diff --git a/poetry.lock b/poetry.lock
index d510c705..497a2a50 100644
--- a/poetry.lock
+++ b/poetry.lock
@@ -19,21 +19,21 @@ tests-no-zope = ["cloudpickle", "coverage[toml] (>=5.0.2)", "hypothesis", "mypy
 
 [[package]]
 name = "auth0-python"
-version = "3.24.0"
+version = "4.4.0"
 description = "Auth0 Python SDK"
 optional = false
-python-versions = ">=2.7, !=3.0.*, !=3.1.*"
+python-versions = ">=3.7"
 files = [
-    {file = "auth0-python-3.24.0.tar.gz", hash = "sha256:88d7bce9472342e77f2f25fd8b060819b3557000e3a43e2618cd7a0fe5212c71"},
-    {file = "auth0_python-3.24.0-py2.py3-none-any.whl", hash = "sha256:a76e308df407fad9c6c29cd9de9a89bc5c1f7236f051c824923904046aea27a1"},
+    {file = "auth0-python-4.4.0.tar.gz", hash = "sha256:61ff3f36643281d8a4417bfdb14ba440428a77e15ca523e719b6e2f24cd5c8ba"},
+    {file = "auth0_python-4.4.0-py2.py3-none-any.whl", hash = "sha256:307330941f694ddb7a222de6e142bf31c6621bafa346e06a616e1160b9446c34"},
 ]
 
 [package.dependencies]
-pyjwt = {version = ">=1.7.1", extras = ["crypto"]}
+pyjwt = {version = ">=2.6.0", extras = ["crypto"]}
 requests = ">=2.14.0"
 
 [package.extras]
-test = ["coverage", "mock (>=1.3.0)", "pre-commit"]
+test = ["coverage", "pre-commit"]
 
 [[package]]
 name = "black"
@@ -1242,4 +1242,4 @@ crypto = ["cryptography"]
 [metadata]
 lock-version = "2.0"
 python-versions = "^3.8"
-content-hash = "5ad9415e8f7f1150a313e5d3f1c4520a10953640a42e92aba921ccdfc52d1978"
+content-hash = "738ad87fdc8874b5a6697912f959bf4ee77344de445e9e311386c76f001e8663"
diff --git a/pyproject.toml b/pyproject.toml
index 5c38534c..b93ff546 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -10,7 +10,7 @@ packages = [ { include = "contxt" } ]
 
 [tool.poetry.dependencies]
 python = "^3.8"
-auth0-python = "^3"
+auth0-python = ">=3,<5"
 click = ">=7,<9"
 cryptography = { version = ">=42.0.4", optional = true } # enable pyjwt to en/decode jwt via RSA
 pyjwt = "^2"