|
1 | 1 | # Change Log |
2 | 2 |
|
| 3 | +## [6.0.0](https://github.com/auth0/auth0-python/tree/6.0.0) (2026-07-15) |
| 4 | +[Full Changelog](https://github.com/auth0/auth0-python/compare/5.8.0...6.0.0) |
| 5 | + |
| 6 | +### ⚠️ Breaking Changes |
| 7 | + |
| 8 | +- `ConnectionAttributeIdentifier` removed (no compatibility alias); split into three types. The `identifier` field on each attribute now points to its own type: |
| 9 | + - `EmailAttribute.identifier`: `EmailAttributeIdentifier` — `{active?, default_method?: DefaultMethodEmailIdentifierEnum}` (same shape as the old type; use this as the drop-in replacement). |
| 10 | + - `PhoneAttribute.identifier`: `PhoneAttributeIdentifier` — `{active?, default_method?: DefaultMethodPhoneNumberIdentifierEnum}`. |
| 11 | + - `UsernameAttribute.identifier`: `UsernameAttributeIdentifier` — `{active?}` (no `default_method`). |
| 12 | +- `PhoneProviderProtectionBackoffStrategyEnum`: `Literal["exponential", "none"]` → `Literal["exponential", "default"]`. Replace the value `"none"` with `"default"`. |
| 13 | +- `ListRolesOffsetPaginatedResponseContent.start` / `.limit` / `.total`: `Optional[float] = None` → required `float`. Deserializing a role-list response missing any of these now raises `pydantic.ValidationError`. |
| 14 | +- **Federated Connections Tokensets removed** — the `users.federated_connections_tokensets` client and its `list`/`delete` methods are removed, along with the `FederatedConnectionTokenSet` and `ConnectionFederatedConnectionsAccessTokens` types. |
| 15 | +- **`federated_connections_access_tokens` field removed** — this optional field is no longer present on `ConnectionOptionsAzureAd`, `ConnectionOptionsCommonOidc`, `ConnectionOptionsGoogleApps`, `ConnectionPropertiesOptions`, and `UpdateConnectionOptions`. |
| 16 | +- **OAuth scopes removed** — `read:federated_connections_tokens` and `delete:federated_connections_tokens` are no longer valid values of `OauthScope`. |
| 17 | +- **`ClientSessionTransferDelegationDeviceBindingEnum` narrowed** — the `"asn"` value is removed; the enum now only accepts `"ip"`. |
| 18 | + |
| 19 | +### New Endpoints |
| 20 | + |
| 21 | +- `organizations.roles.members.list(id=..., role_id=...)` (sync + async) → `GET /api/v2/organizations/{id}/roles/{role_id}/members`. New sub-clients `organizations.roles` and `organizations.roles.members`; response type `ListOrganizationRoleMembersResponseContent`, item type `RoleMember`. |
| 22 | + |
| 23 | +### Type Changes/Features |
| 24 | + |
| 25 | +- Organizations: `third_party_client_access: Optional[OrganizationThirdPartyClientAccessEnum]` (`Literal["block", "allow"]`) on `create()`/`update()` and all organization response types. |
| 26 | +- Organizations: new types `ListOrganizationRoleMembersResponseContent` and `RoleMember` (returned by the role-members endpoint above). |
| 27 | +- Grants: new `UserGrant.organization_id: Optional[str]` (read-only), via `GET /grants`. |
| 28 | +- Connections: `discovery_url` / `oidc_metadata` extended to `samlp` connections (previously OIDC-only), via new `ConnectionsDiscoveryUrl` / `ConnectionsOidcMetadata` on `ConnectionPropertiesOptions` and `UpdateConnectionOptions`. |
| 29 | +- Event Streams: new event-type values `connection.created`, `connection.deleted`, `connection.updated` on `EventStreamEventTypeEnum`, `EventStreamDeliveryEventTypeEnum`, `EventStreamSubscribeEventsEventTypeEnum`, `EventStreamTestEventTypeEnum`; new `EventStreamCloudEventConnection{Created,Deleted,Updated}*` payload types; new `EventStreamSubscribeEventsResponseContent`. |
| 30 | +- Token Vault: new `grants: Optional[List[TokenVaultPrivilegedAccessGrant]]` on the privileged-access credential/public-key types. `TokenVaultPrivilegedAccessGrant`: `{connection: str, scopes: List[str]}`. |
| 31 | +- New error body types: `NotFoundErrorBody`/`NotFoundErrorBodyError`, `TooManyRequestsErrorBody`/`TooManyRequestsErrorBodyError`. |
| 32 | +- CloudEvent `specversion`: `str` → `EventStreamCloudEventSpecVersionEnum` (`Literal["1.0"]` + `Any` fallback) across group/org/user CloudEvent types. |
| 33 | +- **`NetworkAclMatch`** — new optional `auth0_managed: Optional[List[str]]` field (serialized as `auth0_managed`), available on both the `match` and `not_match` rule blocks. This lets network ACL rules reference Auth0-managed lists when matching or excluding traffic. |
| 34 | + |
3 | 35 | ## [5.8.0](https://github.com/auth0/auth0-python/tree/5.8.0) (2026-06-29) |
4 | 36 | [Full Changelog](https://github.com/auth0/auth0-python/compare/5.7.0...5.8.0) |
5 | 37 |
|
|
0 commit comments