The end-of-life date for defaulting to skip the login confirmation prompt for non-verifiable callback URIs was April 28, 2026. The process to transition tenants out of the deprecated default has the following phases:

• May 6, 2026, version 202619 - Tenants tagged as development or staging tenants. The transition occurs according to the tenant's environment tag when changes roll out for each environment. Therefore, changing a development tenant to production after the rollout phase is complete will not reinstate the deprecated behavior.
• TBD - Outstanding tenants, including production tenants.

The dates above mark the start of each phase's rollout; each phase may take several weeks to complete, so tenants in the same phase may not see the change at the same time.

This article will be updated as information on the complete timeline for transitioning to the new default becomes available.

Once a tenant transitions to the new default behavior, unless overridden by configuration, end-users logging in to client applications that use a non-verifiable callback URI (custom URI schemes or loopback URI callbacks) may need to explicitly confirm the login by interacting with a login confirmation prompt.

Additionally, for applications using non-verifiable callback URIs, the service will return an error response to authentication requests that include the `prompt=none` parameter if the new login confirmation prompt is in effect.

• End of Life (EOL)
• Universal Login
• Custom URI Scheme and Loopback URI Callbacks

Auth0 updated the default behavior for login requests with non-verifiable callback URIs as part of a calendar-year 2026 change aimed at reducing the risks of application impersonation.

On November 11, 2025, Auth0 announced the planned change to service defaults. The information provided in the original announcement is available in the respective Dashboard and Support Center notification.

As part of changing default service behavior, Auth0 introduced settings at the client application and tenant level that can override the new default. Turn off the Non-Verifiable Callback URI End-User Confirmation toggle for individual applications or globally in tenant advanced settings (Login and Logout section) to revert to the previous behavior and skip the login confirmation prompt.

Security consideration: Skipping the confirmation prompt may increase the risk of application impersonation for applications using non-verifiable callback URIs. For example, a malicious application could try to intercept a custom URI scheme, potentially gaining unauthorized access without the user's awareness.