ISSUE:
Getting consistent 409 Conflict “The user already exists” (auth0_idp_error) when creating users via Management API v2, but users don’t appear in email or username searches. This affects multiple different credentials.
ENVIRONMENT:
- Auth0 Management API v2
- Connection: Username-Password-Authentication
- Creation: POST /api/v2/users
- Search: /api/v2/users-by-email and /api/v2/users?q=username:“…”&search_engine=v3
THE PROBLEM:
Create user request:
POST /api/v2/users
{
“connection”: “Username-Password-Authentication”,
“email”: “user@example.com”,
“password”: “…”,
“username”: “testuser123”,
“email_verified”: false
}
Response:
{
“statusCode”: 409,
“error”: “Conflict”,
“message”: “The user already exists.”,
“errorCode”: “auth0_idp_error”
}
But then:
- Email search: GET /api/v2/users-by-email?email=user@example.com → Returns (nothing)
- Username search: GET /api/v2/users?q=username:“testuser123”&search_engine=v3 → Returns (nothing)
- Dashboard search: No users found
WHAT WE’VE TRIED:
1. Multiple completely different email/username combinations - all fail the same way
2. Verified Management API token has correct permissions (read:users, create:users)
3. Checked Auth0 Dashboard - no users visible, no pending password resets
4. Tried with email-only (no username field) - same error
5. Standard Username-Password-Authentication connection (no custom database scripts)
6. No hooks or rules configured
QUESTIONS:
1. Why does Auth0 report “user exists” when no user can be found via any API or dashboard search?
2. Are deleted users or other hidden states causing this conflict?
3. How can we clear these phantom user records?
4. Is this a known issue with recent Auth0 updates?
SIMILAR CASES:
Found a 2017 community thread with the same error message. Their resolution: misconfigured “Get User” script in custom database connection settings.
However, our case is different:
- We’re using standard Username-Password-Authentication (Auth0’s managed database)
- No custom database scripts are involved
- No custom “Get User” or “Create” scripts to debug
IMPACT:
This is blocking all new user registrations. Any help would be greatly appreciated!
UPDATE: Confirmed this occurs with brand new, never-before-used email addresses and random usernames.
—–
ROOT CAUSE [SOLVED]:
The conflict was NOT with email or username - it was with the PHONE_NUMBER field!
Auth0’s soft-delete period applies to ALL user fields including phone_number. When a user is deleted, their phone number remains reserved for 24-48 hours and CANNOT be reused, even with completely different email/username combinations.
THE MISLEADING ERROR:
Auth0 returns “The user already exists” for phone_number conflicts, which is extremely confusing because:
- The error message doesn’t specify WHICH field is conflicting
- Email/username searches return empty (because no user exists with that email/username)
- The phone_number causing the conflict is invisible in most search results
- Developers naturally assume “user exists” means email or username conflict
PROOF OF THE ISSUE:
Test 1 - WITHOUT phone_number:
{
“email”: “tesc3@gmail.com”,
“username”: “teqcv32”,
“given_name”: “tt”,
“family_name”: “tt”
}
Result: ✅ SUCCESS - User created
Test 2 - WITH same phone_number but different email/username:
{
“email”: “4tsdfv@gmail.com”, ← COMPLETELY DIFFERENT
“username”: “334tdf”, ← COMPLETELY DIFFERENT
“phone_number”: “+1**********”, ← SAME AS DELETED USER
“given_name”: “gg”,
“family_name”: “gg”
}
Result: ❌ 409 “The user already exists” - but searches for email/username return EMPTY
THE SOLUTION:
- Use a different phone number - One that hasn’t been used by any recently deleted users
- Make phone_number optional - Let users register without it initially
- Add phone number after registration - Create users without phone, add it via profile update later
IMPROVED ERROR HANDLING:
To avoid this confusion, we added detailed logging to identify which field is causing conflicts:
// Log the exact data being sent
console.log("Attempting to create Auth0 user with data:", {
email: userData.email,
username: userData.username,
phone_number: userData.phone_number, // ← Critical to log this!
});
// On 409 error, test registration without phone_number
// If it succeeds without phone but fails with phone → phone_number is the culprit
DEBUGGING STRATEGY:
When you get “user already exists” but searches return empty:
- Try creating the user WITHOUT optional fields (especially phone_number)
- If it succeeds, add fields back one at a time to identify the conflict
- Phone_number conflicts are invisible to standard email/username searches
- Check if the phone_number was used by a recently deleted user
KEY TAKEAWAYS:
- Auth0’s “user already exists” error applies to ALL unique fields, not just email/username
- Phone_number has its own uniqueness constraint and soft-delete period
- The error message doesn’t specify which field is conflicting
- Email/username searches won’t reveal phone_number conflicts
- Always test registration without optional fields when debugging mysterious 409 errors
- Consider making phone_number optional during registration to avoid this issue entirely
IMPACT:
This issue can completely block user registrations if you’re reusing phone numbers from test accounts or deleted users. The misleading error message makes it appear as a database corruption or phantom user issue when it’s actually a simple field conflict.
RECOMMENDATION FOR AUTH0:
Please improve the error message to specify WHICH field is causing the conflict:
- “A user with this email already exists”
- “A user with this username already exists”
- “A user with this phone number already exists”
This would save developers countless hours of debugging phantom user issues.
Hope this helps others experiencing this confusing issue!