v5.18.0 (2024-11-25)
Added
- Add Refresh Token endpoints for the Auth0 Management API #614 #623 (arpit-jn)
- Add Management API calls for session API endpoints #613 #616 (arpit-jn)
v5.17.0 (2024-05-24)
Added
- Add user session management API calls #588 (wjohnstondrip)
v5.16.0 (2023-11-13)
Added
- [SDK-4546] Add orgs in client credentials support #540 (adamjmcgrath)
v5.15.0 (2023-10-30)
Added
- [SDK-4659] Add fields to get_organizations_members #532 (adamjmcgrath)
v5.14.2 (2023-10-03)
Fixed
v5.14.1 (2023-07-19)
Fixed
- chore: should not lowercase org_name claim #499 (stevehobbsdev)
v5.14.0 (2023-07-13)
Added
- [SDK-4386] Support Organization Name in Authorize #495 (stevehobbsdev)
v5.13.0 (2023-04-24)
Added
- [SDK-4142] Add support for /oauth/par #470 (stevehobbsdev)
Deprecated
- Drop support for 2.7 in CI build #467 (stevehobbsdev)
v5.12.0 (2023-03-13)
Added
- [SDK-4014] User Authentication Method management API support #450 (stevehobbsdev)
Fixed
v5.11.0 (2023-01-27)
Added
- feat: support exchanging OTP codes for tokens #438 (stevehobbsdev)
- [SDK-3869] Support client credentials in management client #437 (stevehobbsdev)
- [SDK-3863] Add support for Client Assertion in authentication endpoints #434 (stevehobbsdev)
Changed
- ci: include Ruby 3.2 in test matrix #436 (stevehobbsdev)
v5.10.0 (2022-10-10)
Changed
- Update jwt ~2.5 #384 (stevehobbsdev)
Fixed
- Stop :get, :delete parameters from bleeding into subsequent requests #388 (stevehobbsdev)
- Support complex field names in export_users #387 (stevehobbsdev)
- Reconfigure rate limiting exponential backoff #386 (stevehobbsdev)
v5.9.0 (2022-08-24)
Added
Changed
- Add include_totals to get connections options #357 (stevehobbsdev)
Fixed
- Fix typo and remove param that is not used #365 (MatthewRDodds)
- correct remove_user_roles doc: roles param is ids, not names #359 (gbirchmeier)
v5.8.1 (2022-06-30)
Fixed
Security
v5.8.0 (2022-03-25)
Added
Fixed
- Cache RS256 JWKS by url to allow for multiple Auth0 tenants per runtime #325 (rmm5t)
- Allow to pass nil to client_id arg of device_credentials #321 (shibayu36)
Security
- Bump nokogiri from 1.13.1 to 1.13.3 #320 (dependabot[bot])
v5.7.0 (2022-02-17)
Added
- [SDK-3118] Add attack protection endpoints #316 (stevehobbsdev)
Fixed
- [SDK-3106] Fix up tests for Ruby 3 and rspec-mocks update #313 (stevehobbsdev)
- Fix #310: delete_organizations_member_roles should use delete_with_body instead of delete #311 (SanterreJo)
v5.6.1 (2021-09-14)
Fixed
- Fix
delete_grant
API call #304 (danimal141)
v5.6.0 (2021-09-14)
Added
-
New Actions endpoints CH: Added review:medium. #293 (davidpatrick)
-
Updates rest-client to 2.1. #296 (davidpatrick)
-
Add token cache and renew functionality for API requests #301 (stevehobbsdev)
Deprecated
- Deprecate change_password in favor of reset_password. #297 (davidpatrick)
v5.5.0 (2021-08-06)
Added
- Automatically retry requests when API returns a 429 rate-limit status header. #290 (davidpatrick)
v5.4.0 (2021-07-23)
Fixed
- Fixing yard issues with documentation #288 (davidpatrick)
Changed
- Change strategy when normalizing path #287 (davidpatrick)
v5.3.0 (2021-07-23)
Added
- Checkpoint Pagination #284 (davidpatrick)
v5.2.0 (2021-07-20)
Fixed
Added
Changed
v5.1.2 (2021-07-15)
Security
- Bump addressable version per CVE-2021-32740 #276 (lostapathy)
v5.1.1 (2021-04-14)
Fixed
- Fixes create_organizations_enabled_connection #269 (davidpatrick)
v5.1.0 (2021-04-09)
Added
- Org idtoken validation guidance #267 (davidpatrick)
- Adds Branding endpoints #266 (davidpatrick)
- Organizations feature #264 (davidpatrick)
- Add Organizations support to Authentication API Client #263 (davidpatrick)
- Add api_identifier as an accepted configurable #261 (QWYNBG)
- add name param to connections api #260 (QWYNBG)
v5.0.1 (2021-02-02)
Added
Fixed
Security
- Bumps nokogiri from 1.10.10 to 1.11.1 #258 (dependabot)
v5.0.0 (2020-10-22)
This release addresses some long standing issues with the library that could only be addressed in a major. We have also removed Api/v1 endpoints and other deprecated methods.
The following top level structs were colliding with other libraries, this was addressed in #183 and have been namespaced with ::Auth0::
ApiToken
changed to::Auth0::ApiToken
Permission
changed to::Auth0::Permission
AccessToken
changed to::AccessToken::AccessToken
This method was requiring you send in a name
, which was optional, but didn't require connection_name
which isn't optional. This was fixed in #244.
Auth0::Api::V2::Users.create_user(name, options = {})
has changed to Auth0::Api::V2::Users.create_user(connection_name, options = {})
APIv1 endpoints were deprecated in 4.x and now have been removed in v5. They reached end-of-life in the Public Cloud on 13 July 2020. Migration from v1 to v2 has been documented here https://auth0.com/docs/product-lifecycle/deprecations-and-migrations/migrate-to-management-api-v2
In 4.x RateLimitEncountered
was inheriting from Auth0::Unsupported
in order for backwards compatibility. This class is now inheriting Auth0::HTTPError
. If you are catching 429 errors with Auth0::Unsupported
then you will need to migrate to catching with Auth0::HTTPError
.
Fixed
- Don't define structs as top-level constants (breaking changes) #183 (makimoto)
- Fix create_user implementation (breaking changes) #244 (davidpatrick)
Removed
- Removed Deprecations (breaking changes) #245 (davidpatrick)
v4.17.1 (2020-10-21)
Fixed
- Addressable dependency #247 (davidpatrick)
v4.17.0 (2020-10-19)
Added
- Add pagination to user permissions #241 (davidpatrick)
Deprecated
- Addressable URI Escape #240 (davidpatrick)
v4.16.0 (2020-10-02)
Added
- New Email Verification Fields #237 (davidpatrick)
Security
- Bump actionview from 6.0.3.2 to 6.0.3.3 #236 (dependabot[bot])
v4.15.0 (2020-09-04)
Added
- Add log streaming endpoints #233 (davidpatrick)
v4.14.0 (2020-07-20)
Deprecated
- Deprecate mgmt v1 calls #230 (davidpatrick)
Removed
- Remove iat claim value check #229 (lbalmaceda)
Fixed
v4.13.0 (2020-06-18)
Added
- Add prompts endpoints #205 (unhappychoice)
Fixed
v4.12.0 (2020-06-10)
Added
Security
- Bump activesupport from 6.0.3 to 6.0.3.1 #221 (dependabot[bot])
- Bump actionpack from 6.0.3 to 6.0.3.1 #220 (dependabot[bot])
v4.11.0 (2020-05-06)
Added
- [SDK-1542] Add client secret to Passwordless flow since it is now required #217 (stevehobbsdev)
v4.10.0 (2020-04-23)
Added
- Added support for name_filter parameter [SDK-1607] #214 (Widcket)
- Pass client_id, audience at Auth0::Api::V2::ClientGrants#client_grants #209 (hkdnet)
- Add rubocop-rails #200 (tknzk)
Security
- Update rack requirement from ~> 1.6.4 to ~> 2.1.2 #206 (dependabot[bot])
- Update rake requirement from ~> 10.4 to ~> 13.0 #207 (dependabot[bot])
- Update dependencies and CI script #210 (lbalmaceda)
v4.9.0 (2019-09-25)
Closed issues:
- Dot in role name makes description disappear #194
- Missing require Permission #192
- Token required even when not necessary #190
Fixed:
- Fix request timeout #188 (makoto-matsumoto)
- Fix missing Permissions mixin #196 (joshcanhelp)
Added:
v4.8.0 (2019-08-01)
Closed issues
- Not enough information in exception when Rate Limiting is encountered #158
Added
- Add Management API Anomaly endpoints #179 (makoto-matsumoto)
- Add parameters for users imports #177 (makoto-matsumoto)
- Add failed job error details endpoint #176 (makoto-matsumoto)
- Add Management API Roles endpoints #172 (joshcanhelp)
- Expose rate limiting information #170 (philomory)
- Add missing User Management API endpoints #169 (joshcanhelp)
- Add Gemfile.lock file #165 (lbalmaceda)
Changed
- Add Roles and Users endpoints integration tests #174 (joshcanhelp)
Deprecated
- Deprecate Auth0::Api::V2::Users.delete_users #181 (joshcanhelp)
Removed
- Gemspec: Drop EOL'd property rubyforge_project #180 (olleolleolle)
Security
- Fix Yard dependency vulnerability #184 (joshcanhelp)
v4.7.0 (2019-03-19)
Closed issues
Added
- Add Client ID to send_verification_email #162 (joshcanhelp)
- More password change params #159 (nhusher)
- Add patch resource server #157 (philomory)
- Get all resource servers #155 (philomory)
v4.6.0 (2018-12-17)
Closed issues
- New Release with Client Token work #148
- Unable to initialize Auth0Api #147
- Issues building the documentation #135
- signin with referral token #127
- Some challenges when upgrading to Ruby 2.5.1 #122
- Cannot refresh access token with refresh token. #111
- Incorrect request_params for username-password login #109
- Obtain APIv2 Token #86
Added
- Add refresh token method and unit tests #150 (joshcanhelp)
- Improve telemetry; more modular Auth API #149 (joshcanhelp)
- Add ttl_sec argument to post_email_verification request. #145 (digitaldawn)
- Add issue and PR templates, CoC #141 (joshcanhelp)
- Add new login_ro method to replace login #133 (joshcanhelp)
- Add VCR to and improve all integration tests #132 (joshcanhelp)
- Add new method to perform an auth code exchange #131 (joshcanhelp)
- Add new userinfo method for auth endpoints #130 (joshcanhelp)
- Add Client Credentials grant #129 (joshcanhelp)
Changed
- Improve the test suite #143 (joshcanhelp)
Deprecated
- Formal deprecation of 4 auth endpoint methods; rubocop #151 (joshcanhelp)
Fixed
- Documentation improvements #139 (szemek)
- Fix typos in README.md #137 (swetax)
- Explicitly require JSON dependency #126 (jgaskins)
v4.5.0 (2018-07-27)
Closed issues:
- New version with updated rest-client dependency #93
- Bug?:
result
from auth0/mixins/httpproxy.rb returns 'nil' #88 - import_users fails with EOFError #56
- Using inside of a Rails API #55
- Add documentation? #102
- logout_url does not include client_id parameter #81
Merged pull requests:
- Correctly default grant_type to 'password' in login method #107 (psparrow)
- Add additional parameters for WS-Fed URL #123 (joshcanhelp)
- Deprecate Authentication API endpoints #121 (joshcanhelp)
- Clean up auth endpoint tests #120 (joshcanhelp)
- Fix docblocks for Authentication API endpoints #119 (joshcanhelp)
- Add Client ID to logout_url #118 (joshcanhelp)
- Add pagination and tests for Rules endpoint #117 (joshcanhelp)
- Add pagination and tests for Client Grants #116 (joshcanhelp)
- Add search_engine parameter to Users endpoint + tests #115 (joshcanhelp)
- Improve README #114 (joshcanhelp)
- Add pagination and tests to Clients and Connections endpoints #113 (joshcanhelp)
- Use Secure RubyGems Source #112 (markprovan)
v4.4.0 (2018-02-19)
Closed issues:
- Authentication Login is using
/oauth/ro
. #89
v4.3.0 (2018-02-19)
Merged pull requests:
- Fix script publish gem #106 (alexisluque)
- Add support to /api/v2/users-by-email #105 (edgurgel)
- Update /login to use /oauth/token #94 (Zensaburou)
- Fix error in the readme regarding timeouts #90 (ksamc)
v4.2.0 (2018-02-15)
Closed issues:
- Vulnerable dependency: yard #99
- post_password_change results in payload validation error #84
- Unsupported on latest ruby version (2.4.0) #83
- Adding a resource server breaks authentication. #76
- outdated dependencies in ror-api example #75
Merged pull requests:
- Add scripts and Dockerfile to publish SDK on rubygems #104 (alexisluque)
- Fix typo #103 (coisnepe)
- Fix tests #101 (alexisluque)
- Update outdated dependency #100 (alexisluque)
- Fix build #98 (alexisluque)
- Add delay to integration test #97 (alexisluque)
- Fix build #96 (alexisluque)
- Removed reference to API v1 #91 (aaguiarz)
- Update rest-client version to v2 #87 (hzalaz)
- Introduce and raise exception for timeout #85 (anderslemke)
- corrected missing comma in example code of readme.md #79 (drewnichols)
- Resolve v1 API example error #78 (jesseproudman)
- updated dependencies in ror api example. Fix #75 #77 (Amialc)
- Add a badge to documentation #74 (amingilani)
- Typo #73 (amingilani)
- Add how to generate documentation to the README.md + patch_user #72 (ignaciojonas)
v4.1.0 (2016-07-25)
Closed issues:
- #post_password_change requires a password for ticket. #69
- Exception messages are ruby hash string literals #63
- Ruby on Rails API issue #61
- Not possible to have V1 and V2 clients at the same time #60
- Be able to control timeout #57
- Version 4 changes #54
- Implement API v2 #38
Merged pull requests:
- Release 4.1.0 #71 (ignaciojonas)
- Use JSON (result.body) for exception messages in requests #67 (ianks)
- fixed rails api doesn't start, now impersionated links works with v2 #62 (Amialc)
- Add api v2 log endpoints to the gem #59 (LindseyB)
v4.0.0 (2016-02-12)
Closed issues:
Merged pull requests:
- V2 - Rebased to Master #53 (ignaciojonas)
- V2 - Auth Endpoints + Gem deployment #50 (ignaciojonas)
- Documentation Style #49 (ignaciojonas)
- Update License #48 (aguerere)
- API v2 Implementation #46 (ignaciojonas)
- Refresh token delegation #43 (LindseyB)
- Fix tests to make build green #41 (leosoubeste)
- Rubocop Integration #39 (ignaciojonas)
- Remove semi-colons in README #37 (l4u)
v3.6.1 (2015-07-09)
Merged pull requests:
- set the search engine if a query is set #36 (taylorfinnell)
- email validation is broken by _, which breaks the tests #35 (taylorfinnell)
v3.6.0 (2015-06-01)
Merged pull requests:
- Remove exclude_fields parameter for getting users #34 (hzalaz)
- Add connections #33 (taylorfinnell)
- Use client header spec as per documentation #32 (benschwarz)
v3.5.0 (2015-05-21)
Merged pull requests:
- Client information headers #31 (benschwarz)
v3.4.0 (2015-05-07)
Closed issues:
Merged pull requests:
- allow setting impersonation ttl #30 (seamusabshere)
- Fix broken link in README #28 (dentarg)
v3.3.0 (2015-04-15)
Closed issues:
- AuthenticationEndpoints should be independent of the V1/V2 API #20
- Typo in AuthenticationEndpoints.login #17
- Remove generated docs #14
- Remove the examples directory from this repository #4
Merged pull requests:
- Chore integration tests #27 (hzalaz)
- allow to pass extra parameters to delegation method #23 (Maxim-Filimonov)
v3.2.0 (2015-04-14)
Merged pull requests:
- Impersonation #26 (dentarg)
- Allow to set api_type to use with salesforce_api #25 (Maxim-Filimonov)
- Fixed few issues from issues list #22 (offtop)
- Update readme.md api v2 basic usage example #19 (ethancrawford)
- fix token initialization to prevent nil token value #18 (ethancrawford)
- Make the client work for API v1 #13 (dentarg)
- Fix typo delegation signature; open_id => openid #12 (dentarg)
- Make the tests run on Travis CI #11 (dentarg)
- Added support for API V1 and API V2 #9 (offtop)
- Update README.md #8 (pose)
- Make delete user safe #5 (dentarg)
- Remove the omniauth strategy #3 (dentarg)
- Fix rspec deprecation warning #2 (dentarg)
- Add method to access delegation endpoint #1 (FrancisPlaza)
* This Change Log was automatically generated by github_changelog_generator