Added

• Add support for authorization_policy on the Auth0 My Account API resource server, enabling ACR (Authentication Context Class Reference) policy configuration via Deploy CLI. [#1381]
• Add Google Workspace inbound group sync support to directory provisioning configuration. [#1380]

Fixed

• Fix keyword replacement mappings (e.g. ##ENV##) not being applied to theme.json during import. [#1379]

Added

• Add support for Third Party Apps CORE EA Release 1 properties, including updated clientGrants matching and clients schema handling. [#1372]
• Add support for additional signing algorithms (token_endpoint_auth_signing_alg, id_token_signed_response_algs) in OIDC and Okta enterprise connections. [#1375]

Fixed

• Fix Deploy CLI hanging indefinitely when importing 3 or more actions that reference action modules, caused by a deadlock in the shared rate-limiting pool. [#1374]

Added

• Add support for CIMD client registration via external_client_id, allowing clients to be registered from an OAuth 2.0 Client ID Metadata Document. [#1369]
• Add on_behalf_of_token_exchange to supported token_exchange.allow_any_profile_of_type values for clients. [#1366]
• Add Flexible Password Policy support for database connections. [#1362]
• Add My Org client references support and expand organization connection sync. [#1367]
• Add dry-run mode (GA) with --dry-run, --dry-run --interactive, and --dry-run --apply flags. [#1336]

Fixed

• Fix silent process exit when deploying 3+ organizations with discovery domains. [#1354]
• Fix organization creation response handling and add ID validation. [#1365]
• Fix undefined enabled_clients handling in getEnabledClients. [#1364]
• Fix unresolved keyword placeholders being sent in API payloads before deploy. [#1360]

Added

• Add support for is_default on customDomains. [#1330]
• Add AUTH0_EXPORT_ORDERED config property and --export_ordered flag for stable exports. [#1335]

Fixed

• Fix clientGrants matching when multiple grants share the same client_id and audience. [#1341]

Added

• Add support for passkey enrollment in prompts partials. [#1328]
• Add support for dpop_signing_alg validation in OIDC and Okta connections. [#1343]

Fixed

• Fix action module fetching logic to resolve correct module IDs. [#1340]
• Fix AUTH0_EXCLUDED_* options not respected during export. [#1342]

Fixed

• Fix Universal Login Authentication Profile reverting to Identifier+Password after import when branding is included. [#1333]
• Fix efficiency and reliability of fetching enabled_clients for connections. [#1334]

Fixed

• Fix false-positive deprecation warning for cross_origin_auth when cross_origin_authentication is correctly used in config. [#1322]

Fixed

• Fix bad request error when no emailProvider is configured. [#1321]
• Fix enabled_clients pagination for connections. [#1320]

Added

• Add DPoP support for proof-of-possession mechanism in resourceServers (GA) [#1311]
• Add supplemental signals configuration for Akamai integration.(EA) [#1310]

Added

• Add support for managing action-modules.(EA) [#1302]
• Add support for managing modules in actions.(EA) [#1302]