All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
8.0.0 - 2024-10-21
- Auth0 v4.X migration
- The
delete
operation on theemailProvider
resource will disable the email provider instead of deleting it.
- Migration resource operation
-
Security fixes from dependencies
-
Node 18 LTS and newer LTS releases are supported.
Doc: v8 Migartion
7.24.3 - 2024-10-15
- Fix keyword replacement for
actions secrets
using the directory format #954 - Fix keyword replacement for
custom prompts
using the directory format #963
7.24.2 - 2024-08-28
- Add support for
login-passwordless
prompt onpartials
in prompts handler #946
- Fix
branding
templatepath
on export/import #943 - Fix docs for support
exclusions of individual resource
#944
7.24.1 - 2024-08-09
- Fix
branding
templatepath
on export/import as Yaml #939 - Fix
databases
handler to handleoptions
property correctly for flexible identifiers #937
7.24.0 - 2024-08-02
- Management support for
partials
inprompts
handler #930
- Reduced latency while performing
SCIM
CRUD operations #933
7.23.1 - 2024-07-19
- Fix
429
(too_many_requests
) and403
(insufficient_scope
) errors in the SCIM handler #925
7.23.0 - 2024-07-16
- Management support for
scim_configuration
in connections handler #921
7.22.1 - 2024-06-24
- Made
captcha_widget_theme
an optional field in thecolors
property within thethemes
schema #911
7.22.0 - 2024-06-21
- Management support for
is_signup_enabled
in organization connections #905 - Management support for
captcha_widget_theme
in theme colors #906
7.21.0 - 2024-02-08
show_as_button
management support for organization connections #889
- Strip
sink.azurePartnerTopic
field from payload when creating log stream #876
7.20.0 - 2023-11-29
- Relative path import support for actions directory handler #866
- Keyword preservation for wider array of resources #864
- Fetching clients if not defined when managing client grants in YAML format #865
7.19.0 - 2023-08-11
- Support for Private Key JWT authentication for authenticating with private key instead of client secret #817
- Process branding changes after theme changes to prevent delay in dashboard preview #836
- Handling eventual hooks and rules deprecation #838
- Overwrites occurring when preserving keywords within multiple client grants #837
7.18.0 - 2023-07-14
- Support for
password-reset-post-challenge
action trigger #818
- Runtime error when attempting to preserve keyword on null remote assets #822
- Respect email template
body
filepath definition #820
7.17.7 - 2023-07-07
- Delay processing of action triggers until deployed actions register #809
- Process custom domains prior to branding settings #811
7.17.6 - 2023-06-23
- Improve handling of custom text prompts, reducing high-volume errors and timeouts by leveraging connection pooling for controlled execution #804
7.17.5 - 2023-06-08
7.17.4 - 2023-06-06
- Prevent tenant flag "Additional properties not allowed" error by only updating publicly-available feature flags #797
7.17.3 - 2023-05-24
- Keyword preservation for client grant
audience
field #793
7.17.2 - 2023-04-19
- API error when no tenant flags defined #780
- Keyword preservation in a resource's identifier fields #784
7.17.1 - 2023-03-31
- Tenant-agnostic filenames for client grants if more than fifty clients and fifty resource servers #764
- Unintentional exclusion of clients when injecting access token via
AUTH0_ACCESS_TOKEN
#775
7.17.0 - 2023-03-03
- Keyword preservation on export to prevent overwriting of keyword markers in most instances. Enabled through the
AUTH0_PRESERVE_KEYWORDS
boolean configuration property. See also: Preserving Keywords on Export #738,#740,#741,#744,#745,#751,#754,#757,#758,#760
- Enabled wrapping of
@@ARRAY_REPLACE@@
keyword markers with single quotes in YAML resource configuration files #760
7.16.1 - 2023-02-07
- Exporting of multiple client grants for a single client when using directory format #729
- Tenant-agnostic client grant files when exporting using directory format #729
7.16.0 - 2023-02-01
AUTH0_INCLUDED_ONLY
configuration property to express sole management of certain resource types #726- Suspended log stream management support #725
- More descriptive errors when actions service is unavailable #724
- Remove configurable tenant
sandbox_version
property from readonly list #683 - Handling of undefined tenant
enabled_locales
property #727
7.15.2 - 2023-01-03
- Deletion of email provider when setting as empty object #673
- Upgraded
node-auth0
which addresses vulnerability reported forjsonwebtoken
package
7.15.1 - 2022-10-19
- Warning about future fix that enables deletion of email provider; no significant changes to functionality #672
- Returning all branding setting when using YAML #666
- Preventing empty
logo_url
from update tenant payload #667 - Loading actions between different operating systems #668
- Prevent writing undefined page templates files #671
7.15.0 - 2022-10-11
- Ignoring management of marketplace actions because they are unsupported by the Management API #660
- Allowing partial attack protection configurations #638
7.14.3 - 2022-08-24
- Reclassify select production dependencies as dev dependencies #626
- Allowing certain page templates configuration to be modified even when absent of HTML #629,#630
7.14.2 - 2022-08-01
- Allowing updating of branding themes when used in conjunction with
--export_ids
flag #603 - Halting deploy process if passwordless email template does not exist #617
7.14.1 - 2022-06-29
- Reverting unreplaced keyword mapping detection that would trigger some false-positives #597
7.14.0 - 2022-06-27
- Validation to detect unreplaced keyword mappings during import #591
- Detect and prevent
You are not allowed to set flag '<SOME_FLAG>' for this tenant.
errors when erroneously setting non-configurable migration flag #590 - Crash when attempting to create page templates from undefined value #592
7.13.1 - 2022-06-13
- Removing single usage of
flatMap
array method to prevent crashes with Node v10 #577
7.13.0 - 2022-06-06
- Themes support (if supported by tenant) #554
- Omit
enabled_clients
from connection payload if not defined in resource configuration files #563
7.12.3 - 2022-05-24
- Resource exclusion respected during import even if resource configuration exists #545
- Environment variables ingested by default #553
7.12.2 - 2022-05-17
- Properly handle all screen types within a prompt grouping #541
- Gracefully ignoring custom domains if not supported by tenant #542
7.12.1 - 2022-05-11
- Unable to deploy without branding settings feature #532
7.12.0 - 2022-05-10
- Prompts support (both prompts settings and custom text for prompts) #530
- Custom domains support #527
7.11.1 - 2022-05-04
- Deployment of newly-created actions always failing due to "A draft must be in the 'built' state" error #524
- Undefined
updateRule
Auth0 SDK alias replaced with operationalrules.update
#526
7.11.0 - 2022-04-28
- Intelligent scope detection, will skip resources when insufficient scope provided to designated application #517
- Inconsistencies between resource handlers with respect to empty, null and undefined values #512
7.10.0 - 2022-04-26
- Branding support for directory format #505
- More comprehensive support for deletions through
AUTH0_ALLOW_DELETE
#509
7.9.0 - 2022-04-19
- Log streams support #495
##
String keyword replacements now work when nested inside@@
array replacements #504
7.8.0 - 2022-04-14
- Type declarations for more seamless integration into Typescript projects when used as a module #485
- Updated Winston from 2.3.x to 3.3.0 which applies fix for theoretical prototype pollution vulnerability #497
7.7.1 - 2022-04-07
- Deprecation warnings for now deprecated asset-specific exclusion configuration properties:
AUTH0_EXCLUDED_RULES
,AUTH0_EXCLUDED_CLIENTS
,AUTH0_EXCLUDED_DATABASES
,AUTH0_EXCLUDED_CONNECTIONS
,AUTH0_EXCLUDED_RESOURCE_SERVERS
,AUTH0_EXCLUDED_DEFAULTS
. See Resource Exclusion Proposal for details. #481
- Rules configs failing to update after regression prevented asset-specific overrides of Node Auth0 SDK methods #482
- Attack protection not replacing keywords #478
7.7.0 - 2022-04-06
- Exclusion of entire resource types via the
AUTH0_EXCLUDED
configuration parameter. See Resource Exclusion Proposal for details. #468
idle_session_lifetime
andsession_lifetime
values properly ignored on update if inheriting default tenant values.#471
7.6.0 - 2022-03-25
- New branding template feature support #438
- Colliding
e
parameter alias betweenexport_ids
andenv
#453
7.5.2 - 2022-03-15
- Resetting this version to be latest on NPM
7.5.1 - 2022-03-11
- Updating dead link in logging output #436
- Fixing
--env
flag to properly dictate environment variable inheritance #432
7.5.0 - 2022-03-08
- Support for attack protection configuration management #428
- Excluded connection properties from getting deleted upon update #430
- Organizations in YAML format are skipped when not defined #388
7.4.0 - 2022-02-24
- Allowing @@ array variable replacement to work when wrapped in quotes #421
- Eliminated benign
client_metadata
warnings on import #416 - Fixing request abstraction from losing function scope, enabling Auth0 Node SDK updates #412
- Updating Auth0 Node SDK to 2.40.0 which fixes minor dependency vulnerability
7.3.7 - 2022-02-03
- Expose errors that may be silently missed in Actions #408
7.3.6 - 2022-02-02
- Fix errors caused by incompatibilities introduced by new versions of Auth0 SDK #406
7.3.5 - 2022-01-27
- Fix an error with the function context #403
7.3.4 - 2022-01-26
- Fix pagination #401
7.3.3 - 2022-01-26
- Fix pagination #400
- Security fixes from dependencies
7.3.2 - 2021-12-14
- Fixes dependency security issues
7.3.1 - 2021-09-21
- Error when authenticating with AUTH0_CLIENT_ID and AUTH0_CLIENT_SECRET with Node.js prior to v14
7.3.0 - 2021-09-20
- Allow set of AUTH0_AUDIENCE for custom domain #379 (credit @AliBazzi)
- Load file configured in customScripts for DB Connections #367 (credit @skukx)
- Security fixes from dependencies
7.2.1 - 2021-08-23
-
[IDS-3074] Updated structure when dumping orgs (#369)
Fixes an issue when exporting organizations as a directory, connections are not structured in the right way, causing the import to remove any connection on the organizations.
-
[DXEX-1721] Fix client metadata property deletion
Fixes an inconsistency between how we calculate changes on deep metadata-like objects and with how APIv2 expects such changes to be expressed when a property is deleted.
-
Bump js-yaml from 3.x to 4.x and move to kacl (#371)
This PR bumps js-yaml from 3.x to 4.x in accordance with its migration guide. This bump means that we're able to use the default safe behaviour for both exports and imports.
Notably, this means that we won't end up with values like !tag:yaml.org,2002:js/undefined '' that are not at all human friendly and were problematic when we used the .safeLoad functionality.
7.2.0 - 2021-07-14
- Add runtime property for actions #364
7.1.1 - 2021-06-23
- Export tools module
- Fix exception when actions is undefined #361
- yargs should not be called when required as a module
7.1.0 - 2021-06-23
- Actions refactoring and fixes #356
- Bump [email protected]
7.0.0 - 2021-06-11
- MFA-1174 Support Recovery Codes
- Support for organizations
- Prompt link to Auth0 Docs upon insufficient scope
- Removed dependency on
auth0-source-control-extension-tools
, the package is not part ofauth0-deploy-cli
- Removed dependency on
auth-extension-tools
- Dropped Node.js 8 support
- Upstream node registry
- Security fixes from dependencies
6.0.0 - 2020-12-28
- This release has been withdrawn
5.5.7 - 2021-05-19
- Add Support Recovery Codes by bumping [email protected]
5.5.6 - 2021-04-21
- Fix EXCLUDE_PROPS behaviour for connections and databases.
5.5.5 - 2021-03-26
- Broken dependencies on 4.5.x range of source-countrol-extension-tools because of organizations.
5.5.4 - 2021-03-12
- Remove limit on permissions in roles
5.5.3 - 2021-03-10
- Add webauthn platform as a supported factor
5.5.2 - 2021-03-10
- Fix pagination when computing changes
5.5.1 - 2021-03-03
- Fix issues with retrieving more than 50 roles
5.5.0 - 2021-01-28
- Add support for
verify_email_by_code
email template #309
5.3.2 - 2020-12-17
- Fix keyword mapping in client page templates [ESD-10528] #291
5.3.1 - 2020-11-16
- Fix report error exporting hooks by bumping [email protected] #289
- Add MFA factor webauthn-roaming support by bumping [email protected] #289
5.3.0 - 2020-11-05
- Return database
enabled_clients
in deterministic order #281
- Fix the structure of the example policies.json, and correct the guardianPolicies test to use
all-applications
instead ofall-application
#278 - Fix pagination for specific API calls by bumping [email protected] #287
5.2.1 - 2020-09-23
- Issue with client grants deleted when using AUTH0_EXCLUDED_CLIENTS
5.2.0 - 2020-09-17
- Always sort custom database scripts alphabetically
5.1.6 - 2020-09-15
- Add new line support to JSON files generated in directory dumps
- Move write file method to common util
- Update
auth0-source-control-extension-tools
5.1.5 - 2020-08-13
- The --proxy_url option should work properly now. (Although only on Node >= 10).
5.1.4 - 2020-08-12
- Connections disabled when the client is added AUTH0_EXCLUDED_CLIENTS list.
5.1.3 - 2020-08-04
- Many entities were not being fetched via the Paging API properly.
5.1.3 - 2020-08-04
- Many entities were not being fetched via the Paging API properly.
5.1.0 - 2020-07-09
- Add support for three guardian/MFA-related features:
- Guardian Policies
- Guardian Phone factor selected provider
- Guardian Phone factor message types
- Adds support for Migrations
5.0.0 - 2020-06-04
- Allow excluding default values for emailProvider with
AUTH0_EXCLUDED_DEFAULTS
#236
- [Breaking] Updated dependencies and deprecated support for Node versions earlier than 8 via babel@7 and dot-prop@5 #242
- pages: fix error when dumping error_page without html property #247
4.3.1 - 2020-05-20
- Fixed broken mkdirp package dependency
4.3.0 - 2020-05-18
-
Removed several unused dependencies:
- ajv
- e6-template-strings
- node-storage
- readline
- xregexp
4.2.2 - 2020-05-04
- Support for phone message hook added.
- Configurable connections directory with
AUTH0_CONNECTIONS_DIRECTORY
.
- Remove data from verify email example to prevent copy and paste misuse.
4.2.1 - 2020-04-06
- Fixed rules' reorder to avoid order collisions by updating
auth0-source-control-extension-tools
4.2.0 - 2020-03-28
- When importing SAML database connections, support client name in the
options.idpinitiated.client_id
property. - When exporting SAML database connections, convert client ID to client name.
4.1.0 - 2020-03-28
- When exporting a mailgun email provider, a placholder api key will be included in the export..
4.0.3 - 2020-03-18
- Programmatic usage will not complain about args. #215
4.0.2 - 2020-02-28
- Included Deploy CLI version number in User-Agent header.
- If no command line arguments are passed, the usage statement will be printed.
4.0.1 - 2020-02-05
- Update
auth0-source-control-extension-tools
- Fixed import and export errors when roles and hooks are not available
4.0.0 - 2020-01-29
- Add support for Hooks and Hook Secrets
- Update
auth0
,auth0-extension-tools
,auth0-source-control-extension-tools
, andjs-yaml
3.6.7 - 2020-01-08
- Fixed a crash when no roles are present in a tenant during an export
3.6.5 - 2019-12-19
- Add readonly flag
remove_stale_idp_attributes
3.6.4 - 2019-12-04
- Update
https-proxy-agent
andjs-yaml
3.6.3 - 2019-11-04
- Add
AUTH0_API_MAX_RETRIES
support
3.6.2 - 2019-10-18
- Fix mapping for passwordless email connection template
3.6.1 - 2019-09-27
- Removed
--verbose
option
3.6.0 - 2019-08-26
- Update
auth0-extension-tools
- Clear empty descriptions on roles
3.5.0 - 2019-08-14
- Ability to exclude connections and databases (AUTH0_EXCLUDED_CONNECTIONS & AUTH0_EXCLUDED_DATABASES)
- Excludes for yaml import
3.4.0 - 2019-07-15
- Load email template for passwordless email connection from external html file #124
- Load custom_login_page template for client from external html file #138
3.3.2 - 2019-07-11
- pin minor version of source-control-tools@~3.4.1
3.3.1 - 2019-06-13
allowed_clients
,allowed_logout_urls
,allowed_origins
andcallbacks
properties of theclient
can no longer be exported asnull
3.3.0 - 2019-04-22
- Support for roles and permissions export and import
3.2.0 - 2019-04-12
- Secrets (
rules configs
and databasesoptions.configuration
) can no longer be exported
3.1.3 - 2019-04-03
- Clearing empty tenant flags on
import
3.1.2 - 2019-03-22
3.1.1 - 2019-03-15
- Exit status code on error #107
3.1.0 - 2019-03-14
AUTH0_EXCLUDED_CLIENTS
option has been added to the config. Works similar toAUTH0_EXCLUDED_RULES
andAUTH0_EXCLUDED_RESOURCE_SERVERS
. #102
3.0.2 - 2019-03-12
- Remove empty
flags
property from tenant settings #104
3.0.1 - 2019-03-04
- fix readonly
flags.enable_sso
3.0.0 - 2019-03-04
- Options added to the config:
INCLUDED_PROPS
- enables export of properties that are excluded by default (e.g.client_secret
)EXCLUDED_PROPS
- provides ability to exclude any unwanted properties from exported objects
--strip
option has been removed fromexport
command. Now IDs will be stripped by default.AUTH0_EXPORT_IDENTIFIERS: true
or--export_ids
can be used to override.
2.3.3 - 2019-03-04
- backport readonly
flags.enable_sso
2.3.2 - 2019-03-02
- set
enable_sso
andsandbox_version
as readonly properties - alias
export = dump
andimport = deploy
for programmatic usage
2.3.1 - 2019-02-27
- convert non-integer
session_lifetime
to minutes #95 - update
auth0-source-control-extension-tools
- Fix email provider export
- Process empty arrays of databases
2.3.0 - 2019-02-21
- Empty arrays in the
tenant.yaml
(clients: []
) will now lead to deleting all relevant records from the tenant. #89 - Update environment variable explanation in READMEs. #90
- Sanitize file and folder names. #92
2.2.5 - 2019-02-04
- Fix for using the wrong proxy reference. #80
2.2.4 - 2019-01-17
- Added 'name' prop to pages examples #76
- Fix various schema validation issues. auth0-extensions/auth0-source-control-extension-tools PRs #52 thru #57
- Update package dependency which contains security vulnerabilities.