/api/v2/users and api/v2/users-by-email have incorrect & varying behavior

2 issues I am seeing:


/api/v2/users does not respect include_fields=false. Looking at the docs it should respect false.

Example GET request:



        "nickname": "{my-users-nickname}",
        "picture": "https://s.gravatar.com/avatar/ffe93983af1ad59b7cbf78e75b4b46c0?s=480&r=pg&d=https%3A%2F%2Fcdn.auth0.com%2Favatars%2Fda.png"

It appears it is always treating my fields as include_fields=true.


/api/v2/users-by-email does not allow the field last_password_reset. Looking at the docs it doesn’t say anything about not being able to filter based on last_password_reset.

Example GET request:



    "statusCode": 400,
    "error": "Bad Request",
    "message": "Query validation error: 'String 'nickname,picture,last_password_reset' does not match pattern. Must be a comma separated list of the following values: phone_number,email,email_verified,picture,username,user_id,name,nickname,created_at,identities,app_metadata,user_metadata,last_ip,last_login,logins_count,updated_at,blocked,family_name,given_name' on property fields (Comma-separated list of fields to include or exclude (based on value provided for include_fields) in the result. Leave empty to retrieve all fields).",
    "errorCode": "invalid_query_string"

Is there a reason last_password_reset can’t be in the fields property? If I don’t have a fields query param, the last_password_reset value returns just fine with the entire user object.


These bugs/behaviors are making it so I cannot use the fields param and always have to request the entire user object (which isn’t a deal breaker, just kind of annoying). If I am doing something incorrectly, please let me know and I can adjust. But it seems like these are bugs.

Hi @davidhouseknechtdev ,

Welcome to the Community!

In your example request you have a mistype. You have requested fields_include, it should be include_fields. See if that fixes it.

I am able to get this field without any problem. Does your user have a last_password_reset field? i.e. have they ever reset their password? You can see the raw JSON in the dashboard.

Thanks, Dan!


This was totally my oversight! Fixing my dyslectic error is returning the expected results.


Yes, my user has that field. JSON (reduced for brevity):

    // other fields
    "last_password_reset": "2021-02-21T19:30:05.796Z",
    "last_login": "2021-02-21T19:34:07.218Z",
    "logins_count": 3

Are you able to get the field using fields=last_password_reset? I am able to get that field if I don’t use the fields param at all.

I see what you are saying. It seems the only way to retrieve it is to request the entire object.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.