Auth0 Rules and Hooks CI/CD Breakage — when and how should I migrate?
Teams that manage Auth0 with Terraform or Deploy CLI need a concrete plan because the read-only transition breaks automated script updates to Rules and Hooks even before final end-of-life.
Blockers
- capability/rules — EOL 2026-11-18
- capability/hooks — EOL 2026-11-18
- Rules became read-only on November 18, 2024, breaking source-code update operations through CI/CD tooling.
- Hooks became read-only on November 18, 2024, breaking source-code update operations through CI/CD tooling.
- Rules became read-only on November 18, 2024, including CI/CD tooling such as Auth0 Deploy CLI.
- Hooks became read-only on November 18, 2024, including CI/CD tooling such as Auth0 Deploy CLI.
Who this is for
- enterprise
- compliance
- small-team
Candidates
Migrate Rules and Hooks to Actions now and stop treating legacy source as deployable
Auth0 documents that Rules and Hooks became read-only on November 18, 2024, and their end of life is November 18, 2026. As of 2026-03-29, legacy source code can no longer be edited through the Dashboard or Management API, including CI/CD tooling such as Terraform and Auth0 Deploy CLI. Auth0 also states Rules and Hooks are no longer available to new tenants created on or after October 16, 2023.
When to choose
Use this when you still depend on Auth0-hosted extensibility and need your automation to regain a supported path for code changes before November 18, 2026. This is the decisive option if your current pipeline still attempts to push Rule or Hook source.
Tradeoffs
Supported long-term path and restores a code-based customization model, but requires migration work and retesting of login and extensibility flows.
Cautions
Do not wait for final end of life to act: the operational break already happened at the read-only transition. New tenants cannot rely on Rules or Hooks at all, so mixed-estate environments become harder to manage the longer migration is deferred.
Quarantine legacy Rules and Hooks in CI/CD while completing a staged migration
Auth0 says read-only Rules and Hooks can still be enabled, disabled, or deleted, and their configuration values or secrets can still be changed, but their source code cannot be edited. If migration cannot finish before read-only, CI/CD must stop attempting unsupported Rule and Hook source-management operations. As of 2026-03-29, this remains temporary because end of life is scheduled for November 18, 2026.
When to choose
Use this when an immediate full migration is too risky, but your current Terraform or Deploy CLI runs are failing or will fail because they still try to update legacy source. The decisive factor is whether you need short-term pipeline stability while preserving current production behavior.
Tradeoffs
Fastest way to stop deployment breakage without changing runtime behavior immediately, but it preserves technical debt and leaves a hard migration deadline in place.
Cautions
This only works if you remove or isolate source-management operations for Rules and Hooks from automation. Treat it as a temporary exception path with a dated retirement plan, not as a steady-state architecture.
Try with your AI agent
$ npm install -g pocketlantern $ pocketlantern init # Restart Claude Code, Cursor, or your MCP client, then ask: # "Auth0 Rules and Hooks CI/CD Breakage — when and how should I migrate?"