This PR introduces support for the connected accounts flow, enabling users to link third-party accounts (Google, Slack, GitHub) to their Auth0 user profile for seamless API access through Token Vault. The implementation includes significant documentation improvements, terminology updates, and bug fixes across multiple examples.

Key Changes:

• Connected Accounts Flow: Added support for connecting third-party accounts via the Connect Account flow instead of the previous /authorize flow. This is support in both popup and redirect modes for the @auth0/ai-components package that covers the front-end component handling of the flow (paired with a Next.js/FastAPI backend).
• Terminology Updates: Renamed "Resource Server Client" to "Custom API Client" throughout codebase for clarity and consistency with Auth0 terminology
• My Account API Integration: Added support for Auth0's My Account API to initiate the connect account flow
• Multi-Resource Refresh Token (MRRT): Implemented MRRT support to enable refresh tokens that work across multiple APIs (allows access to My Account API in this case)
• Documentation Updates: Reviewed setup guides for tenant configuration, including revised steps for:
  • Custom API Client creation
  • My Account API access grants
  • MRRT policy configuration
  • Social connection setup with Token Vault

Technical Improvements:

• Updated TokenVaultConsentPopup and TokenVaultConsentRedirect components to properly handle TokenVaultInterrupt's authorizationParams field (extra authorization parameters to be submitted to the 3rd party provider's authorization request)
• Changed authorization endpoint from /auth/login to /auth/connect for connected accounts flow
• Added enableConnectAccountEndpoint configuration flag when initializing the nextjs-auth0 library
• Fixed scope handling to always include "openid" for Google
• Updated environment variable naming for clarity (RESOURCE_SERVER_* → AUTH0_CUSTOM_API_*)

Bug Fixes:

• Fixed calendar availability check to use addDays instead of addHours for proper date range queries

Examples Updated:

• examples/calling-apis/chatbot - All AI framework variants (AI SDK, Genkit, Langgraph, LlamaIndex)
• examples/calling-apis/spa-with-backend-api/react-hono-ai-sdk
• examples/calling-apis/spa-with-backend-api/react-langgraph-api

Testing

Manual Testing Required:

• Verify connected accounts flow works correctly in popup and redirect modes
• Test Token Vault token exchange with Custom API Client credentials
• Confirm My Account API integration for creating connected accounts
• Validate MRRT functionality across multiple APIs
• Test with Google Calendar, Slack, and GitHub connections
• Verify all examples run successfully with updated configuration

Environment Setup Testing:

• Validate all README instructions are accurate and complete
• Confirm environment variable renaming doesn't break existing setups
• Test tenant configuration steps from scratch

Breaking Changes

⚠️ The @auth0/ai-components package was updated to trigger the new Connect Account flow instead of the previous flow via the /authorize entry point. As such, application builder will need to upgrade their application to support the new flow:

• Next.js Applications: upgrade the @auth0/nextjs-auth0 library to v4.13.0
  • Set the enableConnectAccountEndpoint: true option when initializing the Auth0Client module.
• SPA Applications: upgrade the @auth0/auth0-spa-js library to v2.9.0
  • Set these parameters when calling createAuth0Client()

  auth0Client = await createAuth0Client({
    ...
    useRefreshTokens: true,
    useMrrt: true,
    useDpop: true,
  });

⚠️ Environment Variable Renaming in the SPA examples:

• RESOURCE_SERVER_CLIENT_ID → AUTH0_CUSTOM_API_CLIENT_ID
• RESOURCE_SERVER_CLIENT_SECRET → AUTH0_CUSTOM_API_CLIENT_SECRET

Users will need to update their .env files when upgrading.