Linkerd vs Auth0
Side-by-side trajectory, velocity, and editorial themes.
Linkerd coasts on its 2.19 post-quantum release while filling the gap with technical blog content.
Linkerd's stable cadence has slowed: the last named release is 2.19 from October 2025, which made post-quantum key exchange the default TLS mode. Since then, the team has leaned on edge-release roundups and community blog posts — deep dives into linkerd-destination, protocol detection, certificate rotation, and how Kubernetes native sidecars interact with mesh shutdown semantics — rather than feature-stamped stable releases.
The project is in mature-maintenance posture. Edge releases keep code moving, but the messaging is shifting toward operational guidance (cert rotation, native sidecars, OTel integration) rather than new mesh capabilities. The next strategic question is whether 2.20 lands a directional feature or whether Linkerd keeps positioning as the lightweight, predictable alternative to Istio's growing surface area.
Expect the next named release to formalize Kubernetes native sidecar support as the recommended deployment mode, and OpenTelemetry-based metrics to graduate from edge into stable.
Auth0 ships Auth for MCP GA and starts unbundling the rest of identity for AI agents.
Auth0 just made Auth for MCP generally available — a bundle of CIMD client registration, On-Behalf-Of token exchange, and OAuth resource-parameter compatibility purpose-built for AI agents talking to MCP servers. Around it, the team is reworking core identity primitives: non-unique emails reached GA, online refresh tokens entered beta with session binding, and the Account API now supports step-up auth for sensitive scopes. Smaller polish items (CMD+K palette, Resend GA, signing algorithm coverage) round out the release stream.
Auth0 is repositioning from a B2C/B2B login provider to an authorization layer for agent ecosystems. The MCP work is the centerpiece, but the supporting moves — session-bound refresh tokens, step-up auth on the Account API, non-unique emails — all point at use cases where users, agents, and resources have more complex relationships than classic OIDC was designed for. Outbound event streams to AWS EventBridge and Okta Workflows extend the same direction outward.
Expect Auth for MCP to gain a managed catalog of pre-vetted MCP clients and deeper Actions-based policy hooks for OBO token exchange, plus online refresh tokens reaching GA within a quarter.
See more alternatives to Linkerd →
See more alternatives to Auth0 →