received
• Auth0 Error Occurs When Populating Email Template Redirect To Field
• Auth0 Export/Import User Extension Blank Page
• Auth0 Private Cloud Status Page Access
• Auth0 Quota Exceeded
• Auth0 Splunk Log Stream Generates Could Not Reach Endpoint Error
• auth0Client Parameter in Authentication API Endpoints
• Authentication Method Configuration Limitations for Auth0 Applications
• Availability of Auth0 Dashboard Authentication Logs for SIEM Ingestion
• AWS SES or SMTP Blocked or Flagged by Office365 Outlook Email Server
• Back up or Export Auth0 Tenant and User Data
• Backup and Restore Features Provided by Auth0 for Tenants
• BadRequestError Occurs When Accepting Auth0 Teams Invitations
• Can the Auth0 Tenant Name be Changed
• Cannot Access Auth0 Teams Dashboard After Subscription Upgrade
• Cannot Update OIDC Connection Client Secret - The Save Button Does Not Respond
• Cannot Upgrade from Tenant-based to Team-based Self-Service Subscription - Unable to Upgrade Subscription Error
• Change Identity Provider for Dashboard Admin SSO Integration
• Change in Access to Subscription Support Tickets
• Change the Location of Existing Tenant
• Changing the Tenant Domain Name
• Cloning or Duplicating an Auth0 Tenant
• Common Questions for Deletion of Auth0 Tenants
• Configure a Firewall Allowlist for Auth0 Authentication
• Configure SAML SLO for Auth0 (SP) and Okta (IDP)
• Configure the options.domain Field for an Azure Active Directory Enterprise Connection
• Configuring Audience for Multiple Websites and APIs
• Configuring Auth0 as an IdP Without Using SAML
• Copy of Data Processing Addendum (DPA)
• Create Auth0 Applications with a Specific Client ID
• Customizing the Delegated Admin Extension's Behavior
• DataDog Log Stream PII Obfuscation Does Not Mask Email in 'value' Field
• Delegated Admin Extension and Organizations
• Deleting Tenants in the Context of Teams
• Deploy CLI Error "error: Unable to update enabled clients for databases: con_ID: Payload validation error: 'Array is too long (n), maximum 50'"
• Determine Tenant Name from Application Login Page URL
• Email Not Sent Error: "Missing MX and A Records"
• Email Verification is Required when Email is Already Verified for Auth0 Account
• Enabling Elevated Support Access Roles for Auth0 Teams
• End-of-Life Rollout for Mandatory Use of SNI for HTTPS Requests
• Enterprise Connection Metadata Not Viewable or Updatable in the UI
• Error A Tenant with the Same Name Already Exists
• Explanation of the Application Credentials Limitation in the Entity Limits Policy
• Finding SOC2 and Other Compliance Related Reports
• Forms for Actions - Customise the Form with CSS
• Get User Details in Callback When User Blocked
• How to Add Tenants to new Enterprise Subscription
• How to Allow Username/Password and Federated Logins
• How to Change the Tenant Name Displayed in Self-Service SSO Setup Ticket
• How to Check which Tenant Admin made Changes to an Action
• How to Differentiate Auth0 Rate Limit Errors (Global vs. Others)
• How to Escalate an Auth0 Support Case
• How to Filter Logs for Operations Performed by Tenant Administrators
• How to Get Notified when a Log Stream is Suspended
• How to Manually Redact Sensitive Information
• How to Open an Auth0 Support Ticket
• How to Remove PII from Tenant Logs Before Exporting
• How to Sanitize a HTTP Trace File Automatically
• How to Submit Product Feedback or Feature Requests
• How to Subscribe to Service Status Updates
• How to Switch Tenant Admin User with Accidentally Created User
• ID Token Returns Incorrect JWT Signature Algorithm
• Incorrect Admin MFA Readiness Check
• Increase Limit of 10 Applications for Development Environment Tenant
• Invoices for Growth Plans Yearly Self-Service Subscriptions
• Link Existing Tenants to Startup Subscription
• Linking Tenant to Teams
• Logo Does Not Appear on the Application Sign-In Page
• M365 as External SMTP "Error sending email: Access is denied. Check credentials and try again"
• Monitor M2M Token Usage
• My Admin Profile Email needs to be Changed
• New Tenant Admins are not Able to Access the Dashboard
• Okta's Position on the EU Data Act
• Ports Exposed on Auth0
• Private Key JWT Allows Expired Certificate
• Recovery Point Objective (RPO) and Recovery Time Objective (RTO) Information
• Refund for Self-Service Subscription when Customer Upgraded the Wrong Tenant
• Report of Monthly Active Users (MAU)
• Required Roles for Management Dashboard's Bulk Import/Export Feature
• Resolve 500 Internal Server Error Due to Incorrect Vercel Configuration
• Revoke Refresh Tokens When a User Successfully Resets Password
• Second Tenant on a Free Plan
• Send a Welcome Email on Request
• Sleep Execution in the Delegated Admin Extensions Hooks
• Stats Report about Auth0 Tenant
• Stream Logs to Loki
• Suspend the Billing for a Tenant
• Team Owner Unable to Access Tenant
• Tenant Admin is Unable to Create a New Tenant
• Tenant Administrator Cannot Access the Quota Utilization Dashboard
• Tenant Administrators Cannot Access Subscription Page in Auth0 Teams
• Tenant Admins Automatically Logged Out of Auth0 Dashboard
• Tenant Created by Mistake - How to Delete a Tenant in the Context of Teams
• Tenant Creation in a Specific Sub-Region
• Tenant Maintenance Mode
• Terraform Error Unsupported Block Type When Configuring Auth0 Log Stream
• The Error "The from address does not match a verified Sender Identity" is Received via Email after Setting Up Sendgrid as the SMTP Provider
• Transfer Subscription to Different Tenant
• Transfer Tenant from One Team to Another
• Transitioning Tenants from One Enterprise Account to Another (Enterprise Plan)
• Triggering the "gd_send_email_verification" and "gd_auth_email_verification" Events in Auth0 Tenant Logs
• Unable to Access the Private Cloud Status Page
• Unable to Manage Tenant Members After Update to Teams
• Understanding Multiple Failed Silent Authentication (fsa) Logs
• Unsupported Query Error When Searching Clients by Name via API
• Update Connection Display Name for Universal Login Experience
• Updates in Auth0 Dashboard to Resources Managed by Terraform Cause Desynchronization
• User Information not Available in Connection Deletion Event Logs
• Using Auth0 Tenant for Production and Development
• Warning Occurs About Development Keys When Tenant Is In Production

API (147)

• "Invalid JOSE Header, 'kid' is Required" Error During Token Validation
• "Payload validation error: 'Data does not match any schemas from 'oneOf'" when Creating or Updating Forms via Management API
• "Self changing of passwords is not enabled on this connection" Error When Calling /dbconnections/change_password Endpoint
• "The Generated Token is Too Large" Error Returned from the Authentication API
• /userinfo Endpoint Returns "429 Rate Limits" Error
• 400 error when creating a password change ticket via Management API
• 401 Errors on OpenID Configuration and JWKS Endpoints with AWS API Gateway
• Access Token Rejected when Calling Auth0 APIs
• Action API Method Difference Between 'api.multifactor.enable' and 'api.authentication.challengeWithAny'
• Adding RBAC Permissions to Access Tokens
• API Not Found when Registering M2M Application
• API Response Times for Authentication and Management APIs
• APIs Menu Item is Missing from the Application Settings
• Arbitrary Custom Script Names in Database Connections
• Auth0 Identity Unlink Fails for Google Apps Connection via Management API
• Auth0 Service Not Enabled Within Domain Error When Using an Audience Parameter
• Auth0 Support for API Keys and Personal Access Tokens
• Auth0 Tenant Uses Default Directory Connection Instead of Application-Specific Connection
• auth0Client Parameter in Authentication API Endpoints
• Bad Issuer on Custom Domain when using Token to Instantiate ManagementClient
• Bot Detection and CAPTCHA Do Not Affect Non-Interactive Clients (M2M) or API-based Calls
• Breached Password Detection when Creating User via Management API
• Bulk Update User Profile Details Using the Management API
• Cache Response of JWKS Endpoint in Spring-based Java Application
• Caching Access Tokens and Renewing Upon Expiration
• Calling the getAccessTokenSilently API Returns the Same Access Token
• Cannot Get Back to Login Screen After an Action Denies Access
• Change access_token Expiration Time
• Change Notice: Mandatory Use of SNI for HTTPS Requests
• Client Metadata Was Not Updated in Actions
• Configure Custom OpenID Connect Claims via Claims Parameter Using Management API
• Configure the options.domain Field for an Azure Active Directory Enterprise Connection
• Configuring Audience for Multiple Websites and APIs
• CORS Error When Initiating Silent Auth Requests
• CORS Errors Occur During /authorize Calls
• Customize Forgot Password Wizard
• Definition of "expires_in" Field in the "POST /oauth/token" Response
• Deleted Apple Users Receive Email "{Service ID} has revoked your Sign in with Apple account"
• Disable Automatic Test Application Creation When Creating an API
• Disable Seamless SSO Between Applications
• Disable the Consent Screen for Profile when Logging into Auth0 Applications
• Does the PUT /api/v2/users/{id}/authentication-methods Endpoint Support Webauthn Factors
• Duplicate User Error When Performing a Bulk Import with Upsert False
• Enable Role-Based Access Control for User Roles in Organizations
• End-of-Life Rollout for Field fromSandbox in Authentication API Error Responses
• End-of-Life Rollout for Mandatory Use of SNI for HTTPS Requests
• End-of-Life Rollout for the Universal Login WCAG 2.2 AA Opt-in Setting
• Enterprise Connection Metadata Not Viewable or Updatable in the UI
• Error "getaddrinfo ENOTFOUND" When Using node-auth0 ManagementClient
• Error "Service not enabled within domain"
• Error Message "Redirection is not available on /oauth/token endpoint"
• Example of Using the "Test an Action" Payload
• Extend or Remove Expiration Time from Management API Access Token
• Fetching an M2M Token Returns All Granted Scopes/Permissions Instead of Requested Scopes
• Generating Email Verification Links without Emailing the User
• Get an Execution Endpoint Returned 404 Error: "That execution does not exist." While the Execution ID is Correct
• Get or Export Users from the Auth0 Tenant
• Get SAML Tokens via API
• How to Add the Permissions Claim to an Access Token
• How to Create a M2M Application using the Management API
• How to Create a Password Reset Link Without Emailing the User
• How to Get an Access Token for Testing
• How to Make an Axios API Call and Store it as a Custom Claim using Actions
• How to Perform Bulk Updates on Connections
• How to Prevent Multiple Active Sessions for the Same User
• How to Resend a User Verification Email
• How to Set the Expiration of an Organization Member Invitation
• How to Stop Getting JWEs when JWT is Required
• How to Use the Management API in a Single-Page Application (SPA)
• HTTP 403 - "User to be acted on does not match subject in bearer token"
• Insufficient scope errors when accessing tenant management API
• Integrate Auth0 with n8n.io Using the Management API
• Invalid Access Token Error When Decoding an Access Token
• Invalid Request Payload Input Error during User Role Assignment via Management API
• Invalidating an Access Token after User Logout
• Invite Users Created by the Management API
• Issue with the Passkey-Enrollment Screen when api.access.deny() is Called
• JWKS Endpoint Latency and Timeout Impact
• Large Metadata Search Returns No Results
• Logging Action Execution Details with AWS Lambda and Auth0 Management API
• Making MFA Enrollment Optional
• Malformed User ID From SAML Attribute Prevents Dashboard User View and User API Calls
• Manage Auth0 Event Streams Using The Management API
• Management API for Connections Does Not Return All Connection Settings
• Management API GET /api/v2/stats/daily Does Not Retrieve Any Values
• Management API Rate Limit: "The current_user* Scope Limit has Been Reached"
• Management API Token Does Not Contain All Granted Scopes
• Management API Token from API Explorer Tab does not Contain Expected Scopes
• ManagementAPI Error: "The account is not allowed to perform this operation, please contact our support team."
• Managing Connections via Auth0 APIs
• Managing Tenant Members via API
• Maximum Character Length for the "audience" Identifier
• MFA API with Custom Domain Leads to Error: "The mfa_token provided is invalid. Try getting a new token."
• Modify Scopes of Access Token for Auth0 Management API
• Monitoring Auth0 Tenant Quota Usage and Statistics
• Multifactor Attribute in the User Profile when Exporting
• New Management API Scopes Required for Connection Options and Impact on Deployment Tools
• No Roles Assigned after Creating Organization Invitation through Management API
• Non-String Values in the Configuration Field for Connection Options
• Opaque Versus JWT Access Token
• Password Change Error Organizations are not Supported in Classic Universal Login
• Password Reset Ticket Endpoint Fails With "User does not exist" Error on Custom Database Connection
• Payload Validation Error when Filtering User Export with Query Parameter
• Performing Bulk User Import with Management API and User Import/Export Extension
• Permitted IP Address Formats for Attack Protection Allowlists
• Prevent Sign-Up When Email Address Already Exists Using an Action
• Private IP from gd_unenroll log
• Querying Refresh Tokens Via the Management API
• Rate Limit Applied for M2M Authentications Calls
• Rate Limits for /userinfo Endpoint from Server-Side Calls
• Refresh Token and Session Management
• Request Header or Cookie Too Large Error
• Requesting Access Token Scopes with ROPG (RBAC enabled vs RBAC disabled)
• Resolving "ENHANCE_YOUR_CALM" Error When Validating Access Tokens
• Restrict API to a Specific Organization
• Retrieving Auth0 User Roles in Bulk While Respecting Rate Limits
• Revert a Database Connection to the Old Attribute Configuration
• Run Custom JavaScript After Signup with the Universal Login Page
• Search For Organizations Using the Management API
• Securely Passing a JWT in URL Query Parameters for a GET Request
• Send a SAML Response that Includes the "AudienceRestriction" Tag when api.access.deny() Is Called
• Set a Custom Display Name for a Social Connection in Universal Login
• Set Different Access Token Expiration Depending on Application Grant Type
• Setting the Error Value Returned when Denying Access within Auth0 Action via "api.access.deny"
• Supported Meta Graph API Versions
• Testing Authorization Code Flow Using Postman
• The setUserByConnection Function Does Not Validate Users Against Upstream Identity Providers
• Token Expiration Value Not Reflected by expiresIn Property
• Troubleshooting Invalid Audience Errors
• Twitter API Issues v2 - Error "InternalOAuthError: Could not authenticate you."
• Unable to paginate more than 1000 records when getting user roles
• Understanding the Google Workspace "Enable Users API" Setting
• Unexpected 400 Error in the Management API when Connecting an Organization to a Connection
• Unsupported Query Error When Searching Clients by Name via API
• Update Connection Display Name for Universal Login Experience
• Update or Remove Keys from Organization Metadata with the Management API
• Update the Email Template of Passwordless Email OTP using Management API
• Update User Metadata from Within a Post Change Password Action
• Use Azure AD Access Token to Call a Second Azure Application
• User Assigned API Permissions Do Not Appear in Access Token Using Organizations
• User Information not Available in Connection Deletion Event Logs
• User Not Found Error When Updating Users imported from a Custom Database (Import Mode ON)
• Using the Management API in Actions
• Value of the Audience Attribute in Access Token Requests and its Significance
• Visibility and Functionality of the api_behavior Property
• What is the Maximum Request Size for the '/oauth/token' Endpoint
• When to Use Lock vs. Custom User Interface

Attack Protection (59)

• "Error! Error updating your Bot Detection settings" Seen when Trying to Update IP Allowlist
• /userinfo Endpoint Returns "429 Rate Limits" Error
• Auth Challenge Bot Prompt "Verifying" May Confuse Users
• Auth0 Configuration of Attack Protection Settings at the Tenant Level
• Automating UI Tests Without Bot Detection Challenges
• Bot Detection and CAPTCHA Do Not Affect Non-Interactive Clients (M2M) or API-based Calls
• Breached Auth0 Password Detection Behavior with Different Configurations
• Breached Password Detected with no email Received or `pwd_leak` Event Logged
• Breached Password Detection Not Triggering Despite Being Turned On
• Breached Password Detection Scope for Database Connections and Tenant Administrators
• Breached Password Detection when Creating User via Management API
• Breached Password Detection with a Custom Database
• Breached Password Email Reset Link Validity Period
• Breached Password Emails Not Received from Custom Email Provider
• Breached Password Functionality
• Breached Password Logs Missing in Log Stream
• Breached Password Notification Message Originates from "no-reply@auth0user.net"
• Brute-force Protection Blocked User Still Able to Login
• Brute-Force Protection IP Address Blocking Behavior
• Brute-Force Protection Unblock Page Is Not Directly Accessible
• Clarification on Logging for Access Control List (ACL) Logs
• Customizing Blocked Account Email Unblock URLs
• Customizing Breached Password Error Message in Auth0
• Detect User Login from Different Device or Location
• Discrepancy between Number of pwd_leak Logs and Breached Credentials Detected in Security Center
• End-of-Life Rollout for the Uncustomizable Brute-force Protection Unblock Email Flow
• Error ?Your Account has been Blocked After Multiple Consecutive Login Attempts?
• Error When Testing Auth Challenge Captcha With Custom Cloudflare Site Keys
• Failure to Block IP After 100+ Login Breaches
• Frequency of Breached Password Notifications to Affected Users
• Frequently Asked Questions about Auth0 Challenge or Bot Detection
• Frequently asked Questions about Credential Guard Add-on and Breached Password Detection
• Get a List of Brute Force Blocked Users
• Google reCaptcha v2 vs. Google reCaptcha Enterprise
• How to Combat Fraudulent Signups from Disposable Email Services
• How To Edit CAPTCHA Error Message in Auth0.js: "Error getting the bot detection challenge. Please contact the system administrator."
• How to Enable or Disable the New Brute Force Protection Email-Based Unblock Flow
• How to Notify Users When Their Account Is Locked
• Identify and Block Malicious Traffic Using JA3/JA4 Fingerprints
• Is Breached Password Allowed During Password Reset
• Limit of the Number for IPs that Can Be Added in Attack Protection
• Log Type acls_summary Belongs to the Other Logs Filter
• Manage Recipients for Breached Password Summary Notification Report
• Missing Blocked Account Notification Emails Due to Duplicate Email Addresses
• Permitted IP Address Formats for Attack Protection Allowlists
• Sanctioned Country Traffic Blocked by Auth0
• Search Unblock User Events in Tenant Logs
• Send Breached Password Detection Email Alerts to Non-Admins
• Suspicious IP Throttling Attack Protection not Getting Triggered
• Suspicious Request Requires Verification on /dbconnections/signup
• Tenant Log Event Not Generated or Notification Email Not Received after an Attack Protection Feature is Triggered
• Tenant Logs Not Showing All Failed Login Attempts Due to Breached Passwords
• Testing Breached Password Detection Feature
• Unblocking Specific IP Addresses
• Understanding and Troubleshooting IP Throttling Caused by Multiple User Login Failures
• Understanding Attack Protection Rate Limits for Identifier-First Login Flows
• Understanding Multiple Failed Silent Authentication (fsa) Logs
• Understanding the Auth0 Challenge Settings Fail Open Feature
• User Receiving "Error getting the bot detection challenge, please contact the system administrator?

Auth for GenAI (1)

• How To Find GenAI Tenant In Auth0 Dashboard

Authorization (35)

• 403 on Application Callback with Header "x-cache: Error from cloudfront"
• Add a Default Role to a New User on First Login
• Authorization Code and Access Token Variable Size Information
• Authorization Extension and Organizations
• Azure App Gateway WAF Are Triggered by Certain Character Sequences in the Authorization Code
• Change access_token Expiration Time
• CORS Error When Initiating Silent Auth Requests
• Definition of "expires_in" Field in the "POST /oauth/token" Response
• Difference Between RS256 and HS256 JWT Signing Algorithms
• Disable the Consent Screen for Profile when Logging into Auth0 Applications
• Dynamic Callback URLs with Wildcards
• Enforce PKCE with Actions
• Error "External interaction required" Appears During Silent Authentication
• Error "Failed to verify code verifier" aftter Users Authenticates in Application Using PKCE-enhanced Authorization Code Flow
• expires_in and interval Parameters in Device Authorization Flow Cannot Be Customized
• Federated Logout and Single Logout (SLO)
• Fertft Events Log Error "Token could not be decoded or is missing in DB"
• How to change the expires_in value of Access Token at Auth0's SPA SDK
• How to Stop Getting JWEs when JWT is Required
• How User Redirection Works after Email Verification
• Implement Refresh Tokens in ASP.NET (OWIN) MVC Application
• Insufficient scope errors when accessing tenant management API
• Invalid Authorization Code Error with NextJS Auth0 SDK
• Invalidating an Access Token after User Logout
• Limit of "ext-" Parameters on Universal Login Page
• Migrating from Auth0.js to Auth0 SPA SDK: Handling Token Expiration
• Next JS CORS Error on /authorize Endpoint
• Request Header or Cookie Too Large Error
• Resource Owner Password Grant (ROPG) Flow Returns Authorization Server Not Configured With Default Connection Error
• Securely Passing a JWT in URL Query Parameters for a GET Request
• Send Roles as Part of SAML Assertion when Auth0 is the IdP
• SMS MFA Fails to Send Due to Unreachable Phone Number Error Using Twilio
• Testing Authorization Code Flow Using Postman
• Troubleshooting Issues with the /userinfo Endpoint
• Unable to Process Redirect Callback

Connections (393)

• "AADSTS650056: Misconfigured application..." Error from Azure AD Connection
• "Audience is Invalid" Error in SAML Connections
• "Email Does Not Match any Enterprise Directory" Error on the Login Page
• "email_verified=False" Attribute when User Logs in with GitHub Social Connection
• "Error 403: disallowed_useragent." when Using Google Sign In
• "Error! The Specified New Email Already Exists" - Custom DB Connections
• "Invalid_client (Invalid Authentication Method for Accessing this Endpoint.)" on OIDC Connection
• "No valid OpenID Connect metadata was found at the provided url" Due to SSL Error
• "State Mismatch" Error after Passwordless Authentication
• "Suspicious request requires verification" Error on /dbconnections/change_password
• "Unable to Verify Signature" Error on SAML Connection
• "Unexpected Runtime Authn Adapter Integration Problem" Error During SAML Login Attempt using PingFederate Connection
• "User Already Exists" Error When Creating New User
• "Wrong Email or Password" When AD/LDAP Connection and Database Connection Enabled for Same Application.
• Access Additional Scopes in Google Social Connections
• Access Application Name or ID in Custom DB with the Context Object
• Accessing a Tenant's Private Key
• Action: Check If User Is Part of an Enterprise Connection
• Actions Not Triggered With Social Login
• Active Directory Agent Truncating Email to One Character
• AD or LDAP Connector Error "Network Error: Unable to Get Local Issuer Certificate"
• AD/LDAP Connection Error "Wrong attempt to update ad connector thumbprints"
• AD/LDAP Connector Shows UNABLE_TO_GET_ISSUER_CERT_LOCALLY Error
• Add Default Connection from Inside an Application
• Adding the 'group' Claim to the Okta ID Token to Match the Default 'Okta Basic' Template - Okta Workforce Connection
• ADFS Sign-In / Sign-Out Fails with Microsoft Error ID4037
• Adjust Clock Skew for SAML Enterprise Connections
• After Enabling a Social Identity Provider Connection, Receive Error "OAuth2Strategy requires a client ID option"
• Alternative Self-Service Password Reset Option for Database Connection Users
• Apple Connection - First Name and Last Name Missing for Some Users
• Apple Connection User Sub Claim Contains Dot (.) Characters
• Apple Connection: Dashboard Access of the Client Secret Signing Key Value
• Apple Emails Are Not Being Updated in Auth0
• Arbitrary Custom Script Names in Database Connections
• Attempt to create ADFS connection returns "Error! ... Either adfs_server or fedMetadataXml must be set but not both."
• Attributes of the Format urn:oid: are Not Mapped in SAML Connection
• Audit Logs for a Connection
• Auth0 "Invalid PEM formatted message" when Uploading SAML X509 Signing Certificate with Long OIDs
• Auth0 Azure AD Connection Login Fails with error: "This login.microsoftonline.com page can't be found"
• Auth0 Connection Creation Fails with "A connection with the same name is being deleted, try again later" Error
• Auth0 Dashboard Displays Blank Page When Configuring Passwordless Email Connection
• Auth0 Enterprise Connections: Workaround for Scope Character Limits
• Auth0 Passwordless Signup Behavior for Existing Users
• Auth0 SCIM Provisioned Users from Entra ID Fail Email Verification upon First Login
• Authenticating Users Through a Specific Connection (database, social, etc.)
• Authentication Error "No connections enabled for the organization"
• Authentication Error when Using Cypress: "invalid_grant" - "Wrong Email or Password"
• Authentication Failure When Upstream OIDC Connection Requires client_secret_basic
• Avoid storing some PII data from external identity providers in Auth0
• Azure AD (Entra ID) Connection Resulting Error in AADSTS50011
• Azure AD (EntraID) Connection Only Returning Group Name and Not GUID
• Azure AD AADSTS50020 Error When Attempting to Sign In
• Azure AD Connection Client Secret Expiration Notifications
• Azure AD Connection Error: "strServiceExceptionMessage":"AADSTS50011"
• Azure AD Connection not Supported with Microsoft Azure GCC Tenants
• Azure AD Does Not Require "Directory.Read.All" Access Privileges
• Azure AD Enterprise Connection Disable HRD on Domain
• Azure AD Enterprise Connection Groups Suddenly Missing
• Azure AD Error AADSTS900236: The SAML Authentication Request Property 'Subject' is not Supported and Must not Be Set
• Azure AD Integration not Providing the User Email
• Azure AD Login Fails with Error "AADSTS900432: failed to obtain access token"
• Azure AD Profile Mappings
• Azure App Gateway WAF Are Triggered by Certain Character Sequences in the Authorization Code
• Azure Connection Creates Duplicate Users when Updating App Settings
• Azure/Entra Connection Error: "AADSTS900023: Specified tenant identifier 'undefined' is neither a valid DNS name, nor a valid external domain."
• AzureAD Connections After Recent Microsoft Deprecation of Graph API v1
• Bad Request Payload Validation Error Missing Required Property Scripts
• Blank Page when Trying to Configure Email Passwordless Connection on Auth0 Dashboard
• Block Social Signups for Certain Applications With Actions
• Blocked Users in Azure AD are not Blocked in Auth0 when Using SCIM
• Blocking Social User Logins for Unregistered Users
• Brute Force Protection not Working with a Specific Connection
• Bulk Import for Passwordless Connection
• Bulk User Deletion Without Relying on Management API RPS
• Can the Issuer URL for OIDC Connections Have a Wildcard In the Path
• Cannot Sign In With Google Social on a Custom Domain
• Cannot Update Scopes in Apple Social Connection
• Case Custom Social Connection
• Certificates Used in SAML
• Change Notice: Mandatory Use of SNI for HTTPS Requests
• Change Password API Connections Support
• Change the Logo For a Social Connection Button
• Change User ID Used by Auth0 for SAML Connection
• Characters in Username with Custom Database Connections
• Configuration Discrepancies and Script Errors in Custom Database Connections
• Configure an Enterprise OpenID Connect Connection to Call the User Information Endpoint
• Configure Custom OpenID Connect Claims via Claims Parameter Using Management API
• Configure Facebook Limited Login with a Custom Social Connection
• Configure IdP-Initiated SAML Login with Azure as the IdP
• Configure SAML SLO for Auth0 (SP) and Okta (IDP)
• Configure Single Sign On for Auth0 Dashboard: Migrate Tenant Members
• Configure the options.domain Field for an Azure Active Directory Enterprise Connection
• Configuring a Single Azure Enterprise Connection for AD Azure Members and Social Accounts in Auth0
• Configuring SCIM on an Okta Workforce Connection Results in "Resource already exists" With Existing Users
• Configuring the Change Email Script for Custom Database Connections
• Connect to Azure AD using an OIDC Enterprise Connection
• Connection Buttons when Logging in with Organization
• Connection Level Email Verification
• Connection Not Found Error On Login Page with Only Social Connections Enabled
• Connection's display_name Gets Overwritten When Updated
• Connections Created with metadataUrl Parameter Do Not Allow Updating Signed Requests Setting
• Create an Entity ID for SAML Connection in the Form of a URL
• Creating a User via the Management API Results in a HTTP 400 Error
• Creating Auth0 Users Using Username and Password
• Creating SAML Enterprise Connection from Customer Provided Metadata Files
• Creating User via Terraform Fails with Error "400 Bad Request: The connection is disabled"
• Custom Database User Profile Not Updating on Login
• Custom OAuth2 Social Connection with Cognito Returns Error "Invalid user id"
• Custom SAML Request Template Error "The InResponseTo attribute does not match the id in the AuthNRequest"
• Custom Social Connection Created via Terraform Not Showing in Auth0 Dashboard UI
• Custom Social Connection Fails to Obtain Access Token
• Custom Social Connection with Twitter / X
• Default Application Dropdown Limited To 100 Applications In IDP-Initiated SSO Configuration
• Default User ID Prefix Cannot Be Modified
• Deleting a User from a Custom Database with Import Mode OFF
• Deploy CLI Error "SCIM request failed with statusCode 403 (insufficient_scope). Insufficient scope, expected any of: read:scim_config"
• Detecting User Migration from Custom Database with Import Mode Enabled
• Difference Between JWK and PEM
• Disable Signups at Connection Level
• Disable the Attributes Feature of a Database Connection
• Disable the login_hint Parameter that is Passed by Default to the IdP
• Disable Verify email on Sign Up for Specific Database Connections
• Discord Social Connections Invalid Request Error Description Null
• Display Enterprise Connection as a Button on Universal Login Page
• Display Error Messages Returned from Custom Databases with New Universal Login
• Email Attribute Is Missing in Auth0 User Profile for an Okta SAML Connection
• Email OTP Verification - Expiry and Max Retries
• Email Passwordless Connection "The specified new email already exists" for Inexistent Email Address upon Updating Profile
• Email Passwordless Connection: Code/Link Sent but User Never Got It
• Email Sending Error with Passwordless Connection and Office 365 as Email Provider
• Email Template for Passwordless Connection Not Updating
• Embedded Login with Passwordless Connection Not Working
• Empty User from a SAML Connection
• Enabling Custom Domain with Enterprise connections
• Enabling Multiple Database Connections for a Single Application
• End-of-Life for Extended Attributes in Azure Active Directory (v1) Connections
• End-of-life Rollout for Allow Connections Management without Options Scopes
• End-of-Life Rollout for Unrestricted Offset Pagination in Connections Management API
• Enterprise Connection "Save Changes" Button Does Not Work
• Error "At Least One Database, Enterprise or Social Connection Needs to Be Available" When Using Lock
• Error "no connections enabled for the client" when Attempting to Log In
• Error "The user's main connection does not support this operation" when Sending Email Verification
• Error "There was an error. Please try again later. That?s all we know" Seen when Using the Google-Oauth2 Connection with Google Production Keys
• Error "Unsupported response mode: auth0_pq_oid" when Launching Application through IdP-Initiated Sign-On
• Error "Your LinkedIn Network Will Be Back Soon" when Using LinkedIn Social Connection
• Error AADSTS7000218 "The Request Body Must Contain The Parameter client_assertion or client_secret"
• Error During User Creation or Signup "Connection must be enabled for this client to perform single user creation and signup operations."
• Error Enabling Domain Connection for a Third-Party Application
• Error HTTP 400 Unexpected Identifier When Updating Email
• Error Message Displayed When Using IdP-Initiated Login With ADFS Connection
• Error Missing Required Property Username When Updating User via Management API
• Error When Accessing the Connections Tab in Application Settings
• Error While Connecting an Organization to a Connection
• Error: AADSTS900971 : No Reply Address Provided
• Error: The Connection Strategy waad Is Not Supported for This Operation
• Event.user.multifactor is Missing for Users With MFA Factors Imported Through Custom Database
• Facebook Login Fails with Application Does Not Exist or Has Been Disabled Error
• Facebook Social Connection Issue
• Federated Logout Fails When Auth0 Acts as SAML Identity Provider and Service Provider
• Federated Logout for Custom Social Connection
• Federated Logout from an OIDC Application with a SAML IdP
• Figma tokenUrl Migration
• Flexible Connection Switching with ACUL
• Force New Tokens from the Google Social Connection
• Forgot Password Does Not Work for Re-Invited Tenant Members
• Get "hd" Claim from Google Sign-in to Verify User Belongs to a Google Workspace or Cloud Organization Account
• Get Client ID and Client Secret from a Connection
• Get Signing Certificate for a SAML Connection from Signicat
• Get Total Users per Connection
• Getting "Error Transforming Template" Using OIDC Enterprise Connection
• Google Blocks SSO Sign-up and Login through Embedded Browsers
• Google Workspace Connection Error: "Cannot Read Properties of Undefined (Reading 'toLowerCase')"
• Groups with Azure AD Enterprise Connection
• Hide the Social Connection Buttons
• Hiding Social Login Buttons in the New Universal Login Experience
• Home Realm Discovery (HRD) Does Not Work with Username as the Sole Identifier
• Home Realm Discovery Fails for Okta Workforce Connection Using Classic Universal Login
• Home Realm Discovery Fails to Redirect to Correct Identity Provider
• Home Realm Discovery for Social Connections
• Home Realm Discovery not Initiated when Clicking Sign Up
• How Enterprise Connection Limits Apply to Tenants vs Subscriptions or Team
• How to Disconnect an External Database from a Custom Database Connection when Migration Has Finished
• How to Download ADFS Connection Certificate
• How to Enable PKCE for Custom Social Connections
• How to Get a Connection's SCIM Tokens
• How to map a SAML attribute to user_metadata attribute
• How to Map SAML Attributes when Auth0 is the SP in the SAML Enterprise Connection
• How to Pre-Register Users From an Enterprise Connection
• How To Prevent Users from Using Social Connections
• How to Resolve the AADSTS750032 Error of Microsoft Entra ID
• How to Resolve the AADSTS750054 Error of Microsoft Entra ID
• How to Restrict Email Domains from Registering to the Passwordless Email Connection
• How to Use Passwordless, Database, and Social Connections in Same Universal Login Page
• Identifying Users without Auth0 Password after Migration
• Identity Provider-Initiated SAML Sign-In to OpenID Connect Applications
• IdP-Initiated Login is Not Enabled for Connection "TestIDPConnection" Error
• IdP-Initiated Login with Okta Enterprise Connection Is Not Supported
• IdP-Initiated SAML Explainer
• Implement Username/Password, and Passwordless Login at the Same Time with Flexible Connection Switching
• Importing Users via SCIM
• Include an Upstream 'Nonce' Parameter with OIDC Connections
• Invalid Client Error Occurs with an OIDC Enterprise Connection
• Invalid Login State with Google
• Invalid Request Error Occurs When Configuring the signingCert Attribute for a SAML2 Web App Add-On
• Invalid Request Unauthorized Error From Social Connections
• Invalid Signature Error When Using Node-SAML for Setting Up Auth0 as SAML IdP
• Invalid Web Redirect URL Error with Sign In with Apple
• invalid_request Sign-In Error to App using Organizations
• Is it Possible to Add a Passwordless Demo User for an Apple App Store Review
• Issues when Creating a Front Channel Okta Workforce Connection
• Limit to the Number of SAML Connections Created within a Tenant
• LINE Social Connection Not Working on iOS Safari
• LinkedIn Login Fails with Error "Scope &quot;r_emailaddress&quot; is not authorized for your application"
• LinkedIn Social Connection - "locale" Claim is an Object Instead of a String
• Logic Behind ?Enable Application Connections? Toggle
• Login with Auth0 Social Connection Error "Access blocked: auth0.com has not completed the Google verification process"
• login_hint Has No Effect on Signup Prompt when Multiple Identifiers Are Enabled
• Management API for Connections Does Not Return All Connection Settings
• Management API: Options Object Overwritten when Trying to Update a Connection
• Managing Connection Secrets with Deploy CLI and GitHub
• Managing Connections via Auth0 APIs
• Map the "displayName" Attribute in Microsoft Azure IdP to "name" Attribute in Auth0
• Mapping a Different ID Format from SAML Response
• Mapping Custom Attributes From a Custom Azure AD SAML Connection
• Mapping the 'name' SAML Attribute
• Maximum Number of Domains Allowed in Home Realm Discovery for SAML Connections
• Methods to Block All Logins in an Auth0 Tenant
• Microsoft Azure AD "Error AADSTS7000215: Invalid client secret provided"
• Microsoft Azure AD (Entra ID) "Failed to obtain access token" and "Error AADSTS50146"
• Microsoft Azure AD Error "AADSTS50076 - use multi-factor authentication to access"
• Microsoft Azure AD error "AADSTS700025: Client is public so neither 'client_assertion' nor 'client_secret' should be presented."
• Microsoft Social Account Users Login Through Azure AD Enterprise Connection
• Migrate Connection from ADFS to Azure AD
• Migrate Users from One Connection to Another Connection
• Migrating Non-Unique Emails Originating from No Import Custom Databases to Auth0
• Migration for Microsoft Azure AD Connections to Microsoft Graph API
• Mongo DB Sample Code - Asynchronous
• Monitor Changes to Connections
• Monthly Active Users (MAU) for Enterprise Connections Shows as Zero
• Multiple Enterprise Connections with the Same Home Realm Discovery Domain in Auth0
• Multiple Passwordless Connections in a Single Tenant
• Name' and 'Email Address' Attributes Missing in Apple Connection User Profile
• Native Sign-in with Apple ID Fails with "Sign-up not completed"
• Nested Objects Returned From a Third Party IDP on an OIDC Connection Show as [object Object]
• New User Profile Created After Each SAML IdP Login
• Non-String Values in the Configuration Field for Connection Options
• Numeric Keyboard Input on Mobile Devices for Passwordless Email OTP
• OIDC Connection Logins Fail with "Plan executor error during findAndModify caused by cannot index parallel arrays"
• Okta OIN Provisioning Rate Limit Error
• Okta SAML Integration with Signed Requests
• Okta Workforce or OpenID Connect Connection Returns 403 Forbidden Error
• Only Allow Access for Certain Active Directory User Groups
• OpenID Connect Connection Error: 'display_values_supported' Length Must Be Less Than 10 Characters
• options.set_user_root_attributes Not Returned in getConnection Call
• Pass login_hint to SAML Provider
• Passing login_hint to Microsoft Entra ID (Azure AD) when using SAML
• Password Flows Restart the Flow and Refresh the Screen During OTP Input
• Password Reset Fails with Custom Database Connection Error
• Password Reset Pages Shows Username Placeholder Instead of Username or Email Address
• Password Reset Using Only Username with Phone Number and Username as Identifiers
• Passwordless Connection - User Creation using API Sends Verification Email
• Passwordless Connections Do Not Support SSO if Connection Parameter is Passed
• Passwordless Email Connection to Send Code Only
• Passwordless Error "Missing required property: connection"
• Permanently Change a User's Name Provided by an IdP
• Policy Evaluation Error on an Enterprise OIDC Connection
• Precautionary Measures on Connection Secrets with Deploy CLI
• Prevent login_hint From Being Sent With ADFS Connection
• Prevent User Creation From Social Logins
• Profile Attribute Updates from a Custom Database Require User Reauthentication
• Prompt for Credentials Unavailable after Disabling Passwordless Connection
• Proof Key for Code Exchange is Required for Cross-Origin Authorization Code Redemption Error
• Querying Refresh Tokens Via the Management API
• Receive Error "nonce mismatch, expected undefined, got: <value>" when Setting Up an Enterprise OIDC Connection Using Cognito
• Redirecting to Multiple Applications Using IdP-Initiated SAML Login
• Remove the Username Attribute from a Database Connection User Profile using the Management API
• Removing prompt=login from Auth0 OIDC Enterprise Connection
• Resolving Email Domain Mismatch Error for Google Workspace Connections
• Resolving Migration Error: Existing User Data Conflict
• Resource Owner Password Grant (ROPG) Flow Returns Authorization Server Not Configured With Default Connection Error
• Response Protocol in IdP-Initiated SAML
• Restrict Sign-Ups to Just Invited Users for Organizations
• Retrieve Number of Users in Standard Database Connections Only Per Tenant
• Retrieving a Refresh Token on SAML IDP-Initiated SSO
• Returning "invalid_grant" when Using Sign In with Apple
• returnTo Does Not Work when Performing a Federated Logout with a Google Connection
• Revert a Database Connection to the Old Attribute Configuration
• Rotating Google Identity Provider Certificates
• Salesforce Community Social Login Fails with the Error UNABLE_TO_VERIFY_LEAF_SIGNATURE
• SAML - Domain Mismatch - "The InResponseTo attribute does not match the id in the AuthNRequest"
• SAML Attribute Mapping in Actions
• SAML Connection - IDP_Initiated SSO Default Application Dropdown not Showing All Applications
• SAML Connection - Using the CRT Files for Signing Certificate
• SAML Connection Error - Signature Check Errors: Invalid Signature
• SAML Connection Login Error: "IdP-Initiated login is not enabled for connection \"CONNECTION_NAME\"
• SAML Error Profile Did Not Include a user_id
• SAML Login Not Working Properly when `connection` is Included in the /authorize Request
• SAML Login Simultaneously Support Canonical and Custom Domains
• SAML Metadata and Custom Domains
• SAML Protocol Binding Options
• SAML Request Sign Configuration If No Option Is Selected
• SAML Sole Connection Error During Device Authorization Flow (No connections configured)
• Save Before using Try Option with Passwordless Connections
• SCIM Error Failed to Match an Entry in the Source and Target Systems
• Second Login Prompt When Logging In to Auth0 Dashboard Using a Social Provider
• Security Risks of Using Localhost for Callback URL
• Self-Service Single Sign-On Feature Entitlements
• Send Certain Users to a Specific Connection or Identity Provider without Home Realm Discovery
• Set a Custom Display Name for a Social Connection in Universal Login
• Set the Maximum Number of Groups to Retrieve while Creating an AD Connection
• Setting Application Login URI for Mobile Apps
• Shibboleth SAML Connection Error "Credential failed name check"
• si Log Event - user_id Missing Connection Type Prefix
• Sign In with Apple Error: "Error from Apple Connection: (no description) (invalid_client)?
• Signed Request in an ADFS as SAML Connection Error
• Signup Disabled in an Auth0 Database Connection but Still Showing on Login
• Single Connection Mapped to Multiple Organizations
• Single Log In Across Multiple SPA Applications Without Relying on 3rd Party Cookies
• Skip the Auth0 Login Step for Okta Application Dashboard?
• Skip the Universal Login Page and Redirect to the Upstream Identity Provider Immediately
• Slack App Installation Fails With Unauthorized Error Using an OAuth2 Connection
• Social and Enterprise Connection Buttons Not Displayed on the New Universal Login Screen
• Social Connection with Microsoft Error "Proof Key for Code Exchange is required for cross-origin authorization code redemption"
• Social Login with Linkedin Displaying "Application is Disabled" Message.
• Social Login with Twitter Fails to Redirect
• Social Provider Windowslive (Microsoft) Accepts Personal Accounts Only
• Specify a Connection when Using Device Authorization Flow
• SSO Certification Expiration Custom Notification Date
• SSO Not Working with SAML
• SSO when SAML Add-on is Configured in More than One Application
• Supported Formats for SAML Connection Signing Certificate are not Consistent Between Dashboard and Management API
• Supported Meta Graph API Versions
• Switch Auth0 Enterprise Connection Subscription to a Different Tenant
• System for Cross-domain Identity Management (SCIM) Support at Auth0
• Terraform Provider "Error: 404 Not Found: The connection does not exist"
• The ?Disallow Personal Data? Password Setting with New and Existing Users
• The `LoginId.federatedLogin` Method of ACUL SDK Returns "invalid-connection" Error
• The setUserByConnection Function Does Not Validate Users Against Upstream Identity Providers
• Toggling Custom Database Import Mode Causes Login Failures
• Troubleshoot Facebook Login Error: "App is not active ..."
• Troubleshooting Invalid Audience Errors
• Troubleshooting Missing "Display Connection as a Button" Feature in Enterprise Connection Settings
• Troubleshooting SP-Initated Flow Issues With PingFederate Connection in Auth0
• Try Button for an SSO Connection Leads to Redirect URI Errors
• Try Connection Fails for Windows Live Social Connection with Business Accounts
• Try Login' Button Inside Facebook Connection Throws Error: "You may have pressed the back button ..."
• TypeError When Updating Connection Password Settings
• Unable To Rename Enterprise Connection
• Unable to Update Client Secret for Azure AD Enterprise Connection
• Unable To Verify Email When Using Azure AD (Microsoft Entra ID) Connections
• Understanding AADSTS65004 Error
• Understanding Access Behavior with Connections and Organizations
• Understanding Default Connection Behavior in API Authorization Settings
• Understanding Email OTP Behaviour in Auth0 Passwordless Authentication
• Understanding Import Mode for Custom Database Connections
• Understanding the Google Workspace "Enable Users API" Setting
• Unexpected "JIT User Provisioning Is Disabled" Error for SCIM-Provisioned Users
• Unexpected 400 Error in the Management API when Connecting an Organization to a Connection
• Unique Email Address Per User Requirements with Auth0
• Unwanted Connections Enabled on Newly Created Applications
• Update OIDC Connection via Discovery Endpoint
• Update SAML Connection Certificate Using Metadata URL
• Update the Logo of a Custom Social Connection
• Updating Connections with Management API options.pcke Value Set to Disabled
• Updating Entity ID and Callback Endpoint (ACS URL) Values for an Okta SAML Integration
• Updating userid_attribute in Connection Not Allowed
• Upgrading the Action Runtime to Node18, Error "unexpected end of file" on Login
• Uppercase Characters in User Email Addresses
• Use auth0-forwarded-for for Sign Up Endpoint /dbconnection/signup
• User Attributes Lost after Login for a SCIM-Enabled Enterprise Connection
• User Import Fails with Error: "Custom Database Connections Without Import Mode are not Allowed"
• User Information not Available in Connection Deletion Event Logs
• User Invitation Link Returns Error "this connection does not support signups (incompatible screen_hint)"
• User Logins with Google Social Connection Prompted to Change Password
• User Metadata Disappearing from Custom OAuth2 Social Connection Users
• User Not Being Updated by API Consistently
• User_id in Auth0 Populates with User Email in an Okta SAML Connection
• Users Do Not Receive Password Reset Email for Social Accounts
• Users Registered with Facebook Have No Email Address
• Users with Work Emails are Able to Login with Microsoft Social Connection
• Using a Custom Social Connection to make a second Apple connection
• Using Passwordless Connections with Device Authorization Flow
• Using the Same Apple Connections for Mobile and Web Applications
• Using the Verification Email (Code) Template
• Warning Occurs About Development Keys When Tenant Is In Production
• Welcome Email Templates not Sent for OIDC Connections
• What is user_id that Auth0 Gets from Azure AD Login
• What Will Happen If a User is Deleted on an External IdP while the Auth0 Session is Valid in the SAML Connection
• Why Login is Possible with Expired Certificate in SAML Connections
• WordPress Error: This Site Requires a Verified Email Address
• Wrong Email / Phone Number or Verification Code
• X (formerly Twitter) Social Connection Cannot Fetch the Email Attribute
• XMLJS0013: Cryptographic error: Invalid Digest for Uri

Custom Domains (63)

• "502 Bad Gateway" Error Received after Configuring a Reverse Proxy to Communicate with Auth0
• 0 Response to '/oauth/token' Endpoint in SPA Using Canonical Domain
• 403 Forbidden Error with Custom Domain Using a Reverse Proxy
• 404 NotFoundError on Classic Universal Login Page with the Auth0.js SDK Embedded
• Auth0 Emails Have Unexpected Link URL Formatting After Configuring Custom Email Provider
• Auth0 Error Occurs When Populating Email Template Redirect To Field
• Auth0 Lock SDK Major Changes and Updates
• Auth0 Managed Certificates for Custom Domains
• Auth0 Management API Requests Fail With Multiple Custom Domains Error
• Auth0 Sessions Not Terminating When Logging Out With Custom Domains
• Azure Front Door Reverse Proxy 403 Forbidden
• Background Image is Not Visible with the New Universal Login Page
• Bad Issuer on Custom Domain when using Token to Instantiate ManagementClient
• Blank Page on /u/login*
• Blocked Account Email Unblock Link Fails with Custom Domain
• Cannot Sign In With Google Social on a Custom Domain
• Cannot Verify a Custom Domain even when Setting the Correct CNAME
• Cannot Verify Custom Domain Due to Characters Limit
• Change Custom Domain to a New One
• Change Custom Domain Type from Auth0-Managed Certificate to Self-Managed Certificate
• Configure "Use Custom Domain in Emails" via Terraform
• Configure Multiple Domains with NextJS
• Configuring Audience for Multiple Websites and APIs
• CORS Errors on /oauth/token When Using Sentry
• Custom Domain Configuration FAQs
• Custom Domain Fails to Validate
• Custom Domain Fails with an Error Despite Successful Verification
• Custom Domain in UserInfo Audience - "Service Not Found" Error
• Custom Domain not Indexed in Search Engines
• Custom Domain Not Working After Enabling It
• Custom Domain Not Working in Email
• Custom Domain Redirects to Base Domain
• Custom Domain with Cloudfront Reverse Proxy "ERR_NAME_NOT_RESOLVED"
• Domains to Allowlist for the New Universal Login
• Error Occurs When Using Self-Managed Custom Domain with Cloudflare
• Getting Access Denied Error with the Custom Domain using Terraform
• How to Customize the New Universal Login Widget using Custom Query Parameters
• HTTP Connections to Custom Domains Are Rejected Instead of Redirected
• Illegal Domain Attribute Warning for eu.auth0.com
• Issuer Mismatch in ID Token
• Log Event while Verifying a Custom Domain
• MFA API with Custom Domain Leads to Error: "The mfa_token provided is invalid. Try getting a new token."
• Migrate Auth0 Custom Domains without Downtime
• Mobile App Login Fails with Error: ???????"Password login via OIDC-conformant clients with externally-hosted login pages is unsupported."
• Okta Workforce Connection Not Using Okta Custom Domain
• Partials and Page Template Customizations Not Showing Up on Login
• Passkey Not Shared Across Multiple Custom Domains
• Redirection to the Top Level Domain
• Rotate cname-api-key
• SAML Connection Login Error: "IdP-Initiated login is not enabled for connection \"CONNECTION_NAME\"
• SAML Login Simultaneously Support Canonical and Custom Domains
• Scroll Viewport Not Working with Custom Domains
• Searching for Logs Related to Custom Domains
• Send Email Invitations for Application Signup - Additional Information
• Set up a Custom Domain with a Squarespace Domain
• SPA SDK: User Not Logged in When Using Secondary Self-Managed Custom Domain
• The Custom Domain does not Exist for the Tenant Error is seen when using Multiple Custom Domains
• Troubleshooting Custom Domain Certificate Errors
• Troubleshooting Tips to Get a New Custom Domain Up and Running
• Use Custom Domain in Password Reset Ticket
• Using Custom Domains with Free Tenants
• Verify Custom Domain Certificate-Related Logs
• Warning Occurs About Development Keys When Tenant Is In Production

Email, SMS, Voice (79)

• "Unable to delete an action bound to a trigger" Error When Deleting Custom Phone Provider Action
• Auth0 Emails Contain Insecure HTTPS Schemes When Using SendGrid
• Auth0 Emails Have Unexpected Link URL Formatting After Configuring Custom Email Provider
• Automate Notifications or Retries if Email Does Not Send to End Users
• AWS SES Email Provider Credentials Error
• Blocked Account Email Unblock Link Fails with Custom Domain
• Cannot set AppMetadata or UserMetaData in Passwordless flow with Pre-registration Action / Hook
• Choosing an Email Provider
• Configure Google SMTP as the External Email Provider
• Configuring Multiple Email Providers in a Tenant
• Custom Email Provider in a Form's Flow
• Custom Provider Email Template Changes Not Reflecting in Test Emails
• Customize Email Templates
• Customizing the Expired Password Reset Link Message
• Does Auth0 Support Twitter Verify Fraud Guard Natively
• Dynamically Customize the 'From' Address in Email Templates
• Email Suddenly Stopped Sending for M365 Email Provider
• Email and OTP Slow Delivery
• Email Flow in Auth0
• Email Template Language Customization
• Email Template Size Limits and Localization Workarounds
• Email Templates Updates from Deploy CLI Not Reflecting in Auth0 Dashboard UI
• Emails are not Sent but Tenant Logs Show Successful Delivery
• Emails from Auth0 Applications Marked as Spam
• Emails Undelivered, Delayed or Marked as Spam
• End-of-Life Rollout for Multiple Custom Phone/Email Provider Actions
• End-of-Life Rollout for Omitting Password on SMTP Email Provider Host-related Changes
• Error "queryMx ESERVFAIL" when Sending Email to a Specific Domain
• Error Sending Email "Invalid login: 451 Authentication failed: Could not authenticate"
• Error Sending Email "Message failed: 451 Could not process message"
• Error Sending Email - Invalid Login: 534-5.7.9 Application-Specific Password Required
• Error Sending Email: Mail Command Failed: 550 #5.1.0
• Errors while Configuring SMTP Email Provider
• event.request Not Present in Custom-Email-Provider Action
• Failed Sending Notification - Email
• Free Trial Tenant MFA SMS Access - "SMS is currently unavailable. Try another method or contact support"
• Getting Error "Domain example.com is not allowed to send: request limit exceeded, try again after <date>"
• Gmail SMTP App Password
• How to Delete Extra Custom Email Provider Actions
• How to Enable a Choice Screen Between SMS and Voice for MFA During User Login
• Link in Password Reset Email is using http Instead of https
• Localize API Error Messages Returned by 3rd Party Providers
• M365 Failing to Send Emails - Timeout Calling MS365
• Microsoft 365 Email Provider "Error sending email: " for Passwordless Users
• Microsoft 365 Email Provider "Error sending email: Bad Request - Error in query syntax"
• Outlook quarantining emails triggered by Auth0
• Pass Extra Parameters to a Custom SMS Gateway
• Password Reset Error "Invalid login: 535 5.7.8 Error: authentication failed: (reason unavailable)"
• Prevent Click Tracking in Emails with Mandrill
• Reset Password Emails Fail With IP Address Not on the Allowed IP List Error
• Resource_name Variable Not Resolving in Auth0 User Invitation Email Templates
• Same OTP Code Sent Over on WhatsApp and SMS
• Send Password Reset Link to an Email Registered in user_metadata
• Sender Domain has not Been Linked Error - Azure Email Provider
• Sending Multi Language Emails from Actions
• Sent Emails Are Not Saved to Microsoft 365 Sent Items Folder
• Sent Items Folder Missing Emails Sent Using Microsoft 365 Email Provider
• Slow Down MFA Voice Message with Twilio as the Provider
• SMS Delivery Fails with Some Phone Numbers when Twilio is the SMS Provider "21211 Invalid 'to' phone number"
• SMS Multi-Factor Authentication Rate Limit Exceeds Error
• SMS Send Failures for an MFA Integration with Twilio
• Supporting SendGrid Integration for Different SendGrid Regions
• Terraform Custom Email Provider "409 Conflict Error: No deployed action of type custom-email-provider was found"
• Troubleshoot Error "Invalid login: 535 5.7.139 Authentication Unsuccessful"
• Twilio Verify Error - "Guardian - Error on send-phone-message-hook: 60204 Custom code not allowed"
• Unable to Resend the Code More Than Twice - email-identifier-challenge ACUL
• Unsubscribe Link or Button Unexpectedly Appears in Auth0 Emails
• Update the Email in "Error sending email: Email address is not verified. The following identities failed the check in region: <root@auth0.com>"
• Use Custom SMS Provider for Phone Message MFA
• Users not Receiving Organization Invites with fastmail.com
• Users Not Receiving Passwordless SMS from Twilio
• Users Prompted to Switch between SMS and Voice MFA - Voice MFA is Selected in Phone MFA Settings
• Using an alphanumeric sender ID for MFA SMS
• Using Liquid Syntax in Email Templates in Forms
• Using Twilio SDK v4 in a hook causes a syntax error which results in the hook timing out
• Voice MFA Issues with Twilio
• What Validation Occurs when Using the /passwordless/start Endpoint for SMS
• When Using Amazon SES, Emails are not Being Sent
• Why there are Email Messages Marked "Delivered" in SendGrid but Not Appearing in Inbox

Fine Grained Authentication (7)

• Back Up and Recover FGA Tuples and Models Using APIs
• Delayed Updates in FGA Dashboard using OpenFGA
• Early Access to Fine Grained Authorization (FGA)
• FGA Dashboard Limitations
• FGA Rate Limit Increases
• Frequently Asked Questions on Okta Fine Grained Authorization
• Managing Auth0 FGA Infrastructure with the OpenFGA Terraform Provider

Forms (45)

• "Invalid Configuration" Error When Trying to Submit a Form
• Add Terms and Conditions to the Signup Screen using Forms for Actions
• Allow Users to Choose MFA Enrollment Using Auth0 Forms and Actions
• Auth0 Deploy CLI Export Action Error: "Duplicate flow vault connections names found"
• Auth0 Error Processing Step Due to Invalid Form Definition
• Auth0 Forms Choice and Dropdowns does not Render Expressions
• Bypass a Sign-up Form for Certain Users
• Changing MFA or Forms OTP Expiry Time
• Changing the Style of All the Buttons in Forms
• Create a Vault Connection for Sendgrid Using the Auth0 Terraform Provider
• Creating a Vault Connection and Receiving the Error "A connection error has occurred"
• Custom Email Provider in a Form's Flow
• Customize Error Messages in Forms
• Deny User Access Based on Auth0 Form Input
• Display Branding Logo in Forms for Actions > Step
• Email or URL Encode Function for Forms for Actions
• Error Creating a Vault With Auth0: "Failed to create OAuth session"
• Flow Execution Failure With a "Server error processing request" Error
• Forms Do Not Support the Word "State" in ID
• Forms for Actions - Debugging Flows
• Forms for Actions Custom CSS Not Showing Up
• Forms for Actions HTTP Request in Flows Forces the Body to Be in JSON Format
• Forms for Actions with Logout Button
• Forms for Actions: Configure Browser Tab Title per Form
• Forms for Actions: How to Input a Dynamic Value in CSS
• Frequently Asked Questions on Forms for Actions
• How to Create an Input Widget that Enforce Six Digit Input in Forms
• How To Get the Output From Forms for Actions
• How to Know which Button is Selected in a Form within the onContinuePostLogin Function of the Action
• How to Return to the Signup or Login Screen in Forms
• How to Translate Dropdown Options and Other Values in Forms for Actions
• Import and Export Forms and Flows Using the Deploy CLI
• Make Auth0 Forms Appear Wider
• Managing Auth0 Actions and Forms Quota Exceedance Notifications
• Maximum Character Limit for HTML Source Code Blocks in Auth0 Forms
• Number of Custom Messages Supported by Auth0 Forms
• Pass Application Logo or Tenant Logo to the Auth0 Form Image Source URL
• Pass Data Between Actions and Forms
• Passing a Custom Field in the Forms from Actions
• Passing OTP Codes From Forms to a Auth0 Custom Email Provider
• Resend Button for OTP via Email with Forms for Actions
• Spinning Widget Appears During Auth0 Forms Load
• Troubleshooting 404 or Generic Errors When Uploading Custom Form JSON
• Using Liquid Syntax in Email Templates in Forms
• WhatsApp integration in Auth0 with Forms for Actions

Highly Regulated Identity (4)

• Allow Pushed Authorization Requests (PAR) Add-On Toggle Inactive
• Okta's Position on the EU Data Act
• Simplified Explanation of linking_id property in the Post Login Event Object
• Tenant Admin Getting a Failure while Assigning Editor - Key Management Role to a User

Machine to Machine (32)

• "Internal Server Error" when Updating Client Grants Using Management API
• "Payload validation error: Scope must be a subset of resource server scopes" when Updating Auth0 M2M Client Grants Due to Invalid Scope
• API Not Found when Registering M2M Application
• Application Quickstart not Displaying
• Auth0 Support for API Keys and Personal Access Tokens
• Bot Detection and CAPTCHA Do Not Affect Non-Interactive Clients (M2M) or API-based Calls
• Caching Does Not Work in the M2M Credentials-Exchange Trigger
• Change Application Type from M2M to SPA or Regular Web App
• Changing Access Token Expiry Dynamically
• Client Credentials Grant Requires "audience" Parameter
• Do Management API Tokens Count Toward M2M Token Quota
• End-of-Life Rollout for Unprocessed Organization Parameter in Client Credentials
• Error "Service not enabled within domain"
• Fetching an M2M Token Returns All Granted Scopes/Permissions Instead of Requested Scopes
• How to Create a M2M Application using the Management API
• HTTP 403 - "User to be acted on does not match subject in bearer token"
• Identify M2M Applications Using the Management API
• Integrate Auth0 with n8n.io Using the Management API
• Limit the Number of M2M Token Exchanges per Application
• M2M Application for Auth0 Deploy CLI Missing clientGrants Section of the Export File
• M2M Quota Utilization When an Action Denies Access
• Management API Token Does Not Contain All Granted Scopes
• Monitor M2M Token Usage
• Passing Data via the Client Credential M2M Flow
• Rate Limit Applied for M2M Authentications Calls
• Reduce M2M Token Usage in Auth0 by Reusing Access Tokens
• Refresh Token for M2M Applications
• Set Different Access Token Expiration Depending on Application Grant Type
• Terraform Resource Creation Fails with 403 Forbidden Error
• Testing Authorization Code Flow Using Postman
• Update "Types of Users" Setting Under Organization Tab
• Why are Test Applications Generated for Each API Created

Multi-factor Authentication (231)

• "event.user.multifactor" Property Not Showing Each Factor in Actions
• "User is already enrolled" Error when Enrolling More than One MFA Factors using MFA API
• Action API Method Difference Between 'api.multifactor.enable' and 'api.authentication.challengeWithAny'
• Action Triggered MFA Using enrollWith and challengeWith
• Adaptive MFA is Not Triggered
• Adaptive MFA PhoneNumber Assessment
• Add MFA Factors for Users Programmatically During Account Creation
• Add MFA Phone Number to an ID Token Claim
• Allow Users to Choose MFA Enrollment Using Auth0 Forms and Actions
• Allow Users to Navigate from the MFA Page Back to the Login Page
• api.authentication is Undefined in Post-Login Action
• Auth0 Acceptance of OTP MFA Codes After 30 Seconds
• Auth0 Token Audience Reconfiguration
• Authy Application Shows Wrong Logo
• Auto Enrolled Email MFA Factor Not Returned by Management API's 'api/v2/users/{uid}/authentication-methods' Endpoint
• Automatic MFA Re-Enrollment After Recovery Code Login
• Behavior of the allowRememberBrowser Option When Using api.multifactor.enable in Actions
• Biometric Prompt Not Triggered on First Login After Enrollment for New Users
• Biometrics login / WebAuthn browser Error
• Biometrics Not Prompted with WebAuthentication.webViewProvider() in Auth0.Swift SDK
• Block Certain Phone Numbers from Receiving SMS for MFA
• Blocked User Able to Login via Biometric
• Bulk Invalidate All Remembered Browsers for Multi-Factor Authentication
• Can the Lifetime of an MFA API Access Tokens Be Customized
• Can the SMS / MFA Transaction Timeout be Reduced
• Can we change the default order of the MFA enrollment options?
• Challenge MFA for User Once Per Session Action
• Challenge the User for MFA before a redirection in Actions
• Change Issuer Name Within the Guardian App
• Changing MFA or Forms OTP Expiry Time
• Check User Multi-Factor Authentication Enrollments
• Classic Universal Login MFA Prompt Fails on iOS when Switching Apps
• Client-Initiated Backchannel Authentication Implementation Options
• Conditionally Enable Biometric Authentication Using Auth0 Actions
• Conditions that Cause the 'mfa-detect-browser-capabilities' Screen to be Displayed
• Configure Conditional Multi-Factor Authentication for Database Connections
• Consistency Issue When Amending User Authentication Factors via /api/v2/users
• Custom Action to Decide MFA Frequency for Resource Owner Flows
• Custom Action to Decide MFA Frequency for Universal Login Flows
• Custom MFA Enrollment and WebAuthn issues
• Custom MFA via Actions and ROP Flow Does Not Return an mfa_token
• Customize Adaptive MFA when Use Adaptive MFA Policy is Selected
• Customizing Message Please enter a code Displayed When Users Fail to Enter OTP during MFA
• Customizing the Duration Between MFA Prompts on a Per User Level
• Dashboard Warning "Adaptive MFA requires specific Database Connection settings before it is compatible with phone numbers"
• Deactivate MFA for Specific Users
• Default Expiration Time for Push Notifications
• Default Polling Interval and stateCheckingMechanism
• Deleting an MFA Factor Does Not Remove the Trusted Device Cookie or Invalidate Sessions
• Deleting Users And Deleting Associated MFA Authenticators
• Determine if User has Passed MFA in Social SSO / Enterprise SSO
• Determining Adaptive MFA Untrusted IP Assessor Score
• Distinguish between OTP and Fallback OTP for Push Authenticators
• Does "Adaptive MFA" Disturb "Remember this device for 30 days"?
• Does Auth0 Supports Desktop MFA
• E-mail MFA is Being Requested While it is Turned Off in the MFA Settings
• Email Delivery Fails with Error "The provided authorization grant is invalid, expired, or revoked"
• Email MFA Factor Missing from Selection Screen
• Email MFA not Visible for Users Enrolled
• Email Multi-Factor Authentication Code Validity Period and Rate Limits
• Enable MFA per User and Give Users the Option to Turn It On/Off Themselves
• Enable Mobile OS Autofill for OTP Codes in Auth0 Universal Login
• Enabling Biometrics After Initially Declining on Android
• End Users Forced to Use MFA when Using SSO with Upstream IdP
• Enforce MFA for Internal Users but not for External Customers
• Enforce MFA on the Password Reset Page
• Enforce Multi-Factor Authentication on Every Login Using Actions
• Enforce Unique Phone Number per User for SMS MFA
• Enforcing MFA for Tenant Dashboard Members
• Enroll in Auth0 Guardian Without Scanning a QR Code
• Enroll Multiple Yubikeys for WebAuthn with Security Keys
• Enrolling in More Than One MFA Factor
• Enrolling Multiple Factors Authentication Methods or Changing a User's MFA
• Enrolling the Same Push Notifications (MFA) on Multiple Devices
• Entitlements for Enterprise MFA Feature
• Error "MFA customized via PostLogin action but feature is not enabled" when Using a Post-Login Action
• Error "Permission to send an SMS has not been enabled for the region indicated by the 'To' number"
• Error "The credentials have expired" on MFA Page
• Error "This application has MFA grants enabled. These grants are currently not supported when the application is accessed by team members of organizations"
• Error "Webauthn with device biometrics required but not enabled as factor" after Disabling FIDO Authentication with WebAuthn
• Error No Confirmed Authenticators For The Enabled Factors With WebAuthn
• Error oob_code is expired Occurs During Multifactor Authentication
• Error Received After Switching Tenant from DUO v2 to DUO v4
• Error While Enrolling Device When Adding Multifactor Authentication Factor
• Error with AWS SNS Push Notifications for MFA
• Error: Invalid Captcha after Resending an OTP Code
• Errors Obtaining MFA Token
• event.request.query is Overwritten Between Post-Login Actions after MFA Challenge
• Event.user.multifactor is Missing for Users With MFA Factors Imported Through Custom Database
• Execution of the Action after a User Has Successfully Completed an MFA Challenge
• Failed Silent Authentication - Multifactor Authentication Required Issue
• Force MFA for One Specific Application
• Free Trial Tenant MFA SMS Access - "SMS is currently unavailable. Try another method or contact support"
• Fully Customized MFA Flow using Universal Login Classic and Guardian SDK
• gd_auth_failed When User Enters Correct OTP
• Generate QR Code for OTP Enrollment
• Get Device ID of a User's MFA Behavior
• Gmail Error: Invalid Login Application-Specific Password Required
• Guardian App Push Notifications Not Showing on iPhone
• Guardian SDK and checking if an enrolment is valid/exists
• How to Automatically Turn On and Off the MFA in the Tenant
• How to Bulk Import MFA Factors with Voice and SMS Factors
• How to Clear Auth0 Session Cookie Inside an Action
• How to Delete the Unconfirmed / Duplicated MFA Enrollments
• How to Determine the Number of MFA Messages Remaining
• How to Disable MFA for Users Based on a Client Name or Client ID
• How to Enable a Choice Screen Between SMS and Voice for MFA During User Login
• How to Enable MFA for a Subset of Users
• How to Enroll a User in Both Google Authenticator and SMS with MFA API
• How to Enroll Multiple Guardian Emails (MFA Multiple Emails)
• How to Filter or Lock MFA Mobile Number Country Codes in New Universal Login
• How to Find the Users MFA Enrollments in Actions
• How to Get SMS MFA Enrollments with Full Phone Numbers
• How to List Users With MFA Enrollments
• How To Remove a User Recovery Code
• How to Reset MFA for a User Enrolled with Duo
• How to Resolve the "Guardian - There was an error sending the push notification: Invalid `sandbox` value and/or APNs certificate was provided" Error
• How to See the Complete Phone Numbers for MFA SMS Enrollment
• How to Test the OTP Phone Message
• How to trigger a Custom MFA Page with a Post-Login Action
• Identifier First + Biometrics Requires Enterprise MFA Feature
• Identify the Administrator Who Performed an MFA Reset
• Import User MFA Authenticator Enrollments Using Custom DB
• Inconsistent Behaviour when Using "Remember browser" - allowRememberBrowser Flag in Actions
• Incorrect Admin MFA Readiness Check
• Increase the Email Verification Code Expiration Time Beyond Five Minutes
• Invalid OTP Code from Mobile Authenticator Apps
• Invalidate MFA Browser Cookie
• Issues Enrolling Additional Factors using Actions
• Larger than Expected Volumes of gd_enrollment_complete Logs for Volume of gd_send_email Events
• Legacy MFA Phone Provider: legacy_mfa_phone_provider
• Lifetime of Link URL in "Enroll in Multifactor Authentication" Email
• Login Fails When Clicking Magic Link Sent from Passwordless Start Endpoint
• Login Fails with "Too many failed codes. Wait for some minutes before retrying" Error Due to MFA OTP Rate Limit"
• Managing MFA Enrollment for React and React-Native Apps
• MFA API with Custom Domain Leads to Error: "The mfa_token provided is invalid. Try getting a new token."
• MFA Auth Method Is Not Present after Login
• MFA authentication app produces the same token name for different Tenant and for all environments
• MFA Challenge Prompts User Despite Selecting "Remember this device for 30 days"
• MFA Challenge Screen Timeout
• MFA Customization / Flexible Factor Selection Not Compatible with the Non-Interactive Flows
• MFA Enrollment Devices Named as "K"
• MFA Enrollment Fails with Maximum Authenticators Error
• MFA Enrollment Order - Precedence of Factors
• MFA Enrollment Page - No Back Button After Selecting 'Trouble Scanning'
• MFA Factors Trigger Order on Login
• MFA methods with first login
• MFA SMS Authentication Codes/Period
• Migrate Away from MFA with Actions
• Multiple SMS Authentication Factors and Changing SMS
• Not All MFA Options are Available for Tenant Members - Private Cloud
• Okta Account Locked: MFA Reset Requests
• Open Web Interface for .NET (OWIN), Cannot Login, "IDX21323: RequireNonce is '[PII is hidden]'" or "RequireNonce is 'True'"
• OTP Attempt Limits
• Passwordless Email Login Attempts Maximum Exceeded
• Payload Validation Error: "Additional properties not allowed: legacy_mfa_phone_provider, legacy_passwordless_phone_provider on property flags"
• Phone Factor - "mfa-phone-challenge" vs. "mfa-sms-challenge"
• Possibility to Enroll in Email MFA or OTP
• Possibility to Restrict which OTP Authenticator App a User Can Use
• Post-Login Action to Trigger MFA OTP or Email as Fallback
• Private Cloud Guardian: Customizable MFA Factors
• Prompt Biometrics During Flows or Actions Before Authentication Has Completed
• Prompt for MFA on New Device Logins Only
• Reduce the Amount of Time of Remember Browser Setting in MFA for Testing
• Registering Device Biometrics for MFA with Bitwarden Fails with Error "Device registration error. If you already registered this device, please try again"
• Remove "Try Another Method" Link when Only One MFA Factor Is Enabled
• Removing Email Address Obfuscation for Email Based MFA
• Resending OTP Codes for MFA
• Resetting User's MFA in Dashboard Does Not Remove Email Enrollment
• Resource Owner Password Flow with MFA: Missing api_token in API Response
• Retrieve All Authenticators for Certain User
• Retrieving a List of Users with a Specific MFA Enrollment
• RSA SecurID Support for MFA
• Save Adaptive MFA Risk Scores to App Metadata Using an Action
• Selective Implementation of MFA for Specific Auth0 Database Connections
• Sending Email Fails With Error "Authenticated User Is Not Authorized to Send Mail"
• Setting MFA Default Factor when Multiple MFA Factors are Enabled
• Show a Code Instead of QR Code when Enrolling in MFA on a Mobile Device
• Silent Auth with /mfa Audience No Longer Works After Contextual MFA Challenge Enforcement
• Skip MFA from Actions with api.multifactor.enable('none');
• Slow Down MFA Voice Message with Twilio as the Provider
• SMS Multi-Factor Authentication Rate Limit Exceeds Error
• SMS Send Failures for an MFA Integration with Twilio
• Strategies to Prompt MFA at Customized Intervals
• Support for biometrics as 2FA supported with passwordless SMS
• Support for Duo Universal Prompt
• Support for WebAuthn Device Biometrics with Passwordless Connections
• Supported MFA Factors for China-based Users
• Tenant Member Appears Disabled
• Terraform Configuration for Toggling MFA Factor List during Enrollment
• Terraform provider not updating SMS MFA enrollment template
• The 10 DLC Registration through AWS Keeps Getting Rejected
• The Auth0 "gd_auth_failed" Log Event
• The event.user.enrolledFactors is not Set or is Undefined when Accessed in Actions
• The MFA Enrollment Screen for WebAuthn with Device Biometrics is Not Displayed
• The Use of Biometrics Returns "No passKeys available. There aren't any passkeys for {domain} on this device"
• Trigger MFA for Certain Active Directory User Groups
• Triggering the "gd_send_email_verification" and "gd_auth_email_verification" Events in Auth0 Tenant Logs
• Troubleshooting Steps for issue with Push Notification Errors with Apple Push Notification Service
• Twilio Error "From phone number is not valid (Code: 21606)"
• Two-factor authentication is required to access this application
• Unable to Login to Two Applications with Same Yubi Key
• Understanding How Passkeys and Face ID Work Together in Auth0
• Unexpected Challenge or Error with MFA API Access Token Request
• Universal Login Classic does not respect the tenant friendly name
• Update MFA Phone Numbers
• Updating User MFA Details in Post-Login Action Before MFA Challenge
• Use api.authentication.enrollWithAny to Enroll in Recovery Code after Enrolling in Another Factor
• Use Custom SMS Provider for Phone Message MFA
• User Notification Preference for Account Actions is Not Individually Configurable
• Users Are Not Prompted to Use MFA after Enrolling a Factor
• Users Directed to SMS Prompt Without Voice Option During MFA Login
• Users Prompted for Biometrics MFA after They Already Declined Biometrics for Login
• Users Prompted to Switch between SMS and Voice MFA - Voice MFA is Selected in Phone MFA Settings
• Users with MFA but multifactor[] is Missing
• Using an alphanumeric sender ID for MFA SMS
• Using Different MFA Enrollments of Both Identities of a Linked Account
• Using Email MFA with an Enterprise Connection
• Using Okta Verify for Auth0 MFA
• Using the Verification Email (Code) Template
• Verification Email URL Getting Changed to Include /ls/click/ when Using SendGrid
• Verifying an Email Address Using an OTP Instead of a Link
• Voice MFA Issues with Twilio
• WebAuthn Face Recognition in Android Devices
• WebAuthn Not Working for Android and iOS Phones
• Webauthn Setup via API
• WebAuthn with FIDO Device Biometrics - "invalid_request (No MFA factors enabled for enrollment)" Error
• When Does the MFA-Enroll-Result Screen Appear
• Which Provider Can Be Used with api.multifcator.enable() in Post-Login Actions
• Will Disabling MFA Affect User's Enrollments
• Workflow for Email and Phone Number

Organizations (79)

• "Global Per Minute organization_connections_read Group Limit Has Been Reached" Error
• "No connections enabled for the organization are visible" Error
• Add Migrated Users to Organizations
• Application Update Fails with "Error! No organization found by that organization id."
• Applications or Client Missing from Selection when Sending Invitation to Organization
• Auth0 Organization Invitation Configuration
• Auth0 Organization Invitation Disappears Without Being Accepted
• Authentication Error "No connections enabled for the organization"
• Authorization Extension and Organizations
• Automatically Adding a User to Multiple Organizations
• Blank Screen after Google Social Login with Non-Organization User
• Branding Settings for Organizations Are Not Applied to All Flows
• Can I use the organization_id to match a user to a specific data set at login time?
• Cannot Log In to Organization with Multiple Database Connections
• Conditionally Display Custom Logos in New Universal Login for Organizations
• Create Auth0 Applications with a Specific Client ID
• DAE and Organizations
• Deprecation of the "Prompt for Organization Name Without SSO" Auth0 Feature
• Different Favicon for Each Organization
• Disabling Organizations without Deleting Them
• Dynamic Upstream Parameters Based on Organization
• Enable Role-Based Access Control for User Roles in Organizations
• End-of-Life Rollout for Unprocessed Organization Parameter in Client Credentials
• Enforce MFA for Internal Users but not for External Customers
• Error "This application has MFA grants enabled. These grants are currently not supported when the application is accessed by team members of organizations"
• Error While Connecting an Organization to a Connection
• Error: Organizations Is Not Supported with Primary User Modifications in Rules
• Fetching More than 1000 Pending Invites for a Specific Organisation
• How to Add organization_id in Metadata With Actions
• How to Change Organization Metadata in Actions
• How To Restrict Signups to a Specific Connection for Users Invited to an Organization
• How to Set the Expiration of an Organization Member Invitation
• How to Use Organizations With the React SDK and Maintain User Sessions
• HRD Not Working for Multiple Connections when Configured for Business Users Only
• Implementing a Hierarchical Organizational Structure in Auth0
• invalid_request Sign-In Error to App using Organizations
• Limit of 20 Organizations on Universal Login Page Organization Picker
• ManagementAPI Error: "The account is not allowed to perform this operation, please contact our support team."
• Missing Login Experience Tab in Auth0 Application Settings
• Missing org_id in Auth0 Device Authentication Flow
• No Roles Assigned after Creating Organization Invitation through Management API
• Okta OIN Provisioning Rate Limit Error
• Organization Auto-Enrollment does not Work with Enterprise Connections
• Organization Auto-membership Feature Requirements
• Organization Domains Access Restrictions in Auth0
• Organization Form Button Text Is Unreadable
• Organization ID in Tokens using the Resource Owner Password Grant Flow
• Organization Invitation Flow and Auto-Membership Requirements
• Organization Invitation Links Default to the Signup Prompt
• Organization Member Login Error "client requires organization membership, but user does not belong to any organization"
• Organization Parameters Return Empty Values in Password Change Email Templates
• Organization Switching in Next.js
• Organizations Does Not Appear In Universal Login Organization Picker
• Organizations in iframe
• Organizations Not Supported with Classic Universal Login
• Password Change Error Organizations are not Supported in Classic Universal Login
• Password Grant Type Error "Only the Implicit, Authorization Code and Refresh Token grant types are currently allowed for applications"
• Possibility to Implement an Invitation Flow using Auth0 Organizations While Disabling Sign-up on a Connection
• Restrict API to a Specific Organization
• Restrict Sign-Ups to Just Invited Users for Organizations
• Retrieve and Update Organization Logo URLs Using the Management API
• SAML Login Not Working Properly when `connection` is Included in the /authorize Request
• Search For Organizations Using the Management API
• Setting the Organization Identifier
• si Log Event - user_id Missing Connection Type Prefix
• Sign Up for Organizations
• Single Connection Mapped to Multiple Organizations
• SSO Between Organizations and Auto-membership Not Working as Expected
• SSO is Not Working with Organization Feature
• Switch Logged In User Organization Using an Organization Picker
• Terraform auth0_client resource and the effect of organization_usage and custom_login_page_on
• Unable to See Newly Added Users in an Organization
• Understanding Access Behavior with Connections and Organizations
• Update "Types of Users" Setting Under Organization Tab
• Update or Remove Keys from Organization Metadata with the Management API
• User Assigned API Permissions Do Not Appear in Access Token Using Organizations
• User's Organization Roles Missing in Actions
• Users Not Getting Added to Organization
• Users not Receiving Organization Invites with fastmail.com

Passkeys (22)

• Auth0 Actions: How to Detect Native Passkey Use
• Auth0 WebAuthn MFA Enrollment: Resolving "Something Went Wrong" Error
• Biometric Authenticators Across Browsers in iOS
• Branding Customizations are Ignored for the Passkey Enrollment Screen
• Cannot Enable Passkey for Custom Database
• Common Webauthn Questions
• Configure User Account with Both Passkey and Password
• Creating a Second Passkey for the Same User on a Different Device
• Custom Signup Prompt Data Missing in Create Script With Passkeys Enabled
• How to Customize Passkey Page in New Universal Login
• Invalid Passkey Error : Native Passkey API
• Issue with the Passkey-Enrollment Screen when api.access.deny() is Called
• Login Flow Not Always Prompting for Login with Biometrics
• Passkey Local Enrollment (passkey-enrollment-local) Is Not Displayed When Using Cross Device Passkey
• Passkey Progressive Enrollment Fails with "Something went wrong..." Error
• Passkey Prompt: Reset the Timer for "Don't show me again"
• Passkeys Only Available in the "Identifier First" Flow
• Passwordless Login using Security Key
• Potential Threat to Passwordless OTP Security
• Removing the Buttons from the Passkeys Page
• Search for Users with Enrolled Passkeys
• Unable to Configure Passkeys Due to Pending Identifier First Prerequisite

Private Cloud Deployment (15)

• Auth0 Private Cloud IP Addresses for External SMTP Allowlist Email Provider Configuration
• Config Tenant Password Reset Emails Not Received (Private Cloud Environments)
• Determine if Auth0 Tenant is in Public Cloud or Private Cloud
• Export Password Hashes from Private Cloud with Metadata
• How rate-limiting is enforced for Private Cloud tenants
• How to Check the Auth0 Private Cloud's Release Number and Deployment Date
• How to View Your Private Cloud Deployment Cycle Window
• Not All MFA Options are Available for Tenant Members - Private Cloud
• Okta's Position on the EU Data Act
• Possibility to Migrate the Tenant to a Different Cloud Vendor
• Private Cloud - Cannot Add or Invite a Tenant Member
• Private Cloud - How to Get Access to View and Manage All Support Tickets
• Temporarily Pausing Private Cloud Space Deployments
• Unable to Create Tenants from the Manage Dashboard (Private Cloud)
• Unknown Tenants in Private Cloud Instance

Quickstarts (11)

• Add a Default Role to a New User on First Login
• Blank Screen after Google Social Login with Non-Organization User
• Difference between "Allowed Origins (CORS)" and "Allowed Web Origins"
• How to Use Refresh Tokens in a SPA
• iOS Permission Popup Appears During Login With Auth0.swift SDK
• Next.js 400 Bad Request Error on Callback Handler
• Open Web Interface for .NET (OWIN), Cannot Login, "IDX21323: RequireNonce is '[PII is hidden]'" or "RequireNonce is 'True'"
• Python Flask Auth0 Logout Error: "ServerClient.logout() got an unexpected keyword argument 'return_to'"
• Setup SSO for Auth0 Sample App With Okta As IdP
• Use of HTTP URLs in iOS Since Version 10
• Using Auth0 with .NET Aspire

SDKs (161)

• "A server with the specified hostname could not be found" Error with Auth0 Swift SDK in Xcode
• "Error 403: disallowed_useragent." when Using Google Sign In
• "Missing State Cookie From Login Request" Error in Custom Next.js Invitation Flow
• "No Credentials were Previously Set" Error with Android SDK
• .NET Application Errors with Status 500 from POST/callback
• .NET Application Suddenly Stopped Working : Certificate Expired
• .NET IDX21323 Error
• .NET SDK Used Behind a Reverse Proxy (NGINX) Uses Incorrect Callback URL
• Add a Default Role to a New User on First Login
• Add Default Connection from Inside an Application
• Align Guardian SDK Experience with Guardian App
• Android Device Error After Authentication "Error validating ID Token"
• Android SDK Error "No compatible Browser application is installed"
• Angular App - Adding Connection Parameter to Authorize Request
• Angular SDK Update Error: "Unable to issue redirect for OAuth 2.0 transaction"
• Auth0 Error Counts Increase After Disabling Refresh Token Fallback
• Auth0 Error Occurs When Launching Callback URL Without a Registered Handler
• Auth0 React SDK loginWithRedirect() function not making token request upon successful login
• Auth0 Redirect Request Cancelled in Chrome v141
• Auth0 SDK's Retry Mechanism on Rate Limit Error of Auth0 Management API
• Auth0 Session Timeout Not Working for Next.js SPA
• Auth0 SPA JS SDK Falls Back to Iframe Authentication on Refresh Token Failure
• Auth0Client Object Taking a Long Time to Initialize in Auth0-SPA-JS
• Authentication Error: Unable to Issue Redirect for OAuth 2.0 Transaction
• Authentication Lost after Refreshing an SPA
• Biometrics Not Prompted with WebAuthentication.webViewProvider() in Auth0.Swift SDK
• Blank Screen after Google Social Login with Non-Organization User
• Build a Fully Custom Login Page
• Captcha with Auth0.js
• Change the Color of the Navigation Bar in Auth0 SDK webAuth() Modal View
• CocoaPods Could Not Find Compatible Versions for Pod ?Auth0?
• Configure Caching with the Auth0 ASP.NET Core Authentication SDK
• Configure Multiple Domains with NextJS
• Cookies Set by the auth0-spa-js Library on Browsers
• Credentials Cannot Be Saved as "Save Credentials" Prompt Closes Too Quickly
• Dev Tools Console Displays ?auth0-spa-js must run on a secure origin? Error
• Embedded Login with Passwordless Connection Not Working
• Enabling Biometrics After Initially Declining on Android
• Enabling Users to Change their Email Address from a SPA or Native App
• ERR_LOGIN_HANDLER_FAILURE on Next.js Locally
• Error "At Least One Database, Enterprise or Social Connection Needs to Be Available" When Using Lock
• Error at Web Login on a Mobile App "Safari cannot open the page because too many redirects occurred"
• Error Login with Android SDK - Browser Not Available
• Error of "Not found" on Callback URL in Android Application
• Error When Trying to Add Native Google Sign-in to Android App
• Error: "Cannot Find Module 'tedious@1.11.0' Require Stack:..."
• Excluding App from SSO
• Facebook Social Login Fails with "Invalid State" Error
• Firefox Consent Popup for Native When Trying to Log In or Log Out
• Get an Access Token on Login via Next.JS
• getAccessTokenSilently Does Not Extend Auth0 SSO Session Idle Timeout When Using Refresh Tokens
• getAccessTokenSilently Timeout Delay During Error 403 Response
• GetCredentials() Method Returns Undefined in React Native Auth0 SDK
• Getting "Issuer.discover()" Error when Using Express OpenId Connect
• Handling Multiple Scopes in ASP.NET Core
• How To Add a Touch Icon for iOS and Android using Page Templates
• How to Automatically Redirect Unauthenticated Users with the Auth0 React SDK
• How to change the expires_in value of Access Token at Auth0's SPA SDK
• How to Change the Text of Forgot Password Option with Lock.js
• How to Control OIDC Metadata Cache Timing in .NET Core
• How to Force Re-authentication in Next.js with Auth0 Using max_age Parameter
• How to Get an Access Token with a Different Audience During the Login - NextJS - Auth0
• How to Get the User ID Token in Auth0-SPA-JS
• How to Log Out Users with .NET MAUI
• How to Securely Store Tokens in Auth0 Android Using SecureCredentialsManager
• How to Send x-correlation-id When Using node-auth0
• How to Use Local Authentication with the react-native-auth0 SDK
• How to Use Organizations With the React SDK and Maintain User Sessions
• How to Use Refresh Tokens in a SPA
• How to Use Refresh Tokens in React
• How to Use the Auth0 oidcClient.WinForms SDK with Edge Chromium / WebView2
• I'm using a custom languageBaseUrl for my Classic Universal Login page and upgrading to a newever Lock SDK version breaks the localization
• Implement Native Apple Sign-In with Auth0 in React Native
• Implement Refresh Tokens in ASP.NET (OWIN) MVC Application
• Implementing a Redirect with Actions and Passing Data Back to Auth0
• Implementing Native Login with React Native and Expo
• Importing Users with Auth0 Node.js SDK
• Install Let's Encrypt ISRG Root X1 Certificate on Android Below 7.1.1
• Invalid Algorithm Error in Auth0-SPA-JS
• Invalid Authorization Code Error with NextJS Auth0 SDK
• Invalid State Errors on handleRedirectCallback - Auth0 React SDK
• Invalid Token Error With Invalid JOSE Header When Using Auth0 Angular SDK
• iOS Permission Popup Appears During Login With Auth0.swift SDK
• Is there Flutter SDK support for Web Applications
• java.lang.UnsupportedClassVersionError
• JWKS-RSA Library Error: JsonWebTokenError Socket Hang Up
• Kotlin Android Exception FLAG_ACTIVITY_NEW_TASK
• LINE Social Connection Not Working on iOS Safari
• Localize Errors When using the Custom Login Page with auth0.js
• Lock Fails to Load and Generates Fetching Client Data Error
• Lock SDK Fails - 404 on cdn for clientID.js File
• Logging HTTP Response Headers with Auth0 Java
• loginWithPopup in the React SDK Hangs on a Blank Screen at /authorize/resume
• Logout Across Multiple Subdomains with auth0-spa-js
• Logout Triggering Silent Authentication in React SDK
• M2M and Web App Token Lifetimes
• Make the Auth0 Login Page Full Screen
• Migrating from Auth0.js to Auth0 SPA SDK: Handling Token Expiration
• Mitigating Missed Responses from Refresh Token Requests with the Auth0.swift SDK
• Mock the Session Cookie for Testing in a Next.js Application
• Native Mobile App Creation for iOS and Android
• Next JS: User Is Not Logged Out
• Next.js - 400 Error: "Callback handler failed. CAUSE: Missing state parameter in Authorization Response"
• Next.js 400 Bad Request Error on Callback Handler
• Next.js Callback 404 Not Found Error
• Next.js on AWS Amplify Throws Server Error Status Code 500
• Next.js Persistent "Invalid Authorization Code" Errors
• Next.js SDK Cookie Size is Too High
• Next.js SDK Logout Does Not Work Due to CORS Error
• NextJS GetAccessToken() Always Returns Error "The access token expired and a refresh token is not available"
• No Refresh Token Returned for Android Application
• node-auth0 SDK and the Network Connection at TCP Layer
• Node-auth0 v4 Updates
• Node.js Vulnerabilities(CVE-2023-3620 / CVE-2023-26140)
• Null Refresh Token with Embedded Lock and Implicit Flow
• OmniAuth Web App will not Communicate with SAML-Based IdP
• Open Web Interface for .NET (OWIN), Cannot Login, "IDX21323: RequireNonce is '[PII is hidden]'" or "RequireNonce is 'True'"
• Passing Custom Parameter to Logout Endpoint - Using Auth0 React
• Passing ui_locales Parameters to the Universal Login Page Using next-js-auth0 SDK
• Password Flows Restart the Flow and Refresh the Screen During OTP Input
• Passwordless SMS Localization Fails on Android but Works on iOS
• Perform a Logout Without Redirecting the User
• Performing User Searches With Go-Auth0 SDK
• React Native - Invalid signature on access token
• React Server Components Critical Vulnerability (CVE-2025-55182) Action Required
• Redirect after Logout in React SPA
• Redirect to Webpage or Open App for Email Verification Flow on Android Devices
• Redirect Users Directly to a Hosted Signup Page
• Reflect XSS Issue in Lock.js
• Safari Remains as Current Active App after Authentication if useEphemeralSession is Used
• SDK Support for Expo
• Security Model Comparison: Auth0-react vs. NextJS-auth0
• Send Additional Parameters to the Authorization Endpoint with the React SDK
• Send Language Preference for Passwordless SMS and Email using the Passwordless API with Auth0 SDKs
• Sending Custom Headers or Query Parameters on Server-Side Requests
• Setup a Splash Page Before Login Page
• State and Code Parameters Stuck in URL react-auth0 - User Getting Logged Out on Page Refresh
• Support Policy for Auth0 Python SDK
• Supported Android Target Versions with Auth0 Android SDK
• Switch Between Auth0 Domains and Clients with React Native SDK
• Sync Session with Auth0 when Using Next.js
• System Alert During Logout When Using Non-Ephemeral Sessions In iOS Swift SDK
• Token Expiration Value Not Reflected by expiresIn Property
• Token Refresh with NextJS-Auth0 SDK
• Trigger a Password Reset Email with the Laravel-Auth0 SDK
• Two Failed Attempts on iOS Biometrics Login Shows Unexpected Behavior
• Updating .NET Core Web API to .NET 6 Returns "invalid_token" Error
• Upgrading Angular 11 to Angular 12 with auth0-angular SDK
• Use of HTTP URLs in iOS Since Version 10
• User Invitation Link Returns Error "this connection does not support signups (incompatible screen_hint)"
• User Is Redirected to the Login Page Instead of User Dashboard when Using Refine with Auth0
• User Session Active after Token Expired
• Using Auth0 with .NET Aspire
• Using One or Multiple Auth0 Applications for iOS and Android in React Native
• Using PrefersEphemeralWebBrowserSession in Auth0 MAUI SDK
• Using SAML IdP-initiated SSO with @auth0/auth0-react
• Vue.js: How to Avoid Showing the Callback Page
• What Is the Difference Between SDK Versions
• When to Use Lock vs. Custom User Interface
• WPF App with Identifier First Enabled Returns Script Error When Editing Email "Object doesn't support property or method initCustomEvent"
• XCF Framework Binary File

Sessions (135)

• "amr" and "acr" Claims Omitted from ID Token on Renewal
• "assertion has expired" error: enforcement of SAML assertion lifetime values
• "Clear-Site-Data" Header Clears Auth0 Cookies and Breaks the Login Flow
• "Invalid JOSE Header, 'kid' is Required" Error During Token Validation
• /oauth/token Issues Token despite Prefixing Path with Arbitrary String
• Ability to Migrate Refresh Tokens to Another Client on the Same Tenant
• Access Token Does not Contain Expiration Time
• Access Tokens vs. ID Tokens
• Adding RBAC Permissions to Access Tokens
• api.accessToken.setCustomClaim Does Not Set the Custom Email Claim
• Apple Connection User Sub Claim Contains Dot (.) Characters
• ASN Header Validation on Manage and Teams Dashboards Blocked when Using Some VPNs
• Auth0 Dashboard Disconnects with "Your session is no longer valid" Message
• Auth0 Session Timeout Not Working for Next.js SPA
• Auth0 SLO for Applications Using Different Protocols: OpenID and SAML
• Auth0 Support for API Keys and Personal Access Tokens
• Authenticate with No Session
• Authentication Lost after Refreshing an SPA
• Authorization Code with PKCE via Connection
• Bulk Force Password Reset and Session Revocation for Compromised Accounts
• Calling /oauth/token Returns Grant Type 'client_credentials' Not Allowed for the Client
• Can Multiple Users Share the Same Session ID
• Can you access the Auth0 private key used to generate your own access tokens
• Cannot Maintain Multiple User Sessions in the Same Browser
• Cannot Maintain Separate Sessions with Two Different Clients on Same Domain
• Changing Access Token Expiry Dynamically
• Changing Certain Profile Attributes Terminates Session
• Clarifying Refresh Token Rotation in Auth0
• Controlling Session and Refresh Token Expiry Using Action Code
• CORS Errors on /oauth/token When Using Sentry
• Difference Between Properties of event.session in a Post-login Action
• Different Validity Time for Client Credential Grant Access Token
• Discrepancies Between Last Login and Login Logs in Auth0
• Does Blocking a User End their Session?
• Empty Session Object in Post-Login Actions Event
• End-of-Life Rollout for Unwarranted Session Removal After Management API User Updates
• Error at Logout from Third Party Application "No active session(s) found matching LogoutRequest"
• Error Creating a Vault With Auth0: "Failed to create OAuth session"
• Error Occurs When Using returnTo Query Parameter During Logout
• Event.session Object and Related Properties Are Not Populated in Actions
• Exceeding Refresh Token Limit
• Extending the Next.js appSession Cookie
• Extract Azure Custom Claim from ID Token and Copy it to User Metadata in Auth0
• Failed Token Exchange Occurs When Reusing an Older Refresh Token Within Reuse Interval
• Force New Tokens from the Google Social Connection
• Get an Access Token on Login via Next.JS
• getAccessTokenSilently Does Not Extend Auth0 SSO Session Idle Timeout When Using Refresh Tokens
• Getting an Access Token With Private Key JWT
• Handling Expired Refresh Tokens
• How to Add the Permissions Claim to an Access Token
• How to Get an Access Token for Testing
• How to Get an Access Token with a Different Audience During the Login - NextJS - Auth0
• How to Get an Azure V2 Access Token Saved in the Users Identity Profile in Auth0
• How To Get the 'phone_number_verified' Claim in the ID Token
• How to Get the User ID Token in Auth0-SPA-JS
• How To Obtain Session Details For All Users
• How to override sub in ID token to contain a custom field instead of user_id
• How to Prevent Multiple Active Sessions for the Same User
• How to use Token Expiration For Browser Flows (Seconds) field in API
• Identities Array Missing from ID Token in Callback Response
• Impact to the Existing Non-Rotating Refresh Tokens when Rotational Refresh Token Option is Enabled
• Inactivity Timeout and Refresh Token Exchanges
• Inconsistencies with "Remember this device for 30 days" Option and Ephemeral Sessions
• Invalid Payload String Error When Trying to Decode an Access Token
• Invalid Token Error With Invalid JOSE Header When Using Auth0 Angular SDK
• Is it possible to change the sub in the Auth0-generated jwt token?
• Issue with Google Workspace SSO Using SAML with Only One Active Session
• Issuer Mismatch in ID Token
• JWT Validation Fails with "Invalid number of parts: Expected 3 parts; got 5" Error Message
• Lifetime for Dashboard Users' Sessions
• Login Redirect Loop
• Login Session Does Not Persists
• Logout Not Working as Cookies Persist
• M2M and Web App Token Lifetimes
• Maintaining a Single Session Per User
• Management API Token Does Not Contain All Granted Scopes
• Map Incoming Azure Groups to Auth0 ID Token
• MFA Session Cookie (auth0-mf)
• Minimum Lifetime of an Access Token
• Mock the Session Cookie for Testing in a Next.js Application
• No IdP Access Token in Identities Array for OIDC Enterprise Connections
• Null Refresh Token with Embedded Lock and Implicit Flow
• Proactively Check Users Session
• Refresh Token Expired with No Apparent Reason
• Refresh Token No Longer Returns id_token
• Refresh Token Revocation
• Refresh Token Rotation: Automatic Reuse Detection Issue in iOS App
• Refresh Token Used with a Wrong Client ID
• Refresh Token with Token Flow (/oauth/token) Still Works after Back-Channel Logout Invalidates Session
• Refresh Tokens Comes Invalidated when Requested to Authentication API
• Refresh Tokens Format
• Reloading the Page Causes Logout and Authentication Session Loss
• Remove Claims from the ID Token with Actions
• Requesting Access Token Scopes with ROPG (RBAC enabled vs RBAC disabled)
• Retrieving Identity Provider Access Tokens
• Revoke Refresh Tokens When a User Successfully Resets Password
• Revoke Tenant Member Login Sessions
• Revoking Refresh Token does Not Trigger Backchannel Session Logout
• Run Actions Only Once per Session
• SAML Integrations Not Working after Signing Key Rotation
• SAML Logout Request Fails with "No active session(s) found matching LogoutRequest" Error
• Sending Arbitrary Parameters with Refresh Token API Calls
• Session Expiration Settings Will Not Save - API Error. Please Contact Support if the Problem Persists
• Session Lifetime Property for Terraform Provider Does Not Accept Fractional Values
• Session Management - Login Issues and Staying Logged In
• Set Access Token Claims Using Actions
• Set Different Access Token Expiration Depending on Application Grant Type
• Set ID Token Claims Using Actions
• Set the Groups Claim of an Access Token and/or ID Token
• Shopify Multipass Error "You are not authorized to use Multipass"
• Single Sign-On between Applications of the Same Tenant
• SPA Application Error No refresh_token was Issued Authorization Code Exchange Originated From a Browser
• State Parameter Validation Length
• Sync Session with Auth0 when Using Next.js
• Tenant Signing Key Rotation
• The Session Transfer Token for Native to Web SSO is Not Working for a Multiple Application Scenario
• The Uniqueness of Refresh Token
• Token Expiration Value Not Reflected by expiresIn Property
• Troubleshoot Refresh Token Unknown or Invalid Before Expiry "403: Unknown or invalid refresh token"
• Unable to Enable Refresh Token Rotation and Refresh Token Expiration in an Application
• Unauthorized Errors Seen on SPA when Calling /oauth/token
• Understanding the "Unwarranted Session Removal After Management API User Updates" Migration Toggle
• Updating .NET Core Web API to .NET 6 Returns "invalid_token" Error
• Use Azure AD Access Token to Call a Second Azure Application
• User is Not Logged Out after Password Reset
• User is Still Authenticated after Uninstalling and Re-installing the App
• User Session Active after Token Expired
• Users Remain Logged in After the Inactivity Timeout
• Verifying Logout Implementation using Details in Network and Tenant Logs
• Web applications under same domain override each other authenticated session
• What Headers Does Auth0 Send to IDPs During Token Exchange
• What Will Happen If a User is Deleted on an External IdP while the Auth0 Session is Valid in the SAML Connection
• When a Refresh Token Becomes Unusable
• Will Access/ID Tokens Received Via Refresh Token Contain the Custom Claims
• Workaround for oidc/logout Does Not Allow Query String Parameters to post_logout_redirect_uri

Single Sign-On (307)

• "404 Not Found" Error on 'user/ssodata' Endpoint When Using Lock
• "502 Bad Gateway" Error on Login Callback When Using NGINX Reverse Proxy
• "amr" and "acr" Claims Omitted from ID Token on Renewal
• "assertion has expired" error: enforcement of SAML assertion lifetime values
• "Audience is Invalid" Error in SAML Connections
• "No valid OpenID Connect metadata was found at the provided url" Due to SSL Error
• "OK" Message Seen on White Page when Calling /logout
• "options.oidc_metadata.acr_values_supported" must Contain Less than or Equal to 20 Items
• "Signing Certificate Will Expire" Warning for a SAML Connection
• "The Generated Token is Too Large" Error Returned from the Authentication API
• "Unable to Verify Signature" Error on SAML Connection
• 401 Errors on OpenID Configuration and JWKS Endpoints with AWS API Gateway
• 500 INKApi Error
• A Refresh Token Must Be Revoked by Its Issuing Client
• Access Tokens vs. ID Tokens
• Accessing a Tenant's Private Key
• Activate Just-In-Time Team Membership for Dashboard SSO Integration with Auth0 Teams
• Add a Prefix to SAML Response Signature Namespace - Auth0 as SAML IdP
• Add Organization Roles and Permissions to the SAML Response
• Adding the 'group' Claim to the Okta ID Token to Match the Default 'Okta Basic' Template - Okta Workforce Connection
• Additional Fields Are Being Added to the id_token
• ADFS Sign-In / Sign-Out Fails with Microsoft Error ID4037
• Adjust Clock Skew for SAML Enterprise Connections
• Application settings Missing the toggle for Trust Token Endpoint IP Header
• Arrays Mapped to String in OIDC or Okta Workforce Connection
• Attempt to create ADFS connection returns "Error! ... Either adfs_server or fedMetadataXml must be set but not both."
• Attributes of the Format urn:oid: are Not Mapped in SAML Connection
• Auth0 as an Identity Provider for Azure AD
• Auth0 Azure AD Connection Login Fails with error: "This login.microsoftonline.com page can't be found"
• Auth0 Error "Invalid Request" Connecting Native App to Azure AD Using ROPG Flow
• Auth0 SAML IdP: Issuer in SAML Response does not Match entityID in Auth0 IdP Metadata
• Auth0 SAML IdP: Set Issuer to URL-based Format in the Metadata
• Auth0 SAML Response has nameIdAttributes Value of [object Object]
• Auth0 SSO Error for Zendesk: No Attribute Found for nameIdentifier
• auth0.is.authenticated cookie - _legacy_auth0.is.authenticated cookie
• Authentication Error: Unable to Issue Redirect for OAuth 2.0 Transaction
• Avoid storing some PII data from external identity providers in Auth0
• Avoiding the iOS Alert Dialog to Achieve Single Sign-On in Native Applications
• Azure AD (Entra ID) Connection Resulting Error in AADSTS50011
• Azure AD (EntraID) Connection Only Returning Group Name and Not GUID
• Azure AD Connection Client Secret Expiration Notifications
• Azure AD Connection Error: "strServiceExceptionMessage":"AADSTS50011"
• Azure AD Connection not Supported with Microsoft Azure GCC Tenants
• Azure AD Enterprise Connection Disable HRD on Domain
• Azure AD Enterprise Connection Groups Suddenly Missing
• Azure AD Login Fails with Error "AADSTS900432: failed to obtain access token"
• Azure AD OIDC Error AADSTS700054 for Dashboard SSO
• Azure Connection Creates Duplicate Users when Updating App Settings
• Azure Connection Error 'AADSTS500011' in Logs
• Azure/Entra Connection Error: "AADSTS900023: Specified tenant identifier 'undefined' is neither a valid DNS name, nor a valid external domain."
• Bad Request Payload Validation Error Missing Required Property Scripts
• Blocked Users in Azure AD are not Blocked in Auth0 when Using SCIM
• Callback URL Mismatch Error ?{URL} is not in the list of allowed callback URLs?
• Can Multiple Users Share the Same Session ID
• Can the Issuer URL for OIDC Connections Have a Wildcard In the Path
• Cannot Login to Tenant Dashboard Using the SSO Connection after Enabling Tenant Member Management in Teams
• Cannot Update OIDC Connection Client Secret - The Save Button Does Not Respond
• Certificates Used in SAML
• Change Email Address Domain for Tenant Members when using Google SSO
• Change Identity Provider for Dashboard Admin SSO Integration
• Change SAML Signature Algorithm from SHA1 to SHA2
• Changing SSO Integration Properties via Management API
• Clicking Sign Up Using Identifier First Profile Will Not Trigger HRD for Azure AD/ADFS Connections
• Code Verifier Error "Parameter 'code_challenge' must be between 43 and 128 characters long"
• Conditionally Force Login with SAML Connections
• Configure a SAML Connection Using Okta as the IdP and Auth0 as the SP
• Configure an Enterprise OpenID Connect Connection to Call the User Information Endpoint
• Configure Auth0 to Send Encrypted SAML Assertion with Custom Keys
• Configure Single Sign On for Auth0 Dashboard: Migrate Tenant Members
• Configure Single Sign-on for Auth0 Dashboard
• Configuring a Single Azure Enterprise Connection for AD Azure Members and Social Accounts in Auth0
• Configuring Auth0 as an IdP Without Using SAML
• Connection's display_name Gets Overwritten When Updated
• Connections Created with metadataUrl Parameter Do Not Allow Updating Signed Requests Setting
• CORS Error when Calling the /.well-known/openid-configuration Endpoint
• Create Non-Single Sign-On "Break Glass" Account Using the Same Email Address
• Creating an OIDC Connection Fails with "options.issuer is required" Error
• Creating SAML Enterprise Connection from Customer Provided Metadata Files
• Custom SAML Mappings Not Included in Metadata File for SAML Connection
• Custom SAML Request Template Error "The InResponseTo attribute does not match the id in the AuthNRequest"
• Custom Signing and Encryption Certificate in SAML SP Metadata
• Dashboard Single Sign-On (SSO) Configuration for Self-Service Plans
• Dashboard User Sees "Unable to create a team or tenant" Screen when Accessing Auth0 Dashboard with SSO Enterprise Identity
• Determine if User has Passed MFA in Social SSO / Enterprise SSO
• Differences Between OIDC vs V2 Logout
• Disable Logout Consent Prompt with OIDC Endpoint
• Disable Seamless SSO Between Applications
• Display Enterprise Connection as a Button on Universal Login Page
• Dynamically Set SAML SSO Callback URL Based on User Organization
• Empty User from a SAML Connection
• Enable Single Sign On for a Legacy Tenant
• Enabling SCIM for an Azure AD/ Entra ID connection with the "User ID Attribute Type" configuration set to "Pairwise Subject Identifier"
• Encrypted SAML Response from Identity Provider Decoding Error
• End Users Forced to Use MFA when Using SSO with Upstream IdP
• Enforce Email Domain Validation for Auth0 Enterprise Connections
• Enterprise Google Workspace SSO using SAML
• Error "Missing required property: mode" When Saving OIDC Application Configuration
• Error "SAML metadata not found at: <...>"
• Error "Unable to correlate completed consent" when Logging in for the First Time
• Error ?invalid thumbprint? from SAML Login
• Error ?Timeout awaiting 'request' for 4000ms? Caused by External IdP
• Error Creating Mapbox SSO Integration - Login Attempt Appeared to be for a Different Service
• Error During IdP-Initiated SAML Login
• Error Message Displayed When Using IdP-Initiated Login With ADFS Connection
• Error Occurs When Using returnTo Query Parameter During Logout
• Event.session Object and Related Properties Are Not Populated in Actions
• Exceeding The Limit Of 20 Self-Service Profiles
• Excluding App from SSO
• Extract Azure Custom Claim from ID Token and Copy it to User Metadata in Auth0
• Federated Logout Fails When Auth0 Acts as SAML Identity Provider and Service Provider
• Federated Logout from an OIDC Application with a SAML IdP
• Get SAML Tokens via API
• Get Signing Certificate for a SAML Connection from Signicat
• getAccessTokenSilently Does Not Extend Auth0 SSO Session Idle Timeout When Using Refresh Tokens
• Getting "Issuer.discover()" Error when Using Express OpenId Connect
• Google Blocks SSO Sign-up and Login through Embedded Browsers
• Groups with Azure AD Enterprise Connection
• Hide or Remove CDN Endpoint "https://cdn.auth0.com/client/{client_id}"
• Home Realm Discovery not Initiated when Clicking Sign Up
• How can I get an access token of a user with external IdP (SSO) for testing
• How to Achieve Single Sign-On (SSO) Between Applications
• How to Allow Username/Password and Federated Logins
• How to Assign Group Memberships from Metabase
• How to Change the Tenant Name Displayed in Self-Service SSO Setup Ticket
• How to Control OIDC Metadata Cache Timing in .NET Core
• How to Create an OIDC Connection for ADP
• How to Enable the OIDC Logout URL in the Discovery URL
• How to Get an Azure V2 Access Token Saved in the Users Identity Profile in Auth0
• How To Get the 'phone_number_verified' Claim in the ID Token
• How to map a SAML attribute to user_metadata attribute
• How to Map email_verified Through SCIM Provisioning in OIDC Connections
• How to Map SAML Attributes when Auth0 is the SP in the SAML Enterprise Connection
• How to Pre-Register Users From an Enterprise Connection
• How to Store and Use a Custom Signing Key and Certificate for SAML with Actions
• How to Test New Connections with the Self Service SSO Setup Assistant
• Identity Brokering "fetch failed" Error Due to Network Restrictions
• IdP-Initiated Login is Not Enabled for Connection "TestIDPConnection" Error
• IdP-Initiated Login with Okta Enterprise Connection Is Not Supported
• Include an Upstream 'Nonce' Parameter with OIDC Connections
• Integrate AWS AppStream with Auth0 as SSO IdP
• Invalid Callback URL when Using SAML Flow
• Invalid Client Error With Private Key JWT Authentication When Requesting an Access Token
• Invalid Signature Error When Using Node-SAML for Setting Up Auth0 as SAML IdP
• Is it Possible to Implement Cross-Browser SSO?
• Issue with Google Workspace SSO Using SAML with Only One Active Session
• Issues Concerning Connection of App to Azure Active Directory (AD)
• Issues Mapping the Email SAML Attribute
• JWT Signing Using RSA Private Key
• Leading Whitespace in OIDC Connection Scope
• Limit to the Number of SAML Connections Created within a Tenant
• Login Rejection During Native to Web SSO Due to IPv4 and IPv6 Mismatch
• Login Session Does Not Persists
• Logins Fail for Particular Connection when Actions are Enabled with Error "cannot unmarshal string"
• Logout Not Working as Cookies Persist
• Management of Refresh Token Metadata in Early Access
• Managing Team Roles with SSO Integration with Customer IdPs
• Map Incoming Azure Groups to Auth0 ID Token
• Map the "displayName" Attribute in Microsoft Azure IdP to "name" Attribute in Auth0
• Mapping a Different ID Format from SAML Response
• Mapping Custom Attributes From a Custom Azure AD SAML Connection
• Mapping the 'name' SAML Attribute
• Mapping user_id in an OIDC Connection
• Maximum Number of Domains Allowed in Home Realm Discovery for SAML Connections
• MFA Challenge Occurs Twice with Native to Web SSO Flow
• Microsoft Azure AD "Error AADSTS7000215: Invalid client secret provided"
• Microsoft Azure AD (Entra ID) "Failed to obtain access token" and "Error AADSTS50146"
• Microsoft Social Account Users Login Through Azure AD Enterprise Connection
• Migrate Connection from ADFS to Azure AD
• Migrate Existing Tenant Members when Auth0 Teams is Enabled
• Minimum Permissions Required for a Google User for Google Workspace Integration
• Missing Auth0 Refresh Token During Native to Web SSO
• Missing Custom Attributes in Zendesk when Using SSO Integration
• Missing User Attribute Information After OIDC Login
• Multiple Applications across Two Tenants
• Multiple SSO Connections for Enterprise Teams
• New User Profile Created After Each SAML IdP Login
• No IdP Access Token in Identities Array for OIDC Enterprise Connections
• OAuth SSO with Canvas LMS as IdP
• OIDC Connection Creation ValidationError: "response_modes_supported" and "response_types_supported" are not Compatible with Front or Back Channel Connections
• OIDC Connection Logins Fail with "Plan executor error during findAndModify caused by cannot index parallel arrays"
• OIDC Enterprise Connection Cannot Perform Federated Logout
• OIDC Enterprise Connection Does Not Call /userinfo Endpoint
• OIDC Third Party Login
• Okta IdP-Initiated flow for Dashboard SSO
• Okta SAML Terminology
• Okta Workforce or OpenID Connect Connection Returns 403 Forbidden Error
• Only Allow Access for Certain Active Directory User Groups
• OpenID Connect ID Configuration
• options.set_user_root_attributes Not Returned in getConnection Call
• Overview of Signing and Encryption Features for a SAML Service Provider
• Pass in Hard coded values in SAML mapping
• Password Login via OIDC-Conformant Clients with Externally-Hosted Login Pages is Unsupported or Initiated from the Wrong Place
• Passwordless Connections Do Not Support SSO if Connection Parameter is Passed
• Perform a Logout Without Redirecting the User
• Ping Federate SAML Connection Fails with "Failed to read asymmetric key" Error
• Pre-fill Identifier and Skip signup-id Screen with login_hint and screen_hint Parameters
• Prevent login_hint From Being Sent With ADFS Connection
• Progressive Web Apps and SSO on iOS Not Working
• Receive Error "nonce mismatch, expected undefined, got: <value>" when Setting Up an Enterprise OIDC Connection Using Cognito
• Redirect After IdP-Initiated Login
• Request to Update Certificates / Certificate Expiration for SAML Dashboard SSO Integrations
• Response Protocol in IdP-Initiated SAML
• Restrict Allowed SSO Social Connections from the Auth0 Dashboard
• Retrieve a List of SAML Certificates and Expiration Dates
• Revoking Refresh Token does Not Trigger Backchannel Session Logout
• Rotating Azure AD (AAD) Connection Credentials
• Safari Blocks Auth0 Auth Cookies in iFrame
• Salesforce Changes to Device Activation for SSO
• Salesforce SSO SAML Integration Error: "Unable to create user"
• SAML 2.0 Addon Error
• SAML Addon Mapping Skipping Duplicated Attributes
• SAML Addon Mappings from ID Token Custom Claims in Actions
• SAML Attribute Mapping in SAML2 AddOn vs. Post-Login Action
• SAML Connection - IDP_Initiated SSO Default Application Dropdown not Showing All Applications
• SAML Connection - Using the CRT Files for Signing Certificate
• SAML Connection Error - Signature Check Errors: Invalid Signature
• SAML Connection Login Error: "IdP-Initiated login is not enabled for connection \"CONNECTION_NAME\"
• SAML Connection SP Initiated Logout Redirects to Different Application
• SAML Connection Stops Working
• SAML Error for Volunteer Sign-In
• SAML Error: "NameQualifier"
• SAML Errors Occur When Both Assertion and Response Signing Are Required by the Service Provider
• SAML Flow: acr_values is a String Instead of an Array of Strings
• SAML IDP Sends No Audience
• SAML Integrations Not Working after Signing Key Rotation
• SAML Login Not Working Properly when `connection` is Included in the /authorize Request
• SAML Logout Error "missing client.addons.samlp.logout.callback"
• SAML Logout Not Redirecting to returnTo URL - Stuck on Screen that Says OK
• SAML Logout Request Fails with "No active session(s) found matching LogoutRequest" Error
• SAML Protocol Binding Options
• SAML Request Sign Configuration If No Option Is Selected
• SAML Requests and Responses in the Auth0 Log
• SAML Response Containing Error "MessageID="unsatisfied_nameid_policy""
• SAML SLO Not Logging User Out
• SAML SSO using Auth0 as Service and Identity Provider Login Fails due to IdP Initiated Login
• SAML Unknown Error from Provider "The SAML response is not valid. Response do not contain signature"
• SAML User with IdP-Initiated is Not Sending the Email in the ID Token
• SAML Users are Required to Verify their Email
• SCIM Deprovisioning Fails With 400 Error Due to Incorrect Address Attribute Formatting
• Self-Service Single Sign-On (SSO) and Home Realm Discovery (HRD)
• Self-Service Single Sign-On Feature Entitlements
• Self-Service SSO and Retaining Control of Connection Enablement
• Send Only the Username as a Login Hint for a Specific Enterprise Connection
• Send Roles as Part of SAML Assertion when Auth0 is the IdP
• Sequence for Signing and Encrypting SAML Assertions
• Set Custom NameIdentifier Attribute in SAML Response from Auth0
• Set SAML Issuer in Actions (Auth0 as IdP)
• Set the Equivalent of the "Application Login URI" for an SSO Integration
• Set the Maximum Number of Groups to Retrieve while Creating an AD Connection
• Setting a SAML Attribute in an Action Fails
• Setting Application Login URI for Mobile Apps
• Setting Zendesk Account Name for SSO Integration via Terraform
• Setup SSO for Auth0 Sample App With Okta As IdP
• SHA384 Hash Algorithm Error with New SAML Connections
• Shibboleth SAML Connection Error "Credential failed name check"
• Signed Request in an ADFS as SAML Connection Error
• Single Log In Across Multiple SPA Applications Without Relying on 3rd Party Cookies
• Single Logout (SLO) for Applications Using the Same Auth0 Tenant for SSO
• Single Logout with Auth0 as the SAML IdP
• Single Sign On with Active Directory Does Not Behave as Expected
• Single Sign-On between Applications of the Same Tenant
• Single Sign-On Fails Due to Blocked Third-Party Cookies
• Slack Social OIDC Connection
• Social Connection with Microsoft Error "Proof Key for Code Exchange is required for cross-origin authorization code redemption"
• Social Provider Windowslive (Microsoft) Accepts Personal Accounts Only
• SSO Between Organizations and Auto-membership Not Working as Expected
• SSO Certification Expiration Custom Notification Date
• SSO for Auth0 Dashboard with Okta (OIDC)
• SSO Integration for SonarQube/Jenkins Breaks when Changing the Callback URL
• SSO Integration Not Displaying Properly in Auth0 Management UI
• SSO is Not Working with Organization Feature
• SSO Members are Not Automatically Assigned to Auth0 Teams
• SSO Not Working with SAML
• SSO when SAML Add-on is Configured in More than One Application
• Supported Formats for SAML Connection Signing Certificate are not Consistent Between Dashboard and Management API
• Supported SAML Response Encryption Algorithms
• Temporarily Editing or Anonymising User Attributes Using Actions for Custom SAML Assertion
• Tenant Member Redirect Looping in Auth0 Dashboard Login Page
• Tenant Signing Key Rotation
• Test SAML connection configuration programmatically
• The "AssertionConsumerServiceURL" Placeholder in the SAML Request Template Appear Blank at Login
• Ticket ID of an SSO Access Ticket
• Tracking Native to Web SSO Token Exchange and Login
• Try Button for an SSO Connection Leads to Redirect URI Errors
• Trying to access user outlook account through SAML connection with Azure AD
• Unable to Update Client Secret for Azure AD Enterprise Connection
• Understanding How Passkeys and Face ID Work Together in Auth0
• Update Home Realm Discovery Email Domains for Dashboard SSO Integration
• Update OIDC Connection via Discovery Endpoint
• Updating Entity ID and Callback Endpoint (ACS URL) Values for an Okta SAML Integration
• Upload a Second Signing Certificate for a SAML Connection
• Uploading a New Signing Certificate Using Self-Service SSO
• Use a Custom Certificate to Sign SAML Requests
• User Invitation Link Returns Error "this connection does not support signups (incompatible screen_hint)"
• User Receives "Malformed id_token_hint" Error During Logout Sequence
• User_id in Auth0 Populates with User Email in an Okta SAML Connection
• Using SAML IdP-initiated SSO with @auth0/auth0-react
• Verifying Logout Implementation using Details in Network and Tenant Logs
• Warning During Login "Error transforming template due to missing keys (n) from IdP context"
• WebView Flicker During Silent Authentication in React Native Using authorize() with prompt=none
• Welcome Email Templates not Sent for OIDC Connections
• What Headers Does Auth0 Send to IDPs During Token Exchange
• What is "Unverified Domain" in the Context of SAML IdP-Initiated Flow
• What is user_id that Auth0 Gets from Azure AD Login
• Why Login is Possible with Expired Certificate in SAML Connections
• Workaround for oidc/logout Does Not Allow Query String Parameters to post_logout_redirect_uri
• Zendesk SSO Integration Not Working: "Callback URL mismatch" Error

Universal Login (252)

• "config.json file is missing" Error when Using "auth0 universal-login customize"
• "Failed Silent Auth" and "Login Required" Errors
• "Sign Up" Button Not Appearing on the Login Page
• "Wrong Email or Password" Error when Configuring a SAML Service Provider
• .ulp-alternate-action Does Not Work in New UL Template Anymore
• 403 'Invalid state' from Custom Login Page with Classic Universal Login Enabled
• 404 NotFoundError on Classic Universal Login Page with the Auth0.js SDK Embedded
• Ability to Prompt Users for First and Last Name when Using the New Universal Login Experience Signup Flow
• Accessibility Standards in Login
• Action Error is Not Displayed in the Universal Login Page
• Action Triggered MFA Using enrollWith and challengeWith
• ACUL SDK and Simple Captcha Reloading
• ACUL SwitchConnection with Passwordless SMS
• ACUL: Navigate Back to Previous Screen when Clicking Back icon within Universal Login
• Add a Favicon Option for New Universal Login
• Add Custom Login Button to the New Universal Login Experience
• Add Custom Text to the One-Time Password Challenge Screen
• Add Dynamic Links to New Universal Login Page
• Add Footer on New Universal Login Signup Page
• Add Google Analytics to New Universal Login
• Add Terms and Conditions (or Terms of Service) to the Signup Screen
• Adding Custom Fields to the Signup/Login Widget when Using Classic Universal Login
• Adding Google Tag Manager to Universal Login
• Advanced Customizations for Universal Login (ACUL) Screen Rendering Settings Not Updating with Deploy CLI
• Asterisk "*" on New Universal Login Elements
• Auth0 "Back to My App" Hyperlink Styling Inconsistencies
• Auth0 "Resend email" Button Does Not Inherit the Primary Button Style
• Auth0 Deploy-CLI: Switch Between Classic and New Universal Login Experience
• Auth0 Identifier First + Biometrics Authentication Profile: Saved WebAuthn FIDO Device Biometrics Factor Not Found in Another Device
• Auth0 New Universal Login Missing Some Security Headers
• Auth0 Rate Limit Error and HTTP 429 Status on Passwordless Authentication
• Auth0 Service Not Found Error: MFA Suffix on Audience
• Auth0 Tenant Uses Default Directory Connection Instead of Application-Specific Connection
• Auth0 Validation Error Behavior Change for Email Addresses
• Auth0-CLI is not Able to Update New Universal Login Template
• Automated Testing with Identifier First Universal Login
• Background Image is Not Visible with the New Universal Login Page
• Bad Request Payload Validation Error Missing Required Property Scripts
• Blank Page on /u/login*
• Block or Deny User Sign-up by Email Domain
• Build a Fully Custom Login Page
• Button Not Displayed in Email Verification Result Screen
• Can the 'iss' Parameter Be Excluded from the Redirect URL
• Change Apple Logo Color for Sign in with Apple
• Change language of password reset custom page in Classic experience
• Change Password Widget Language
• Change the Text Alignment of Universal Login Widgets
• Changes Cannot Be Saved for Custom Text in Universal Login
• Check Whether Email Address is Valid Prior to Sending Password Reset Link
• Classic Universal Login MFA Prompt Fails on iOS when Switching Apps
• Clicking the ?Confirm? or 'Cancel' Button Multiples Times in the Device Confirmation Screen During the Device Auth Flow Causes Inconsistent Behavior
• Client-Side Custom Field Validation Fails in Universal Login Signup Form Overview
• Common Webauthn Questions
• Conditional and Custom Universal Login Text Elements
• Conditionally Display Custom Logos in New Universal Login for Organizations
• Conditionally Redirect Users After a Password Reset in New Universal Login
• Conditions to Trigger the New Universal Login Prompts
• Configure Additional Signup Fields on the Universal Login Page
• Configure Different Logos And Sizes For Multiple Applications In Custom Page Templates
• Configuring Single Screen Signup with Email and Password in Advanced Customizations for Universal Login
• Connection Buttons when Logging in with Organization
• Content Security Policy Error During iframe Login
• Content Security Policy Headers Not Present on Universal Login Redirect Endpoints
• Create a Custom Page Title per Application
• Custom Action to Decide MFA Frequency for Universal Login Flows
• Custom Login Page Update Is Not Reflected
• Custom Login Page with Lock.js Defaults to Incorrect Database Connection on Login
• Custom Prompt for ?The password has already been used" Missing
• Custom Prompts Fields Marked as Required Do Not Work with WCAG Compliance Toggle Enabled
• Custom Script in New Universal Login Page: "Forgot password?" Does Not Work as Expected
• Custom Text Changes Discarded Message Seen When Updating Custom Text Settings for Universal Login
• Custom Text in Universal Login Not Reflected in Login Form
• Custom Universal Login Themes for Applications on the One Tenant
• Customizations Not Possible with Universal Login Prompts
• Customize Error Message Displayed to Users Who Are Blocked
• Customize Forgot Password Wizard
• Customize Logo Height when Using a Custom Logo in New Universal Login Pages
• Customizing a Single Email Template for Multiple Languages
• Customizing Error Messages Shown for Phone Enrollment - New Universal Login
• Customizing the Expired Password Reset Link Message
• Database Login not possible when switching to the new Universal Login Experience
• Debounce Support in New Universal Login Page Template
• Deploy Customized Universal Login Page with Auth0 Deploy CLI
• Difference between "Allowed Origins (CORS)" and "Allowed Web Origins"
• Difference between descriptionEmail and emailDescription Keys for Universal Login Custom Texts
• Different Customizations for Different Applications using New Universal Login Page Templates
• Different Favicon for Each Organization
• Disable Sign-ups for a Specific Application
• Display the Application Logo on Login Page Instead of Tenant Logo
• Displaying Per-Application Logos on Auth0 Universal Login
• Domains to Allowlist for the New Universal Login
• Dynamically Brand the Auth0 Classic Universal Login Password Reset Page
• Edit Button in Login-Passwordless Prompt not Customizable or Localizable
• elapsedTime, initiatedAt, and completedAt Log Metrics
• Email OTP Verification - Expiry and Max Retries
• Enable Hebrew and Arabic Languages for New Universal Login
• Enable Mobile OS Autofill for OTP Codes in Auth0 Universal Login
• Enable Phone Number Suggestion on an iPhone Keyboard
• End-of-Life Rollout for the Universal Login WCAG 2.2 AA Opt-in Setting
• Enforcing Specific Mobile Phone Number Input Formats
• Error "Connection not secure" Received on Universal Login
• Error "custom-fields-too-long" in Auth0 Universal Login
• Error "You were redirected too many times" during Authentication
• Error 400 Occurs When Patching a Universal Login Page Template
• Error at Web Login on a Mobile App "Safari cannot open the page because too many redirects occurred"
• Error when Updating Custom Text in New Universal Login Prompt "Key <...> in screen <...> has invalid characters"
• Federated Logout and Single Logout (SLO)
• Font Customization not Working in New Universal Login
• Forms Do Not Support the Word "State" in ID
• Google reCaptcha V2 Dark Theme
• Google SSO in App Browsers (Webviews)
• Hide on Prompt signup-id Page Text Fields footerLinkText and footerText Based on Condition
• Hide or Remove CDN Endpoint "https://cdn.auth0.com/client/{client_id}"
• Hiding Social Login Buttons in the New Universal Login Experience
• Home Realm Discovery (HRD) Does Not Work with Username as the Sole Identifier
• Home Realm Discovery Fails for Okta Workforce Connection Using Classic Universal Login
• Home Realm Discovery Fails to Redirect to Correct Identity Provider
• Home Realm Discovery for Social Connections
• Home Realm Discovery not Initiated when Clicking Sign Up
• Home Realm Discovery Using Auth0.js
• Hosting 2 Login Pages on a Single tenant
• How to Change the Tenant Name Displayed in Self-Service SSO Setup Ticket
• How to Collect and Use the User's Local Language to Translate Universal Login
• How to Customize Passkey Page in New Universal Login
• How to Customize Text for the Error Prompts on the New Universal Login Template
• How to Customize the New Universal Login Page
• How to Customize the New Universal Login Widget using Custom Query Parameters
• How To Display Universal Login "redeem-ticket" Screen
• How to Enable or Disable the New Brute Force Protection Email-Based Unblock Flow
• How to Filter or Lock MFA Mobile Number Country Codes in New Universal Login
• How to Redirect the User to the Sign Up Page of the New Universal Login when Using the Auth0 WordPress Plugin
• How to Remove the "Forgot Password" Link from the New Universal Login Page
• How to Remove the Email Input Field from Universal Login
• How to Reset a Logged-In User's Password without Redirecting to the Universal Login Page
• How to Return to the Signup or Login Screen in Forms
• How to Show a Specific Auth0 Error Message When a User Signs Up with an Existing Email
• How to Use Passwordless, Database, and Social Connections in Same Universal Login Page
• How to use Plus Signs (+) in Email Addresses With the login_hint Parameter
• Identifier-First Password Reset Flow Behavior in Universal Login
• iFrame Login with the New Universal Login Fails with Content Security Policy Directive: "frame-ancestors 'none'" During Silent Authentication
• Implement Username/Password, and Passwordless Login at the Same Time with Flexible Connection Switching
• Implementing Auth Challenge CAPTCHA using Advanced Customizations For Universal Login
• Implementing Module Federation with Classic Universal Login
• Internal error when using page templates
• Invalid Key "invalid-email-format" on the Login Screen
• invalid_request Sign-In Error to App using Organizations
• Is the Phone MFA Voice Enrollment Error Message "We couldn't make the voice call. Please try again later" Customizable
• Limit of "ext-" Parameters on Universal Login Page
• Locale Validation Failed Error When Changing Language to Spanish in Universal Login
• Localization Not Working For New Universal Login Page Template
• Localize Errors When using the Custom Login Page with auth0.js
• Login Behaves in Unexpected Way when Using Browser Incognito Mode
• Login Error "Missing required parameter: response_type"
• Logo .EPS File Unable to Render
• Logo Not Displaying Correctly in Widget
• Making MFA Enrollment Optional
• MFA Challenge Screen Timeout
• MFA Customization / Flexible Factor Selection Not Compatible with the Non-Interactive Flows
• MFA Session Cookie (auth0-mf)
• Mobile App Login Fails with Error: ???????"Password login via OIDC-conformant clients with externally-hosted login pages is unsupported."
• Mobile Application Browser Support for Auth0 Universal Login
• Modify Text on the Account Unblocked Page
• New Universal Login Input Pop-up Error "Please fill out this field"
• New Universal Login ToS Acceptance
• New Universal Login Widget at the Top Left of the Page
• No Back to Application Button after Changing Password Successfully
• No Error Message Displayed for Non-Existent User in Passwordless Login
• Only Allow a Set List of Users to Sign-up
• Options to Host Universal Login in an iFrame
• Organization Form Button Text Is Unreadable
• Organization Parameters Return Empty Values in Password Change Email Templates
• Organizations Does Not Appear In Universal Login Organization Picker
• Organizations in iframe
• Organizations Not Supported with Classic Universal Login
• Page Template Cannot be Applied for Specific Prompts
• Page Template with CRLF Impacting the Branding on the Universal Login Page
• Pass Additional Parameters to the Universal Login URL
• Passing Custom Parameters to Pre-User Registration Actions
• Passing Email Unchanged to the AD LDAP Connector Using the Auth0 Lock Widget in the Classic Login Page
• Passing ui_locales Parameters to the Universal Login Page Using next-js-auth0 SDK
• Passkeys and Identifier-First Flow Support for Auth0 Lock
• Password Change Error Organizations are not Supported in Classic Universal Login
• Password Dictionary Limit
• Password Reset Flow on New Universal Login Does Not Indicate when a User Does Not Exist
• Password Reset Not Sent After Enabling Bot Detection for Password Reset Flows on Classic Universal Login
• Password Reset Pages Shows Username Placeholder Instead of Username or Email Address
• Password Reset Ticket Link Fails on Redirect With New Universal Login
• Passwordless Login Not Triggered using the New Universal Login with Identifier First Profile
• Potential Threat to Passwordless OTP Security
• Pre-Filling Custom Sign-Up Fields
• Prompt for First and Last Name During New Universal Login Signup
• Rate Limits on Universal Login Prompts /u/*
• Redirect Users Directly to a Hosted Signup Page
• Remove Auth0 Badge from Classic Change Password Prompt
• Remove Auth0 Watermark Branding from Universal Login Screen
• Remove Email/Password Authentication Option in Universal Login Form
• Remove Unnecessary White Spaces in the New Universal Login Widgets
• Render Custom Message on the Universal Login Screen Conditionally
• Render New Universal Login Within an iFramed Window
• Report of Users that Login Using the Username instead of Email
• Resending OTP Codes for MFA
• Resolving Email Domain Mismatch Error for Google Workspace Connections
• Resolving ui_locales Issues with Language Variants in Auth0 Universal Login
• Run Custom JavaScript After Signup with the Universal Login Page
• Save Button Does Not Work on the Universal Login Page
• Securing the error_description Variable in Universal Login Error Templates
• Send Email Invitations for Application Signup - Additional Information
• Sending Google Ads Notification on Universal Login Registration
• SEO Impacts with Universal Login
• Set a Custom Display Name for a Social Connection in Universal Login
• Setting Privacy Policy Checkbox on Password Reset Page
• Show Number of Remaining Attempts Before Brute Force Protection Triggers
• Sign Up Password Prompt Has an Unexpected "Go Back" Button on the New Universal Login Page
• Signup Tooltip ?Please Fill in this Field? Disable Pop-up Message
• Skip the Universal Login Page and Redirect to the Upstream Identity Provider Immediately
• Social and Enterprise Connection Buttons Not Displayed on the New Universal Login Screen
• Support for WebAuthn Device Biometrics with Passwordless Connections
• Switch to New Universal Login
• Terms of Use in Universal Login
• Test the User Confirmation Prompt for Non-Verifiable Callback URIs
• The `LoginId.federatedLogin` Method of ACUL SDK Returns "invalid-connection" Error
• Toggle for WCAG Compliant UI for Universal Login Not Visible in Dashboard
• Troubleshoot Custom Text or Language Issues in Universal Login
• Troubleshooting Missing "Display Connection as a Button" Feature in Enterprise Connection Settings
• Troubleshooting the "access_denied" Error
• Twitter Login Via Universal Login Page not working
• Unable to Activate Identifier First Authentication Profile
• Unable to Resend the Code More Than Twice - email-identifier-challenge ACUL
• Universal Login Classic does not respect the tenant friendly name
• Universal Login Errors Truncate Closing Period Characters
• Universal Login Logo Not Updating After URL Change
• Universal Login Page Customization
• Universal Login Page Customization - Customize Themes
• Universal Login Page Customization - Page Templates
• Universal Login Page Customization - Partials
• Universal Login Page Customization - Text Prompts
• Universal Login Page Does Not Show Username and Password Prompts Sometimes
• Universal Login Prompt Contains Unexpected Text Not on Custom Prompts Page
• Universal Login Sends Email From root@auth0.com Instead of Custom Email Provider Address
• Universal Login: "Continue" Button Becomes Unresponsive After Using the Browser's Back Button
• Unused Translations in email-identifier-challenge Prompt
• Update Password Policy Minimum Length in Classic Universal Login
• Updating Auth0 Custom Text for Organization Invitation Pages
• URL_TO_YOUR_ASSET Error when using Auth0 CLI
• Use Custom HTML on "Check Your Email" Screen
• Users Do Not Receive Password Reset Email for Social Accounts
• Using screen_hint Parameter at /samlp Endpoint
• Validate Email Format on Custom Login Page
• Visibility of Credentials in the /u/login/password POST Request Payload
• Visual Indicator after "Enable WCAG 2.2 AA compliant UI for Universal Login" Flag Enabled
• When "invalid-action", "invalid-audience", and "invalid-scope" Messages Are Displayed in Consent Screen
• XSS Injection on Custom New Universal Login Page

User Management (120)

• "User Already Exists" Error When Creating New User
• Add Member Button Missing from Tenant Dashboard
• Add Migrated Users to Organizations
• Add Roles and Permissions to the ID Token Using Actions
• Add Team Members
• Allowed Character Set for Password
• Auth0 Bulk User Import Without Password Hashes
• Auth0 Management API Returns Empty Result for Valid User ID
• Auth0 Sandbox Error: User Creation
• Automatically Adding a User to Multiple Organizations
• Azure Connection Creates Duplicate Users when Updating App Settings
• Back up or Export Auth0 Tenant and User Data
• Block Specific Characters in a User's Email Address During Registration
• Block Specific Email Domains Using a Post-Login Action
• Blocked User Does not Exist Under User Management
• Breached Password Detection when Creating User via Management API
• Bulk Exported Users File Decompresses to Many Files
• Bulk Update or Delete Users
• Bulk Update User Profile Details Using the Management API
• Bulk User Deletion Without Relying on Management API RPS
• Cannot Find Module Error During Auth0 Import With AWS Custom DB
• Check Whether Email Address is Valid Prior to Sending Password Reset Link
• Create Multiple Users with the Same Email Address
• Create User Button on the Dashboard's User Management Screen Missing for Some Tenant Members
• Creating Custom Roles for Tenant Members
• Customizing the Expired Password Reset Link Message
• Deactivation or Block Users after Several Days of Inactivity
• Default User ID Prefix Cannot Be Modified
• Delayed Updates in FGA Dashboard using OpenFGA
• Deleted Apple Users Receive Email "{Service ID} has revoked your Sign in with Apple account"
• Deleting Users And Deleting Associated MFA Authenticators
• Determine if Auth0 Tenant is in Public Cloud or Private Cloud
• Duplicate User Error When Performing a Bulk Import with Upsert False
• Duplicate User IDs Resulting in Actions Returning Wrong Profile
• Duplicate user_ids Can Cause Wrong Tokens to Be Returned after Refresh Token Exchange
• Duplicated User Sign Up Logs with the Same Email Addresses
• Email Address Not Updating for Users with an External Database
• Error HTTP 400 Unexpected Identifier When Updating Email
• Error in Bulk Import Job - "String is too short"
• Export Password Hashes from Private Cloud with Metadata
• Facebook Social Connection Does Not Return User Email Address
• Fields Are Blank in User Export CSV
• Force a Password Reset after a Specific Number of Days
• Get a List of Emails Sorted by Last Login Date
• Get or Export Users from the Auth0 Tenant
• Gravatar Usage with Auth0
• How Logins Count Work
• How to Add New Tenant Members
• How to Delete All Users on a Connection
• How to Enable MFA for a Subset of Users
• How to Obtain a List of Users Deleted from a Tenant
• How to Resend a User Verification Email
• How to Use the Password Hashes Export from Auth0
• How User Redirection Works after Email Verification
• Implement Email Verification to Prevent Access with Unverified Emails
• Import Export Extension Fails to Load
• Importing Active Directory User's Password in Auth0
• Importing Users with Auth0 Node.js SDK
• Include User Metadata in Auth0 User Exports
• Invitations Not Getting Sent while Adding New Tenant Members
• Invite Users Created by the Management API
• Is it Possible to Use a Post-User Registration Action (or Hook) to Update a User
• Large Metadata Search Returns No Results
• Last Login Date on User Profile Does Not Match User Activity on Tenant Logs
• Management API Post-authentication-methods Endpoint Returns 404 Error "The user identity does not exist"
• Managing Tenant Members via API
• Mapping Email in NameID Field
• Maximum Character Count for user_id from External Identity Providers
• Migrate Users from One Connection to Another Connection
• Migrating Database Users from One Tenant to Another Tenant
• Missing Permissions in Auth0 Dashboard due to Pagination Limit
• Monthly Active Users (MAU) for Enterprise Connections Shows as Zero
• Newly Added Tenant Members Are Getting Unexpected Sales Emails
• Number of Roles per User
• Okta Account Locked: MFA Reset Requests
• Passing UTM Parameters to Authentication Attempt
• Password Reset Ticket Endpoint Fails With "User does not exist" Error on Custom Database Connection
• Patching a User's Email with the Same Email Causes 'email_verified' Attribute to Become 'false'
• Performing Bulk User Import with Management API and User Import/Export Extension
• Performing User Searches With Go-Auth0 SDK
• Prevent User Creation From Social Logins
• Query Timeout for User Search Cannot Be Configured
• Querying Refresh Tokens Via the Management API
• Redirect Blocked Users to a Custom Error Page Using Rules or Actions
• Remove Tenant Members Programmatically
• Restriction on Updating Multiple Core User Attributes Simultaneously via Auth0 Management API
• Retrieving Auth0 User Roles in Bulk While Respecting Rate Limits
• Retrieving Logs after Auth0 Retention Period has Expired
• Retrieving Users Updated Since Specific Date
• Role Assignment Fails with 404 for Existing Users
• Roles Custom Claim is Empty after Roles Are Set on User Creation (via Auto-import)
• Scheduling Deletion of Inactive Users
• SCIM Error Failed to Match an Entry in the Source and Target Systems
• Search for Users by a Specific Word in an Email Address
• Second Login Prompt When Logging In to Auth0 Dashboard Using a Social Provider
• Self-Service Subscription Limit for Tenant Admin Members and Teams Members
• Tenant Member with Viewer Role Can Create Tenant and Update Tenant Settings
• Tenant Members Password Policy
• Total Number of Users Per Tenant
• Trace Logs for User Deletion by Email
• Trigger the Change Password (Code) Email Template
• Unable to Create User - Cannot Find Module 'auth0@2.9.1' Require Stack
• Unable to Grant Tenant Members Access to Multiple Specific Apps
• Unable to Log In to the Auth0 Dashboard Despite Resetting Password and MFA
• Unable to See Newly Added Users in an Organization
• Unable to Update Tenant Member Roles when All Roles are Deselected
• Understanding Monthly Active Users
• Unique Email Address Per User Requirements with Auth0
• Updated User Email Results in User with Old Email Does Not Exist in Auth0 Database
• Updates in Auth0 Dashboard to Resources Managed by Terraform Cause Desynchronization
• Uppercase Characters in User Email Addresses
• User Not Found Error When Updating Users imported from a Custom Database (Import Mode ON)
• User or App Metadata was not Updated in Actions
• User Unable to Access Tenant even when they Appear in the Members List
• Users Directed to SMS Prompt Without Voice Option During MFA Login
• Verify Current Password Before Changing to New One
• Warning During Login "Error transforming template due to missing keys (n) from IdP context"
• What is Counted as Monthly Active Users (MAU)
• What is the Maximum Size of user_metadata and app_metadata Profiles
• Which created_at Value is Used when Migrating Users from One Tenant to Another