After June 9, 2022, Auth0 will enforce hostname validation for all requests to authentication endpoints.
Previously, it's possible to authenticate staging application using production endpoint (tvlk.auth0.com) or vice versa.
This will not be allowed after June 9th
Example of current state (allowed):
POST https://tvlk.auth0.com/oauth/token
grant_type=...&client_id=<staging_client_id>&...
Example of future state (After June 9th):
POST https://tvlk-dev.auth0.com/oauth/token
grant_type=...&client_id=<staging_client_id>&...
All product teams that use Auth0 machine to machine authentication. Example APIs that use m2m: tracking v2, auth0 authorization management
We've fetched last 7 days dep note warning from logs. Here is App List that still use invalid domain hostname. If your client is in the list, please update your config and mark status as done in the spreadsheet. Valid domain hostname:
staging: https://tvlk-dev.auth0.com
production: https://tvlk.auth0.com
To make sure not cause an issue in your service because unable to authenticate to auth0.
June 8, 2022, Deadline update for production tenant
June 9, 2022, Auth0 hostname validation enforcement
Please contact @anggam if you have any question or concerns.
Auth0 Notice: https://auth0.com/docs/troubleshoot/product-lifecycle/deprecations-and-migrations/tenant-hostname-migration
Regards,
@anggam, on behalf of the Content & Tools Infra Team.