Skip to content

feat: FedCM, Native Social Login, Connection Options support#883

Merged
tanya732 merged 2 commits into
masterfrom
fern-bot/2026-06-23T05-37-03Z
Jun 23, 2026
Merged

feat: FedCM, Native Social Login, Connection Options support#883
tanya732 merged 2 commits into
masterfrom
fern-bot/2026-06-23T05-37-03Z

Conversation

@fern-api

@fern-api fern-api Bot commented Jun 23, 2026
edited by tanya732
Loading

Copy link
Copy Markdown
Contributor

Summary

This PR regenerates the SDK (Fern) to surface newly released Management API fields across Clients and Connections.

Clients

Adds typed support for:

  • FedCM / Google One Tap login

    • fedcmLogin (FedCmLogin)

  • Native Social Login

    • nativeSocialLogin (NativeSocialLogin)

Affected models:

  • CreateClientRequestContent
  • GetClientResponseContent
  • UpdateClientResponseContent
  • Client

PATCH support is added via nullable patch models:

  • FedCmLoginPatch
  • FedCmLoginGooglePatch
  • NativeSocialLoginPatch

Connections

Adds typed support for:

Connection Attributes

New typed attribute configuration through:

  • ConnectionPropertiesOptions
  • UpdateConnectionOptions

Including:

  • email.identifier.defaultMethod
  • phone.identifier.defaultMethod
  • username.identifier.defaultMethod

via:

  • ConnectionAttributes
  • ConnectionAttributeIdentifier

OTP Authentication Methods

New typed support for:

  • email_otp
  • phone_otp

via:

  • ConnectionAuthenticationMethods

Session Expiry Support

Adds:

  • idTokenSessionExpirySupported

Supported only for:

  • OIDC connections
  • Okta connections

Cross-App Access

Adds:

  • CrossAppAccessRequestingApp

to:

  • ConnectionResponseContentOidc
  • ConnectionResponseContentOkta
  • Related connection request/response models

References

  • Google One Tap FedCM
  • Passwordless on DB Connections
  • GA Connection Endpoint Changes (Session Expiry Claim for OIDC/Okta)

Testing

Automated Testing

  • Existing wire tests pass.
  • New generated wire tests cover all newly added fields.

Tenant Prerequisites

Identifier First Login

The features require Identifier First Login to be enabled on the tenant for

  • email_otp
  • phone_otp

Additionally:

  • Must be configured on an auth0 (database) connection.

Without Identifier First enabled, the API returns:

operation_not_supported:
"OTP based authentication is only supported when Identifier First is enabled"

OIDC / Okta Session Expiry

id_token_session_expiry_supported is valid only for:

  • OIDC connections
  • Okta connections

OIDC connections additionally require provider configuration options such as:

  • client_id
  • client_secret
  • discovery_url
  • scope
  • type

These are supplied through additionalProperties.

Manual Testing Snippets

  • Fetch accessToken from the Auth0 dashboard or using AuthAPI
  • Create ManagementApi instance with access token
ManagementApi client = ManagementApi
    .builder()
    .url(audience)
    .token(accessToken)
    .build();

Clients

Create Client with FedCM Enabled - CREATE: POST /api/v2/clients with the fedcm_login object

            CreateClientResponseContent createdClient = client.clients().create(
                CreateClientRequestContent.builder()
                    .name("fedcm-test-client")
                    .fedcmLogin(FedCmLogin.builder()
                        .google(FedCmLoginGoogle.builder()
                            .isEnabled(true)
                            .build())
                        .build())
                    .build());
            String fedcmClientId = createdClient.getClientId().get();

            System.out.println("Created client: " + createdClient.toString());

Update FedCM Configuration - UPDATE: PATCH /api/v2/clients/{id} - set provider google is_enabled true/false

          UpdateClientResponseContent updatedClient = client.clients().update(createdClient.getClientId().get(),
              UpdateClientRequestContent.builder()
                  .fedcmLogin(FedCmLoginPatch.builder()
                      .google(FedCmLoginGooglePatch.builder()
                          .isEnabled(false)
                          .build())
                      .build())
                  .build());
    
          System.out.println("Updated client: " + updatedClient.toString());

Read FedCM Configuration - READ (single): GET /api/v2/clients/{id} - fedcm_login present if defined, else absent

            GetClientResponseContent fedcmClient = client.clients().get(createdClient.getClientId().get());

            System.out.println("fedcmClient: " + fedcmClient.toString());

Read FedCM Configurations - READ (single): GET /api/v2/clients - fedcm_login present if defined, else absent

      SyncPagingIterable<Client> allClients = client.clients().list();
                  for (Client c : allClients) {
                      c.getFedcmLogin().ifPresent(
                          f -> System.out.println("Client " + c.getClientId().orElse("?") + " FedCM login: " + f));
                  }

Remove FedCM Configuration - DELETE: PATCH /api/v2/clients/{id} with fedcm_login = null to remove the config

        UpdateClientResponseContent update = client.clients().update(createdClient.getClientId().get(),
                        UpdateClientRequestContent.builder()
                            .fedcmLogin(com.auth0.client.mgmt.core.Nullable.ofNull())
                            .build());
        
                    System.out.println("Updated client (after delete): " + update.toString());
            
        GetClientResponseContent afterDelete = client.clients().get(createdClient.getClientId().get());
);

Connections

Configure Identifier Attributes and OTP Authentication

        ConnectionPropertiesOptions connOptions = ConnectionPropertiesOptions.builder()
                        .attributes(ConnectionAttributes.builder()
                            .email(EmailAttribute.builder()
                                .identifier(ConnectionAttributeIdentifier.builder()
                                    .active(true)
                                    .defaultMethod(DefaultMethodEmailIdentifierEnum.PASSWORD)
                                    .build())
                                .build())
                            .phoneNumber(PhoneAttribute.builder()
                                .identifier(ConnectionAttributeIdentifier.builder()
                                    .active(true)
                                    .build())
                                .build())
                            .username(UsernameAttribute.builder()
                                .identifier(ConnectionAttributeIdentifier.builder()
                                    .active(true)
                                    .build())
                                .build())
                            .build())
                        .authenticationMethods(ConnectionAuthenticationMethods.builder()
                            .emailOtp(ConnectionEmailOtpAuthenticationMethod.builder().enabled(true).build())
                            .phoneOtp(ConnectionPhoneOtpAuthenticationMethod.builder().enabled(true).build())
                            .build())
                        .build();

Create Database Connections - CREATE: POST /api/v2/connections

CreateConnectionResponseContent conn = client.connections().create(
                CreateConnectionRequestContent.builder()
                    .name("test-conn-options")
                    .strategy(ConnectionIdentityProviderEnum.AUTH0)
                    .options(connOptions)
                    .build());

            System.out.println("Connection created: " + conn.toString());

Update Database Connections - UPDATE: PATCH /api/v2/connections/{id}

            UpdateConnectionResponseContent updatedConn = client.connections().update(conn.getId().get(),
                UpdateConnectionRequestContent.builder()
                    .options(UpdateConnectionOptions.builder()
                        .attributes(ConnectionAttributes.builder()
                            .email(EmailAttribute.builder()
                                .identifier(ConnectionAttributeIdentifier.builder()
                                    .active(true)
                                    .defaultMethod(DefaultMethodEmailIdentifierEnum.PASSWORD)
                                    .build())
                                .build())
                            .phoneNumber(PhoneAttribute.builder()
                                .identifier(ConnectionAttributeIdentifier.builder()
                                    .active(false)
                                    .build())
                                .build())
                            .username(UsernameAttribute.builder()
                                .identifier(ConnectionAttributeIdentifier.builder()
                                    .active(false)
                                    .build())
                                .build())
                            .build())
                        .authenticationMethods(ConnectionAuthenticationMethods.builder()
                            .emailOtp(ConnectionEmailOtpAuthenticationMethod.builder().enabled(false).build())
                            .phoneOtp(ConnectionPhoneOtpAuthenticationMethod.builder().enabled(false).build())
                            .build())
                        .build())
                    .build());

            System.out.println("Connection updated: " + updatedConn.toString());

Read Connection - READ (single): GET /api/v2/connections/{id}

          GetConnectionResponseContent gotConn = client.connections().get(conn.getId().get());
          System.out.println("Connection fetched: " + gotConn.toString());

Read Connections - READ (list): GET /api/v2/connections

            SyncPagingIterable<ConnectionForList> connections = client.connections().list();
            for (ConnectionForList c : connections) {
                c.getOptions().ifPresent(opts ->
                    System.out.println("Connection " + c.getName().orElse("?")
                        + " id_token_session_expiry_supported: "
                        + opts.get("id_token_session_expiry_supported")));
            }

Configure Session Expiry Support for OIDC/Okta similar with above testing snippets

Create ConnectionOptions -

      ConnectionPropertiesOptions connOptions = ConnectionPropertiesOptions.builder()
          .idTokenSessionExpirySupported(true)
          .additionalProperties(...)
          .build();

Create Database Connections - CREATE: POST /api/v2/connections with session expiry claim

client.connections().create(...)

Update Database Connections - UPDATE: PATCH /api/v2/connections/{id} with session expiry claim

client.connections().update(...)

Read Database Connection - READ: GET /api/v2/connections/{id} with session expiry claim

client.connections().get(...)

Read Database Connections - READ: GET /api/v2/connections with session expiry claim

client.connections().list();

Checklist

  • I have read the Auth0 general contribution guidelines
  • I have read the Auth0 Code of Conduct
  • All existing and new tests complete without errors
  • This change adds test coverage
  • This change has been tested against the latest platform version

@fern-api fern-api Bot requested a review from a team as a code owner June 23, 2026 05:37
@tanya732 tanya732 merged commit 736725b into master Jun 23, 2026
7 checks passed
@tanya732 tanya732 deleted the fern-bot/2026-06-23T05-37-03Z branch June 23, 2026 11:00
@tanya732 tanya732 changed the title 🌿 Fern Regeneration -- June 23, 2026 feat: FedCM, Native Social Login, Connection Options support Jun 24, 2026
@tanya732 tanya732 mentioned this pull request Jun 24, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tanya732 tanya732 tanya732 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tanya732