Releases: auth0/ruby-auth0
v5.19.0
v6.0.0.beta.0
⚠️ This is a beta release. It introduces breaking changes to the Management API. The Authentication API is unchanged. Please consult the v6 Migration Guide for detailed upgrade instructions.
🚀 What's New
This release marks a major milestone for the Auth0 Ruby SDK: the Management API client has been completely rewritten using the Fern code generation tool, built directly from the Auth0 OpenAPI specification. This delivers complete, always-up-to-date API coverage with full type safety.
✨ Highlights
- 🏗️ Auto-generated Management API - Rebuilt from the Auth0 OpenAPI spec using Fern, ensuring complete endpoint coverage and consistency with the API
- 🔒 Strongly-typed responses - API methods return typed response objects with accessor methods instead of raw hashes
- 📄 Built-in pagination - List methods return iterators that automatically fetch pages as you iterate with
each - 🔑 Automatic token management -
Auth0::Clienthandles OAuth 2.0 client credentials grant and token refresh out of the box - ⚡ Built-in retry - Automatic retries with exponential backoff for rate-limited (429) responses
- 🛡️ Exception-driven error handling - Non-2xx responses raise typed exceptions (
Auth0::Errors::NotFoundError, etc.) instead of returning error hashes
🔄 What's Changed
The Authentication API is ported from v5 with identical interface. Login, signup, token exchange, passwordless, and MFA flows all work the same way.
The Management API has breaking changes:
| Area | v5 | v6 |
|---|---|---|
| Client | Auth0Client.new(...) |
Auth0::Client.new(domain:, client_id:, client_secret:) |
| Sub-client access | client.users(...) |
client.users.list(...) |
| Responses | Raw hashes / arrays | Typed objects (user.email, user.user_id) |
| Pagination | Manual page param |
client.users.list.each { |u| ... } |
| Error handling | Check response hash | rescue Auth0::Errors::NotFoundError |
| HTTP client | rest-client |
net/http (internal) |
📦 Installation
# Gemfile
gem "auth0", "6.0.0.beta.0"or
gem install auth0 --preRunning
gem install auth0without--prewill install the latest stable v5 release.
🔧 Quick Start
require "auth0"
client = Auth0::Client.new(
domain: "tenant.auth0.com",
client_id: "CLIENT_ID",
client_secret: "CLIENT_SECRET"
)
# List users with automatic pagination
client.users.list(per_page: 50, include_totals: true).each do |user|
puts user.email
end📚 Resources
⚠️ Breaking Changes
- Management API client rewritten using Fern code generation
Auth0Clientreplaced byAuth0::Client- Management API methods accessed via namespaced sub-clients
- API methods return typed response objects instead of hashes
- List methods return paginated iterators instead of arrays
- Non-2xx responses raise typed exceptions automatically
rest-clientdependency removed; usesnet/httpinternally- Minimum Ruby version raised to 3.3
🙏 Feedback
This is a beta release - we would love your feedback! Please open an issue if you encounter any problems or have suggestions.
v5.18.1
Fixed
- Fixed a bug where passing an array as a request payload would delete its contents, causing API calls with array parameters to silently send empty data. (#697)
Changed
- Updated
zachefrom 0.13.2 to 0.15.2 - Updated
jwtfrom 2.9.3 to 2.10.2 - Updated
addressablefrom 2.8.7 to 2.8.8
Security
- Removed unused
coverallsandirbdev dependencies, eliminating OS Command Injection vulnerability inthorintroduced transitively viacoveralls - Replaced
dotenv-railswith standalonedotenv, removing the full Rails transitive dependency chain and resolving 5 XSS vulnerabilities inrails-html-sanitizer - Upgraded
rexmlto 3.4.4 (viasimplecov-coberturaandwebmockupgrades) to fix XML Entity Expansion vulnerability
v5.18.0
v5.17.0
Added
- Add user session management API calls #588 (wjohnstondrip)
v5.16.0
Added
- [SDK-4546] Add orgs in client credentials support #540 (adamjmcgrath)
v5.15.0
Added
- SDK-4659 Add fields to get_organizations_members #532 (adamjmcgrath)
