fix: cross_origin_auth is deprecated and migrated to cross_origin_authentication

[palashgdev]

🔧 Changes

Handle deprecated cross_origin_auth field migration to cross_origin_authentication

The Auth0 Management API has deprecated the cross_origin_auth field in favor of cross_origin_authentication. This PR adds automatic migration support to ensure backwards compatibility while encouraging users to update their configurations.

• Migrates deprecated fields: Automatically converts cross_origin_auth → cross_origin_authentication
• Logs deprecation warnings: Notifies users when deprecated fields are detected
• Preserves new field values: If both fields exist, the new field takes precedence
• Removes deprecated fields: Ensures only the new field is sent to the API

Behavior Matrix

cross_origin_auth	cross_origin_authentication	Result
❌ Not set	❌ Not set	No change
❌ Not set	✅ Set	Uses cross_origin_authentication value
✅ Set	❌ Not set	Migrates value to cross_origin_authentication, removes deprecated
✅ Set	✅ Set	Uses cross_origin_authentication value, removes deprecated, logs warning

Examples

YAML format

Using deprecated field (will be auto-migrated with warning):

clients:
  - name: 'My SPA App'
    app_type: 'spa'
    cross_origin_auth: true

Using new field (recommended):

clients:
  - name: 'My SPA App'
    app_type: 'spa'
    cross_origin_authentication: true

JSON format

Using deprecated field (will be auto-migrated with warning):

{
  "name": "My SPA App",
  "app_type": "spa",
  "cross_origin_auth": true
}

Using new field (recommended):

{
  "name": "My SPA App",
  "app_type": "spa",
  "cross_origin_authentication": true
}

📚 References

• Auth0 Management API deprecation: cross_origin_auth renamed to cross_origin_authentication
• Auth0 Management API v2 Documentation

🔬 Testing

Added unit tests in test/tools/auth0/handlers/clients.tests.js:

• should migrate deprecated cross_origin_auth to cross_origin_authentication on create - Tests creation with deprecated field only, both fields, and new field only
• should migrate deprecated cross_origin_auth to cross_origin_authentication on update - Tests update scenarios with same variations

Test coverage includes:

• ✅ Deprecated field only → migrated to new field
• ✅ Both fields present → new field value preserved, deprecated removed
• ✅ New field only → no changes
• ✅ Warning logged when deprecated field detected

📝 Checklist

• All new/changed/fixed functionality is covered by tests (or N/A)
• I have added documentation for all new/changed functionality (or N/A)

[kushalshit27]

Hi, @palashgdev
Handel directory and Yaml export so that the newer version on cli does not export old key cross_origin_auth

[kushalshit27]

Hi, @palashgdev ,
During testing I see noise on due to high number of clients and log length
repeating warn log

`Client '${client.name}': 'cross_origin_auth' is deprecated and may not be available in the future versions.\nSee more on: https://community.auth0.com/t/action-required-update-applications-that-use-cross-origin-authentication/132819

Ideal should to warn log once example:

The 'cross_origin_auth' parameter is deprecated in clients and scheduled for removal in future releases.
Use 'cross_origin_authentication' going forward. Clients using the deprecated setting: ["client1", "client2"].

[palashgdev]

Hi, @palashgdev , During testing I see noise on due to high number of clients and log length repeating warn log

`Client '${client.name}': 'cross_origin_auth' is deprecated and may not be available in the future versions.\nSee more on: https://community.auth0.com/t/action-required-update-applications-that-use-cross-origin-authentication/132819

Ideal should to warn log once example:

The 'cross_origin_auth' parameter is deprecated in clients and scheduled for removal in future releases.
Use 'cross_origin_authentication' going forward. Clients using the deprecated setting: ["client1", "client2"].

@kushalshit27 updated this one

[kushalshit27]

LGTM!

[kushalshit27]

@claude

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 79.71%. Comparing base (0eb5df8) to head (652f4e9).
⚠️ Report is 1 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #1223      +/-   ##
==========================================
+ Coverage   79.65%   79.71%   +0.05%     
==========================================
  Files         137      137              
  Lines        5421     5437      +16     
  Branches     1122     1125       +3     
==========================================
+ Hits         4318     4334      +16     
  Misses        601      601              
  Partials      502      502              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[palashgdev]

All bot-raised comments have now been addressed.