Important: v6.0.0 introduces breaking changes related to type correctness and API alignment.
Please review the v6 Migration Guide for detailed upgrade instructions.
💥 Breaking Changes
ConnectionAttributeIdentifier replaced with identifier-specific types
ConnectionAttributeIdentifierhas been removed and replaced with three separatetypes: EmailAttributeIdentifier,PhoneAttributeIdentifier, andUsernameAttributeIdentifier.- Each type now correctly scopes the allowed values for default_method to its attribute.
- These changes are not backward compatible - update any code that references
ConnectionAttributeIdentifier.
PhoneProviderProtectionBackoffStrategyEnum value change
- The None variant (
value: "none") has been renamed to Default (value: "default") to align with the updated Auth0 API. - Update any code using
PhoneProviderProtectionBackoffStrategyEnum.None or the string "none".
federatedConnectionsTokensets sub-client removed
client.users.federatedConnectionsTokensetsand its list() / delete() methods have been removed.- Remove any calls to this sub-client from your code.
federated_connections_access_tokens removed from connection options
- The
federated_connections_access_tokensfield has been removed from all connection option types (create and update) across OIDC, Azure AD, Google Apps, and other connection strategies. - Remove this field from any create or update payloads.
✨ Highlights
- Passwordless type correctness:
PhoneAttributeIdentifiernow properly supportsphone_otpas a validdefault_method, fixing a gap in DB connection passwordless configuration. - Custom token exchange: Suspicious IP throttling stage support added.
- Org role members and third-party client access management added.
- OIDC connection updates with improved type coverage.
- Node.js 26 is now supported.
- The Authentication API client is fully compatible - no breaking changes in 5.x auth code.
📘 Migration Guide: v6_MIGRATION_GUIDE.md