⚠️ Version 5.0 of our plugin is now available in Beta. This release adds a significant number of features, and includes breaking changes. We do not recommend using this release in a production environment yet, but your feedback and testing is appreciated.

New Features

• PHP 8.0 Support — The plugin has been redesigned to use PHP 8.0+ language features.
• Flexible Connection Matching — This allows users to sign in using multiple connections to the same account. For example, with this you can now sign in using your standard email-password, or social connections you've enabled. Any connection works so long as the authenticating account shares the same (verified) email address.
• Absentee Account Handling — You can now choose different behaviors for handling when a user signs in successfully, but an account doesn't exist matching the email. Although Auth0 Database Connections have always handled this well on the API side with the 'Disable Sign-Ups' toggle, social connections are trickier in cases where that option doesn't exist. You can now choose to deny those types of authentication requests, or dynamically create new accounts for those users.
• WP-Cron support — The plugin now leverages the WP background task scheduler to improve performance. Because real-time Management API calls can sometimes fail (rate limits, network congestion on one's hosting provider, etc.) we can now batch changes for WP customers with high traffic sites to more efficiently bring their CMS and Auth0 databases in sync.
• Session Pairing — WordPress sessions are not completely managed by the plugin, ensuring scenarios like token expiration and refresh tokens are honored and properly acted upon.
• PSR-18, PSR-17 and PSR-7 Support — All networking functions of the plugin have been rewritten to use the PHP-FIG standards for HTTP messaging. This also removes the library's dependency on Guzzle.
• WP_Object_Cache support — Caching now uses the native WP_Object_Cache API, for enhanced storage options through third-party plugins. In particular, this is now used for JWKS caching, enabling improved performance.

Breaking Changes

• PHP 8.0.0 is now the minimum supported version.
• Embedded login support has been deprecated, and Universal Login is now required.
• All auth0_ and a0_ prefixed functions have migrated into classes beneath the Auth0\WordPress namespace.
• All previous JWT processing using third-party libraries has been removed. This is now handled by Auth0's PHP SDK.
• Auth0\WordPress\Plugin handles the underlying Auth0-PHP SDK initialization and configuration.
• Auth0\WordPress\Actions\Authentication now handles all authentication functions, and acts as the core for the various WordPress hooks used throughout the system.
• Auth0\WordPress\Actions\Configuration now handles all Admin UI rendering functions. A new configuration database storage format has been established which will supersede the previous V4 method.
• Auth0\WordPress\Actions\Sync manages the new WP-Cron scheduled task functions.
• Sessions have been reworked to support the new Auth0 PHP SDK 8.0+ format.

Additional new features and changes may be added before this new version is released as stable.