Release 3.11.0 · auth0/wordpress

Notes on this release

Lock was updated from 11.15 to 11.16. The option to display social connections in small styled buttons is no longer available due to branding compliance reasons with third party identity providers. All the social connections will now be displayed as large styled buttons.
New installs using user migration will now have a namespaced user ID returned to Auth0 on first login. If you have or plan on having multiple custom databases, please see the User Migration documentation for more information. New installs will also use configuration variables instead of hard-coded values for the URL, migration token, and user namespace.
The WordPress core login override has been refactored to improve the user experience and overall security.
Added more complete ID token validation during login.
Sites using VIP Go are now able to use MFA.
Fixed a bug that prevented sites using user migration from changing the WordPress user's email.

Closed issues

Added

Changed

Deprecated

Fixed

Fix VIP Go MFA screen #689 (joshcanhelp)
Namespace user IDs and use DB configuration for new user migration installs #681 (joshcanhelp)
Use existing migration token during setup #676 (joshcanhelp)
Fix Auth0 logout redirect #675 (joshcanhelp)
Check for email update in migration-ws-get-user endpoint #674 (joshcanhelp)

Security

Provide feedback