3.8.0

Full Changelog

Notes on this release

• Administrators can now mark certain strategies as able to skip email verification. This is typically used for Enterprise strategies that do not provide an email verification flag. This should be used sparingly and only for connections that do not provide this flag.
• Password changes for WordPress users now work properly and are rejected clearly if Auth0 rejects the change (typically because the password does not conform to the password policy). A current API token is not required but your Application does need to allow for a Client Credentials grant with the Management API (this configured for you by default, more information here).
• The wp-login.php page is no longer used for any callback processing. If you are using this page to process callbacks in a custom plugin or theme, please update to use the main callback URL for the implicit flow /index.php?auth0=implicit. In addition, users that are already logged in will be redirected to the default login page when accessing wp-login.php.
• Error logging has been improved in general, along with improvements to the error log display. Consecutive, duplicate errors are now combined, the error log now shows more entries, and entries can be cleared from the admin.
• The "Auto-Login" setting has been renamed to "Universal Login Page" and moved from the Advanced tab to the Features tab. The functionality is the same as before and will retain the existing setting.

Issues and PRs

Closed issues

• Plugin tries to create a user if they log in a different way #539
• Problems with implicit login in > 3.6 #536
• Add authorization token to header for external request #534
• Configuring auth0 OIDC URL parameters #521
• Single sign on shows the login username/password fields briefly before automatically signing in #508
• Better behavior when logged-in users visits wp-login.php #414
• Profile password update changes #375
• auth0 forgot password doesn't change WP password #310
• Woocommerce can't change user password #300

Added

• Update translation file #561 (joshcanhelp)
• Add Management API framework #537 (joshcanhelp)
• Update README, CONTRIBUTION, LICENSE, and Issue+PR templates #533 (joshcanhelp)
• Add filters for authorize URL and params, logout URL + tests #531 (joshcanhelp)
• Improve error log #530 (joshcanhelp)
• Add skip strategies setting and tests #528 (joshcanhelp)

Changed

• Update telemetry header #577 (joshcanhelp)
• Update JWT library #576 (joshcanhelp)
• Change deprecation error handling #574 (joshcanhelp)
• Fix tests to run in same process #565 (joshcanhelp)
• Rename the Auto Login setting to ULP; move to features tab #551 (joshcanhelp)
• Switch implicit flow to hybrid flow and correct Management API scopes #546 (joshcanhelp)
• Update README and version number for dev->master merge #543 (joshcanhelp)

Deprecated

• Deprecate unused rules JS #560 (joshcanhelp)
• Deprecate WP_Auth0_Email_Verification::ajax_resend_email #559 (joshcanhelp)
• Deprecate a0_render_message method #558 (joshcanhelp)
• Deprecate unused login methods and props #557 (joshcanhelp)
• Deprecate WP_Auth0_Options connection methods #556 (joshcanhelp)
• Deprecate WP_Auth0_Referer_Check #555 (joshcanhelp)
• Deprecate WP_Auth0_Metrics #554 (joshcanhelp)
• Deprecate WP_Auth0_InitialSetup_Signup, remove usage #553 (joshcanhelp)
• Deprecate methods in WP_Auth0_Api_Operations and related ones in WP_Auth0 #552 (joshcanhelp)
• Deprecate unused methods and classes for initial setup #550 (joshcanhelp)
• Deprecate unused methods in WP_Auth0_Api_Client #549 (joshcanhelp)
• Deprecations for WP_Auth0_EditProfile #548 (joshcanhelp)
• Deprecations for WP_Auth0_EditProfile #547 (joshcanhelp)

Fixed

• Fix label font-weight and migration token display #579 (joshcanhelp)
• Fix user profile saving #573 (joshcanhelp)
• Update phpcs script and dependent libs #572 (joshcanhelp)
• Move SSO checking into Lock init #570 (joshcanhelp)
• Fix migration token display to allow copying #540 (joshcanhelp)
• Change and improve user profile #532 (joshcanhelp)