Add case-insensitive option for user by email search

Feature: Add case-insensitive option for user by email search

Description:

Right now, Get Users By Email search allows searching by email, but only in case-sensitive way. We need a case-insensitive search option, which is immediately consistent. There is Get Users endpoint where search by email is case-insensitive, but that endpoint is eventually consistent.

Use-case:

We have a requirement in our systems that user email is unique. We want to enforce email uniqueness by implementing an Auth0 Action (eventually we might consider account linking, but right now this is not an option for us). Email needs to be unique across all connections, regardless of case, for example “user@example.com” and “User@Example.com” should be treated as same email/user.

To implement this, we need to check if there is an existing user with same email. We are using Retrieve Users with Get Users by Email Endpoint endpoint, because it is immediately consistent, so it’s safe to use in this scenario. However, for this endpoint search by email is case-sensitive. This means that if there is a user in our database which signed up with e.g. Passwordless (e.g. “user@example.com”), and then a user tries to sign up with social login with same email, but not lowercased (e.g., “User@Example.com”), we will not find the existing user and allow login, resulting in two users with same email.

There is Retrieve Users with the Get Users Endpoint endpoint where search by email is case-insensitive, but as mentioned in the docs that endpoint is eventually consistent, so not safe for our scenario.

Ideally, the Get Users by Email endpoint would accept additional parameter to enable case-insensitive search. There is a related community discussion, where multiple users are requesting this feature: Email Search Casing Should Not Matter

Thanks for sharing a detailed use-case!

This endpoint being case sensitive, it ends up being pretty much useless or at least too dangerous to rely on. We have users coming from enterprise connections with email address like Some.User@company.com and we can’t find them.