When I login via Google or email+pwd, Auth0 returns me a User object including the email_verified field properly set. When I use twitter login this field is simply missing. That is not consistent.
It really depends what claims each IdP supports. From Google it’s obvious from their OIDC discovery doc that email_verified
is a supported claim.
https://accounts.google.com/.well-known/openid-configuration
Twitter, since they just support OAuth2 but not OIDC afaik, it’s not obvious, and I couldn’t find it in the Twitter docs, but I think it’s simply not provided. And Auth0 can only rely on what the IdP provides, it wouldn’t make up the value for email_verified
just on its own. (I haven’t tested Twitter in detail and what claims exactly come back).
email_verified field is not present in my client code nor in the token
You cannot update the email_verified
field directly in a Rule like this. It’s a protected field. I’ll provide you with a different code snippet in a bit how do change it (making a call to the Management API), especially since you want to persist that info anyway, and just using user.email_verified = true
in the rule doesn’t persist it in the user store, it’s just a temporary change.
Update: @AntonioM
Here’s two approach, depending whether you want/need to persist the email_verified flag in the user store or of it’s sufficient to put it in the ID token (and afterwards forget about it).
With persistence (Rule code):
function (user, context, callback) {
if (context.connectionStrategy === "twitter") {
var ManagementClient = require('auth0@2.6.0').ManagementClient;
var management = new ManagementClient({
token: auth0.accessToken,
domain: auth0.domain
});
// persist in user store
management.updateUser({id: user.user_id}, {email_verified:true})
.then(function(u){
context.idToken.email_verified = u.email_verified;
context.idToken.email = u.email;
callback(null, u, context);
})
.catch(function(err){
callback(err);
});
} else { // if not twitter
callback(null, user, context);
}
}
Without persistence (Rule code):
function (user, context, callback) {
if (context.connectionStrategy === "twitter") {
context.idToken.email_verified = user.email_verified;
context.idToken.email = user.email;
}
callback(null, user, context);
}