Version 14.0.2 - 2026/05/12 

This release fixes two regressions in the mergeUsersByEmailAndUsername feature introduced in 14.0.1 that prevented existing backend users from being matched when their Auth0 login method changed.

Download 

Download this version from the TYPO3 extension repository or from GitHub.

Fixed 

  • Merge-by-email+username lookup honours configuration type: When the YAML property mapping placed the username inside user_metadata or app_metadata (instead of the root payload), the lookup silently skipped the existing backend user and Auth0 then created a duplicate be_users record. The lookup now resolves the username through the configured property mapping — including its configurationType — and falls back to Auth0's nickname claim only when no mapping is configured.
  • Restore Auth0 user identifier lookup: A leftover debug literal in UserUtility::checkIfUserExists() caused every login to be compared against the string "foobar" instead of the user's actual Auth0 identifier, breaking the standard auth0_user_id match path. The correct identifier is now used again.

Added 

  • UserRepository::updateUserByAuth0Id() now logs a warning when more than one be_users row matches the given auth0_user_id. UPDATE has no implicit row limit, so a duplicate identifier would otherwise mutate every matching record in lockstep and mask the duplication.
  • UserUtility::findExistingUserByEmailAndUsername() now emits a notice when the merge-by- email+username path is skipped because email, username, or the new auth0_user_id is missing from the Auth0 payload. This makes silent skips diagnosable in the TYPO3 log.

All Changes 

This is a list of all changes in this release:

2026-05-12 [BUGFIX] Restore Auth0 user identifier lookup [TER-477] [TER-479] (Commit 09b8a96 by Oliver Heins)
2026-05-12 [BUGFIX] Resolve merge-by-email+username lookup via configuration type [TER-477] [TER-478] (Commit 42c8cdd by Oliver Heins)
Copied!