Production Readiness Checks: Critical Fixes
The following checks see if you’ve completed all requirements for successful deployment to Production.
For more information about your checks output, see Run Production Checks.
| Check | Description |
|---|---|
| All Actions are running a recommended version of NodeJS | Set all Actions to a recommended version of NodeJS to take advantage of security patches and new features. |
| Allow ID Tokens for Management API v2 Authentication is disabled | The capabilities for using ID Tokens to authorize some of the Users and Device Credentials endpoints of the Management API are being deprecated. After completing migration to Access Tokens, make sure the Allow ID Tokens for Management API v2 Authentication toggle is turned off. If you can’t see this setting, then your tenant was created after this feature was deprecated, so it is already disabled by default. |
| allowLegacyRoGrantTypes | The legacy oauth/ro endpoint in tenant migration settings is being deprecated. After updating your applications to use supported endpoints, make sure you turn this endpoint off. |
| allowOtherLegacyGrantTypes | The legacy oauth/access_token endpoint in tenant migration settings is being depricated. After updating your applications to use supported endpoints, make sure you turn this endpoint off. |
| allowLegacyTokenInfoEndpoint | The legacy tokeninfo endpoint in tenant migration settings is being depricated. After updating your applications to use supported endpoints, make sure you turn this endpoint off. |
| allowLegacyDelegationGrantTypes | The legacy delegation endpoint in tenant migration settings is being depricated. After updating your applications to use supported endpoints, make sure you turn this endpoint off. |
| Allowed Callback URLs should not include Localhost | Validates the Application Allowed Callback URLs do not point to localhost, 127.0.0.1, and so on. |
| Allowed Origins (CORS) should not be Localhost | Validates that the Location URL for the page does not point to localhost. |
Allowed Web Origins should not include localhost | Validates that the Allowed Web Origins URLs do not point to localhost. |
| Email Provider should be configured | Verifies that the custom email provider has been configured. |
| Hooks are being deprecated and must be migrated to Actions | Hooks are being deprecated. We strongly recommend that you begin using Actions and start the migration process. Existing Hooks will stay active until Nov 18, 2024. |
| Multi-Factor Auth should be configured (Dependency: MFA is configured) | If you are using MFA with the Phone Message factor, configure it with a Twilio or custom delivery provider to avoid rate limits of the default delivery provider. |
| Legacy User Profile should be disabled | The legacy authentication flows that allow ID Tokens and the /userinfo endpoint to include the complete user profile are being deprecated. After completing the migration to the new OIDC-conformant APIs, make sure the Legacy User Profile toggle is turned off. |
| Rules are being deprecated and must be migrated to Actions | Rules are being deprecated. We strongly recommend that you begin using Actions and start the migration process. Existing Rules will stay active until Nov 18, 2024. |
| Social Connections should not use Auth0 Developer Keys | Verifies that Social Connections are not using the default Auth0 developer keys. |
| Support Email should be configured | Ensures the Support Email is configured in Tenant Settings. |
| Support URL is configured | Ensures the Support URL is configured in Tenant Settings. |
| Tenant Environment Tag should be configured | Ensures the tenant environment tag is set appropriately to Production, Staging, or Development. Changes to this tag affect your tenant’s rate limit. |
| Tenant is set to use a recommended default NodeJS version | Update your tenant to a recommended version of NodeJS to take advantage of security patches and new features. |
| Tenant Login URI | Ensures that Tenant Login URI is configured in Tenant Settings. |
| Use Custom Domain in Branded Email Templates | Ensure your emails templates use a custom domain. We strongly recommend customizing all user-facing emails to use your custom domain and company branding. |