Add case-insensitive option for user by email search

jak · October 28, 2022, 2:50pm

Feature: Add case-insensitive option for user by email search

Description:

Right now, Get Users By Email search allows searching by email, but only in case-sensitive way. We need a case-insensitive search option, which is immediately consistent. There is Get Users endpoint where search by email is case-insensitive, but that endpoint is eventually consistent.

Use-case:

We have a requirement in our systems that user email is unique. We want to enforce email uniqueness by implementing an Auth0 Action (eventually we might consider account linking, but right now this is not an option for us). Email needs to be unique across all connections, regardless of case, for example “user@example.com” and “User@Example.com” should be treated as same email/user.

To implement this, we need to check if there is an existing user with same email. We are using Retrieve Users with Get Users by Email Endpoint endpoint, because it is immediately consistent, so it’s safe to use in this scenario. However, for this endpoint search by email is case-sensitive. This means that if there is a user in our database which signed up with e.g. Passwordless (e.g. “user@example.com”), and then a user tries to sign up with social login with same email, but not lowercased (e.g., “User@Example.com”), we will not find the existing user and allow login, resulting in two users with same email.

There is Retrieve Users with the Get Users Endpoint endpoint where search by email is case-insensitive, but as mentioned in the docs that endpoint is eventually consistent, so not safe for our scenario.

Ideally, the Get Users by Email endpoint would accept additional parameter to enable case-insensitive search. There is a related community discussion, where multiple users are requesting this feature: Email Search Casing Should Not Matter

dan.woda · October 28, 2022, 4:41pm

Thanks for sharing a detailed use-case!

lucas.majewski · January 31, 2023, 3:58pm

This endpoint being case sensitive, it ends up being pretty much useless or at least too dangerous to rely on. We have users coming from enterprise connections with email address like Some.User@company.com and we can’t find them.

Hanno · February 8, 2023, 10:41am

Seconded! Exactly the same use case here. Enterprise (AD) connection keeps casing as it is, and we have a hard time finding these users.

konrad.sopala · February 8, 2023, 11:26am

Thanks everyone for sharing it! We’re gonna update you as soon as we have news to share!

jakeowenp · February 10, 2023, 5:54am

Hi - sharing the same experience - have setup two enterprise connections who had AzureAd and occasionally coming through as Pascal case - issue when searching for users

dave9 · March 2, 2023, 2:17pm

Adding my experience as well. We had a user who wanted to do a password reset. We utilize the users-by-mail endpoint to check if they are already in Auth0 to send them a different email if they are not. And since they used different casing, it kept coming back as not found. This is high priority for us to get changed. Thanks.

joseph.puthur · May 23, 2023, 4:46am

I also like to have this feature; again similar case of Enterprise connection with AAD which creates users with upper case

shlomiken · May 29, 2023, 1:40pm

Auth0 - this has been long time limit/flaw of the user model , users email should be unique no matter the case - when is this going to be fixed ?

pablo.duart · September 6, 2023, 9:22am

Agreed! Is there any timeline for this?

binod.pant · October 18, 2023, 4:23pm

We are hit by this too! Can we prioritize this so we don’t have to jump through hoops? We hit this when integrating Azure AD SSO

derekclee1 · October 24, 2023, 3:40pm

We have the same exact use case. When using Okta SSO we get emails with upper case and we can’t match emails that are lower case, or mixed case.

xuhui · November 1, 2023, 9:00am

Any plans on fixing this issue?

richard.28 · December 12, 2023, 9:00am

Surely this is an easy 2 minute fix? I cannot see where it makes sense to have an email case sensitive.

chris.albers · March 13, 2024, 9:42pm

Might as well add another opinion to the pile in hopes that it finally topples over.

We had a bug pop up today due to the fact that this one is case sensitive and the create user endpoint isn’t.

illepic · April 5, 2024, 8:57pm

Case-insensitive search is SORELY needed. We’re literally hammering the endpoint with every possible casing just to get all possible users since our users come in via username/password and myriad SAML connections (god only knows what their casing is). So case-sensitive search is actually resulting in huge overhead just to get the data we need.

J.Wood · October 2, 2024, 6:48pm

Same here…this endpoint is useless this way, glad I learned that the hard way.

jak · October 4, 2024, 9:14am

Sorry for the ping @rueben.tiow, I understand Auth0 has internal priorities. However we would appreciate some feedback on this topic, it’s been 2 years now since opening it.

When can we expect a fix to be implemented (if at all)? Are there any technical challenges which make this hard to implement?

Thanks!