API v2 handle email local-part as case-insensitive

The endpoint to create a user handle the meail local-part as case-insensitive. Example:

  "email": "fooBAR@example.com",
  "user_metadata": {},
  "blocked": false,
  "email_verified": true,
  "verify_email": false,
  "app_metadata": {},
  "name": "Filippo De Luca",
  "connection": "EmailPassword",
  "password": "..."

It returns:

    "blocked": false,
    "created_at": "2022-10-02T07:33:40.001Z",
    "email": "foobar@example.com",
    "email_verified": true,
    "identities": [
            "connection": "EmailPassword",
            "user_id": "63393ed3c41d9fb78ef2a8d3",
            "provider": "auth0",
            "isSocial": false
    "name": "Filippo De Luca",
    "nickname": "foo",
    "picture": "https://s.gravatar.com/av...",
    "updated_at": "2022-10-02T07:33:40.001Z",
    "user_id": "auth0|63393ed3c41d9fb78ef2a8d3",
    "user_metadata": {}

The email local part has been converted to lower-case, it is not compliant with rfc2821 section 2.4 which states:

Verbs and argument values (e.g., “TO:” or “to:” in the RCPT command
and extension name keywords) are not case sensitive, with the sole
exception in this specification of a mailbox local-part (SMTP
Extensions may explicitly specify case-sensitive elements). That is,
a command verb, an argument value other than a mailbox local-part,
and free form text MAY be encoded in upper case, lower case, or any
mixture of upper and lower case with no impact on its meaning. This
is NOT true of a mailbox local-part. The local-part of a mailbox
** MUST BE treated as case sensitive**. Therefore, SMTP implementations
MUST take care to preserve the case of mailbox local-parts. Mailbox
domains are not case sensitive. In particular, for some hosts the
user “smith” is different from the user “Smith”. However, exploiting
the case sensitivity of mailbox local-parts impedes interoperability
and is discouraged.

The API should handle the domain as case-insensitive but the local-part (the string before @) as case-sensitive.

Thank you for looking into it.

Hi @filosganga ,

I understand that you expect email be case-sensitive. Here are what we support currently.

Auth0 treats email addresses as case insensitive. Email is stored in lowercase in the user profile. This applies to regular DB connections, custom DB connections with Import Mode ON, and passwordless email connections. foo@example.com and Foo@example.com would correspond to the same user for those connections.

For custom DB connection with Import Mode OFF, we rely on the custom database scripts for the email property.

For social connections, we get the email property from the Social Provider, and therefore case-sensitivity depends on the provider.

If you need the feature of supporting case sensitive for Auth0 email, please communicate this use case with our Product team directly via the feedback page.


1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.