Release 5.7.0 (#863)

⚠️ **Breaking Changes**
- `identifiers` parameter removed from `branding.update()`;
`identifiers` field removed from `GetBrandingResponseContent` and
`UpdateBrandingResponseContent`. The following types are no longer
exported from auth0.management.types: `BrandingIdentifiers`,
`UpdateBrandingIdentifiers`, `BrandingPhoneDisplay`,
`UpdateBrandingPhoneDisplay`, `BrandingLoginDisplayEnum`,
`BrandingPhoneFormattingEnum`, `BrandingPhoneMaskingEnum`,
`UpdateBrandingLoginDisplayEnum`, `UpdateBrandingPhoneFormattingEnum`,
`UpdateBrandingPhoneMaskingEnum`. These settings now live exclusively on
the theme resource (`PATCH /api/v2/branding/themes/{id}`)
[\#860](#860)
([fern-api[bot]](https://github.com/apps/fern-api))
- `id` was a required `str` on `PhoneTemplate`,
`GetPhoneTemplateResponseContent`, `CreatePhoneTemplateResponseContent`,
`UpdatePhoneTemplateResponseContent`, and
`ResetPhoneTemplateResponseContent`. It is now `Optional[str]`. Code
that accesses `.id` without a `None` check will require updating
[\#860](#860)
([fern-api[bot]](https://github.com/apps/fern-api))

**Added**
- feat: `security_headers` (`TenantSettingsNullableSecurityHeaders`, CSP
+ XSS protection config), `country_codes`
(`TenantSettingsCountryCodesResponse`, phone identifier allow/deny
list), and `include_session_metadata_in_tenant_logs` (`bool`) added to
`GetTenantSettingsResponseContent` and
`UpdateTenantSettingsResponseContent`
[\#860](#860)
([fern-api[bot]](https://github.com/apps/fern-api))
- feat: `id_token_session_expiry_supported`
(`ConnectionIdTokenSessionExpirySupported`) added to
`ConnectionOptionsCommonOidc` and `UpdateConnectionOptions`
[\#860](#860)
([fern-api[bot]](https://github.com/apps/fern-api))
- feat: new `invitation_landing_client_id` Optional field added to
`ClientMyOrganizationPostConfiguration`,
`ClientMyOrganizationPatchConfiguration`, and
`ClientMyOrganizationResponseConfiguration` - available on `POST
/clients`, `PATCH /clients/{id}`, `GET /clients`, and `GET
/clients/{id}` [\#860](#860)
([fern-api[bot]](https://github.com/apps/fern-api))

**Fixed**
- fix: `GET /client-grants/{id}/organizations` — added `404` handling;
raises `NotFoundError` when the grant does not exist (was previously an
unhandled parse error)
[\#860](#860)
([fern-api[bot]](https://github.com/apps/fern-api))
- fix: `PATCH /token-exchange-profiles/{id}` — added `409` handling;
raises `ConflictError` when a profile with the same `subject_token_type`
already exists (was previously an unhandled parse error)
[\#860](#860)
([fern-api[bot]](https://github.com/apps/fern-api))

Release 5.6.0 (#855)

### Changes

**Added**
- feat: rate_limit_policies client with full CRUD: list, create, get,
update, delete [\#853](#853)
([fern-api[bot]](https://github.com/apps/fern-api))
- feat: Response Types: RateLimitPolicyConfigurationZero (allow),
RateLimitPolicyConfigurationOne (block/log + limit),
RateLimitPolicyConfigurationAction (redirect + limit + redirect_uri),
RateLimitPolicy [\#853](#853)
([fern-api[bot]](https://github.com/apps/fern-api))
- feat: OAuth scopes: create:rate_limit_policies,
read:rate_limit_policies, update:rate_limit_policies,
delete:rate_limit_policies
[\#853](#853)
([fern-api[bot]](https://github.com/apps/fern-api))
- feat: Support for groups.roles — list, create, delete
[\#853](#853)
([fern-api[bot]](https://github.com/apps/fern-api))
- feat: Support for roles.groups — get, create, delete
[\#853](#853)
([fern-api[bot]](https://github.com/apps/fern-api))
- feat: Support for users.effective_roles /
users.effective_roles.sources.groups
[\#853](#853)
([fern-api[bot]](https://github.com/apps/fern-api))
- feat: Support for users.effective_permissions /
users.effective_permissions.sources.roles
[\#853](#853)
([fern-api[bot]](https://github.com/apps/fern-api))
- feat: Support for organizations.groups — list
[\#853](#853)
([fern-api[bot]](https://github.com/apps/fern-api))
- feat: Support for organizations.groups.roles — list, create, delete
[\#853](#853)
([fern-api[bot]](https://github.com/apps/fern-api))
- feat: Support for organizations.members.effective_roles /
organizations.members.effective_roles.sources.groups
[\#853](#853)
([fern-api[bot]](https://github.com/apps/fern-api))
- feat: Types for SCIM Groups: effective role/permission response types,
org-member effective role types, paginated list wrappers, source enum
discriminators [\#853](#853)
([fern-api[bot]](https://github.com/apps/fern-api))
- feat: OAuth scopes: create/read/delete:group_roles,
read:organization_groups, create/read/delete:organization_group_roles,
read:organization_member_effective_roles,
read:organization_member_role_source_groups, read:user_effective_roles,
read:user_role_source_groups, read:user_effective_permissions,
read:user_permission_source_roles
[\#853](#853)
([fern-api[bot]](https://github.com/apps/fern-api))

**Changed**
* ConnectionPropertiesOptions — dpop_signing_alg field added (write path
for POST /api/v2/connections)
[\#853](#853)
([fern-api[bot]](https://github.com/apps/fern-api))
* UpdateConnectionOptions — dpop_signing_alg field added (write path for
PATCH /api/v2/connections/{id})
[\#853](#853)
([fern-api[bot]](https://github.com/apps/fern-api))

Release 5.5.0 (#851)

**⚠️ Breaking: Python 3.9 support dropped**
- Python 3.9 reached end-of-life in October 2025. This release requires
**Python >=3.10**. Users on Python 3.9 should remain on v5.4.0 until
they upgrade their Python version.
[\#843](#843)
([developerkunal](https://github.com/developerkunal))

**Added**
- feat: configurable max_retries parameter to Auth0 and AsyncAuth0
clients (defaults to 2 with exponential backoff)
[\#841](#841)
([fern-api[bot]](https://github.com/apps/fern-api))
- feat: New error types: BadRequestSchema, ForbiddenSchema,
UnauthorizedSchema, TooManyRequestsSchema
[\#841](#841)
([fern-api[bot]](https://github.com/apps/fern-api))
- feat: New types: FedCmLogin, FedCmLoginGoogle,
CredentialDeviceTypeEnum
[\#841](#841)
([fern-api[bot]](https://github.com/apps/fern-api))
- Extended user_authentication_method and resource_server response types
with additional fields
[\#841](#841)
([fern-api[bot]](https://github.com/apps/fern-api))
- Expanded clients, refresh_tokens, resource_servers, tickets, and
users/authentication_methods endpoint parameters

**Changed**
- Updated connection types with additional validation fields
[\#841](#841)
([fern-api[bot]](https://github.com/apps/fern-api))

[fern-generated] SDK regeneration

Release 5.4.0 (#838)

**Added**
- chore: Add events module, async token support, and connection retry
resilience [\#835](#835)
([fern-api[bot]](https://github.com/apps/fern-api))

**Changed**
- [fern-replay] Initialize Replay for SDK customizations
[\#833](#833)
([fern-api[bot]](https://github.com/apps/fern-api),
[developerkunal](https://github.com/developerkunal))

**Fixed**
- fix: Add top-level `py.typed` marker to resolve IDE import errors
[\#829](#829)
([kishore7snehil](https://github.com/kishore7snehil))

Release 5.3.0 (#817)

**Added**
- feat: Add CIMD support, organization connections, group deletion,
refresh token listing; remove AOL/Flickr/Yammer providers
[\#816](#816)
([fern-api[bot]](https://github.com/apps/fern-api))
- feat:Add `Auth0-Custom-Domain` header support for Multiple Custom
Domains (MCD) [\#799](#799)
([kishore7snehil](https://github.com/kishore7snehil))

Release 5.2.0 (#813)

**⚠️ Breaking: Python 3.8 support dropped**
- Python 3.8 reached end-of-life in October 2024. This release requires
**Python >=3.9.2**. Users on Python 3.8 should remain on v5.1.0 until
they upgrade their Python version.
[\#808](#808)

**Added**
- feat: Add default domain endpoints, connection key provisioning,
tenant SCIM listing; remove MiiCard/Renren providers
[\#801](#801)
([fern-api[bot]](https://github.com/apps/fern-api))
- feat: Add client_info support for custom telemetry in Authentication
and Management clients
[\#802](#802)
([kishore7snehil](https://github.com/kishore7snehil))
- feat: Add SDK logging infrastructure with configurable log levels and
header redaction [\#785](#785)
([fern-api[bot]](https://github.com/apps/fern-api))

**Fixed**
- fix: Pagination page advancement incorrectly skipping pages
[\#785](#785)
([fern-api[bot]](https://github.com/apps/fern-api))

**Changed**
- chore: Update ruff, aiohttp, cryptography, urllib3, codecov-action;
replace Snyk with SCA scan
[\#808](#808)
([kishore7snehil](https://github.com/kishore7snehil))

Release 5.1.0 (#780)

**Fixed**

- fix: Remove placeholder defaults from optional parameters + additional
updates [\#778](#778)
([fern-api[bot]](https://github.com/apps/fern-api))

Release 5.0.0 (#774)

# Release v5.0.0 🎉

## Overview

This PR prepares the **stable v5.0.0 release** of the Auth0 Python SDK -
a complete rewrite with significant improvements and breaking changes
from v4.x.

## Changes in this PR

- Updated `.version` file from `5.0.0b0` to `5.0.0`
- Updated `pyproject.toml` package version to `5.0.0`
- Added comprehensive v5.0.0 release notes to `CHANGELOG.md`
- Updated `README.md` with v5.0.0 installation instructions

## What's New in v5.0.0

### ⚠️ BREAKING CHANGES - Major Rewrite

This is a complete rewrite of the Auth0 Python SDK with significant
breaking changes from v4.x. Users will need to update their code when
migrating from v4.x to v5.0.0.

### Added Features

- **New Fern-generated SDK**: Complete Management API rewrite generated
from Auth0's OpenAPI specifications
- **Hierarchical package structure**: Organized Management APIs into
logical sub-clients for better discoverability
- **Strongly typed interfaces**: Pydantic models provide specific
request/response types replacing generic dictionaries
- **Automatic token management**: Built-in client credentials handling
with automatic token refresh
- **Enhanced pagination**: New `SyncPager` and `AsyncPager` classes for
easy iteration over paginated results
- **First-class async support**: Full async/await support with
`AsyncManagementClient`
- **Better IDE support**: Improved code completion, type hints, and
inline documentation

### Key Breaking Changes

- **Import paths** changed from `from auth0.management import Auth0` to
`from auth0.management import ManagementClient`
- **Client initialization** changed from `Auth0(domain,
management_token)` to `ManagementClient(domain, client_id,
client_secret)` with automatic token management
- **Response types** changed from dictionaries to Pydantic models (use
`.model_dump()` to convert back to dict)
- **Method organization** changed from flat (`client.users.list()`) to
hierarchical where applicable
- **Pagination parameters** changed - some endpoints use `per_page`,
others use `take`
- **Python version** requirement increased from ≥3.7 to ≥3.8
- **Error handling** changed from `Auth0Error` to `ApiError` base class

## Migration Example

### Before (v4):

```python
from auth0.management import Auth0

# Initialize with management token
mgmt = Auth0(
    domain='your-tenant.auth0.com',
    token='YOUR_MGMT_API_TOKEN'
)

# List clients - returns list of dicts
clients = mgmt.clients.all()

for client in clients:
    print(client['name'])  # Dictionary access
```

### After (v5):

```python
from auth0.management import ManagementClient

# Initialize with client credentials (automatic token management)
client = ManagementClient(
    domain='your-tenant.auth0.com',
    client_id='YOUR_CLIENT_ID',
    client_secret='YOUR_CLIENT_SECRET'
)

# List clients - returns SyncPager of Pydantic models
clients = client.clients.list(per_page=50)

for client_obj in clients:
    print(client_obj.name)  # Pydantic model attribute access

    # Convert to dict if needed
    client_dict = client_obj.model_dump()
```

## Important Notes

- ✅ The `authentication` package is **NOT affected** by these changes.
Authentication APIs remain the same between v4 and v5.
- 📚 Complete migration guide available at
[v5_MIGRATION_GUIDE.md](https://github.com/auth0/auth0-python/blob/master/v5_MIGRATION_GUIDE.md)
- 🎯 This is the stable GA release following v5.0.0-beta.0
- 🔧 Auth0 telemetry headers implemented with dynamic versioning (no
manual updates needed)
- 📖 Full API reference available at
[reference.md](https://github.com/auth0/auth0-python/blob/master/reference.md)

## Testing

- ✅ All 389 wire tests passing
- ✅ Integration tests verified with live Auth0 tenant
- ✅ Both Authentication and Management APIs tested successfully
- ✅ Async clients tested and verified

Release 5.0.0b0 (#766)

# Auth0 Python SDK v5.0.0b0

⚠️ **BREAKING CHANGES - Major Rewrite**

This is a beta release of the upcoming major version. It introduces
breaking changes, particularly in the Management API client. Please
refer to the [v5 Migration
Guide](https://github.com/auth0/auth0-python/blob/v5/v5_MIGRATION_GUIDE.md)
for detailed upgrade instructions.

---

##  ✍️ What's New

- ✨ **OpenAPI-Generated**: Complete rewrite generated from Auth0's
OpenAPI specifications using [Fern](https://buildwithfern.com)
- 📦 **Better Organization**: Hierarchical package structure with logical
sub-clients for improved discoverability
- 🔒 **Type Safety**: Strongly typed request/response objects using
Pydantic replace generic dictionaries
- ✨ **Enhanced Developer Experience**: Better IntelliSense, code
completion, and documentation
- 🚀 **Future-Proof**: Easier maintenance and updates as Auth0's API
evolves
- ⚡ **Async Support**: First-class async client with `AsyncAuth0` and
`AsyncManagementClient`
- 📄 **Automatic Pagination**: Built-in pagination support with
`include_totals=True` by default

---

## 💥 Breaking Changes

### Python Version Support

- The SDK now requires **Python ≥3.8**
- Support for Python 3.7 has been dropped

### Management API Client Redesign

- The Management API client has been **fully restructured** using Fern
for code generation
- Methods are now organized into **modular sub-clients**, improving
structure and maintainability
- **Method names and signatures have changed**, adopting consistent and
predictable naming conventions
- **Pagination defaults changed**: `include_totals=True` is now the
default for list operations
- These changes are **not backward compatible** with the v4.x client

### Import Changes

| Change | v4.x | v5.0.0 |
|--------|------|--------|
| **Management Client** | `from auth0.management import Auth0` | `from
auth0.management import Auth0` or `ManagementClient` |
| **Async Client** | Not available | `from auth0.management import
AsyncAuth0` or `AsyncManagementClient` |
| **Error Handling** | `from auth0.exceptions import Auth0Error` | `from
auth0.management.core.api_error import ApiError` |
| **Authentication** | `from auth0.authentication import GetToken` |
`from auth0.authentication import GetToken` (unchanged) |

---

## 📝 Quick Migration Example

### Before (v4.x):

```python
from auth0.management import Auth0

# Initialize with full base URL
mgmt_api = Auth0(
    domain='YOUR_DOMAIN.auth0.com',
    token='YOUR_TOKEN'
)

# List users with explicit pagination
users = mgmt_api.users.list(
    page=0,
    per_page=50,
    include_totals=True  # Must specify explicitly
)

# Generic dictionary responses
for user in users['users']:
    print(user['email'])
```

### After (v5.0.0):

```python
from auth0.management import ManagementClient

# Simpler initialization - just domain
client = ManagementClient(
    domain='YOUR_DOMAIN.auth0.com',
    token='YOUR_TOKEN'
)

# Or with automatic token management
client = ManagementClient(
    domain='YOUR_DOMAIN.auth0.com',
    client_id='YOUR_CLIENT_ID',
    client_secret='YOUR_CLIENT_SECRET'
)

# Pagination with include_totals=True by default
response = client.users.list(
    page=0,
    per_page=50
)

# Strongly-typed Pydantic models
for user in response.users:
    print(user.email)  # Type-safe attribute access
```

---

## 🔧 Migration Steps

1. **Update imports**: Change import paths as shown in the table above
2. **Client initialization**: Use `ManagementClient` with just `domain`
instead of full `base_url`
3. **Update method calls**: Review method signatures - many have changed
for consistency
4. **Handle responses**: Access response data as attributes (Pydantic
models) instead of dictionary keys
5. **Error handling**: Catch `ApiError` instead of `Auth0Error` for
Management API errors
6. **Pagination**: `include_totals` now defaults to `True` - adjust if
you relied on `False`
7. **Async support**: Use `AsyncManagementClient` or `AsyncAuth0` for
async operations

---

## ✅ What's NOT Affected

**The `authentication` package remains fully compatible!** All
authentication APIs work the same way between v4.x and v5.0.0:

- ✅ `GetToken` - Client credentials, authorization code flows
- ✅ `Database` - User signup and authentication
- ✅ `Passwordless` - Passwordless authentication
- ✅ `Users` - User authentication operations
- ✅ Token verification and validation

---

## 📚 Resources

- **[Migration
Guide](https://github.com/auth0/auth0-python/blob/v5/v5_MIGRATION_GUIDE.md)**:
Detailed migration instructions
- **[API
Reference](https://github.com/auth0/auth0-python/blob/v5/reference.md)**:
Complete API documentation
- **[README](https://github.com/auth0/auth0-python/blob/v5/README.md)**:
Updated examples and usage guide

---

## ⚠️ Beta Release

This is a beta release. While core functionality is stable, minor API
adjustments may occur before the final v5.0.0 release. Please test
thoroughly and provide feedback!

---

## 📦 Installation

```bash
pip install auth0-python==5.0.0b0
```

Or add to your
[requirements.txt](cci:7://file:///Users/snehil.kishore/Desktop/Python/auth0-python/requirements.txt:0:0-0:0):
```
auth0-python>=5.0.0b0,<6.0.0
```

---