3.5.2

Please see Important Note on 3.5.0

Closed issues

• [Security] [URGENT] XSS injection error page #381
• Non-static method WP_Auth0_Api_Client::convertCertToPem() should not be called statically #380
• Notices in /lib/admin/WP_Auth0_Admin_Advanced.php #374
• SSO login failing when not using implicit flow #363
• "Override WordPress avatars" option doesn't appear to work with comments #355
• Change log is missing from readme.txt, the separate changelog file is not updated #346
• Uninstall doesn't remove all Auth0 database plugin entries #322
• Unable to save migration IPs whitelist #320
• 3.2.16 throws errors if Error Log is empty #285
• Login plugin form name incorrect #269

Changed

• Readme updates #392 (joshcanhelp)
• Changed error handling #384 (joshcanhelp)

Fixed

• Changing boolval() and array shorthand to PHP 5.3-compatable #402 (joshcanhelp)
• Fixed SSO auto-login in Lock #394 (joshcanhelp)
• Renaming un-deprecated function #393 (joshcanhelp)
• Cleanup PR for 3.5.2 #391 (joshcanhelp)
• Improved setup wizard client create process #389 (joshcanhelp)
• Deleting all added options and transients on uninstall #387 (joshcanhelp)
• Fixed wrong title and icon for login widget #385 (joshcanhelp)
• XSS in error query vars #383 (joshcanhelp)
• Fixed migration IPs being saved #382 (joshcanhelp)
• Fixed get_avatar hooked function to account for other user identifiers #376 (joshcanhelp)

3.5.1

Please see Important Note on 3.5.0

Fixed

• Fixed Client Grant Types during update #377 (joshcanhelp)

3.5.0

Important Note

This is a major update that requires changes to your Auth0 Dashboard to be completed. You can save a new API token in your Basic settings in wp-admin before upgrading and the changes will be made automatically during the update. Otherwise, please review your Client Settings, specifically Advanced > Grant Types, and authorize your Client for the Management API.

Changed

• updating CDN URLs for Lock and Auth.js #365 (joshcanhelp)
• Changing home_url() to site_url(), wp_login_url(), and wp_logout_url() #360 (joshcanhelp)

Fixed

• Changing algorithm for migration tokens #372 (joshcanhelp)
• Migration tokens only use HS256 #371 (joshcanhelp)
• Fixed automatic setup process for public sites #370 (joshcanhelp)
• Added use Management API for user data #368 (joshcanhelp)
• Fixing DB version upgrade #367 (joshcanhelp)
• Creating client_grant for management API #366 (joshcanhelp)
• Fixed login flow for new tenants, refactored verification email resend #364 (joshcanhelp)
• Fixed shortcode warning #362 (joshcanhelp)
• Fixing "Algorithm not allowed" error during user migration #361 (joshcanhelp)
• When activating using wp-cli the plugin should not redirect #344 (AubreyHewes)

3.4.0

Added

• Added Lock 11 / Auth0 9.0, Updated SSO, JWT Algorithm Upgrade Fixes #350 (cocojoe)
• Add RS256 support #331 (renrizzolo)

Fixed

• Switching wizard admin user creation to use /dbconnections/signup #356 (joshcanhelp)

3.3.2

Added

• Added translation support for a few user-facing exception messages #312 (idpaterson)

Changed

• Use literal 'wp-auth0' rather than WPA0_LANG constant #311 (idpaterson)

3.2.24

Changed

• More generous JWT leeway #332 (cocojoe)

Removed

• Remove client_id/secret validation since it is not allowed anymore #334 (glena)

3.2.23

Changed

• Update /authorize URL #326 (cocojoe)

3.2.22

Fixed

• Fixed migration for older plugins that use base64 secret #324 (cocojoe)

3.2.21

Added

• Improve redirect_login error logging, JWT leeway #317 (cocojoe)

Changed

• Expand internal login error with hint to disable base 64 encoding #318 (cocojoe)
• Disable base64_encoded by default #313 (thameera)

3.2.19: Merge pull request #299 from auth0/dev

v3.2.19: add auth0_get_auto_login_connection filter