Scenario1: when I try to update with exactly the same email. i.e userA has email as test@gmail.com and I send a patch request with test@gmail.com (no changes at all, exact same email as earlier). Will the Auth0 update the email and email_verified flag? or no changes are done in this case? What is the response code received?
Scenario2: what happens when try to update the email with an email in use for another user , what is the error code returned in this case? also impact on email_verified if any due to this?
The Auth0 Management API is idempotent for the PATCH operation. It recognizes that the value you’re providing for the email attribute is identical to the existing value. Because there is no actual change to the data, it does not trigger the process that would normally flip the email_verified flag to false. The response code will be a 200 OK with the user object in the body.
For your second question:
The update operation will fail. Auth0 will return a 400 Bad Request error, and the original user’s profile, including their email and email_verified status will remain unchanged.
{
"statusCode": 400,
"error": "Bad Request",
"message": "The specified new email already exists",
"errorCode": "auth0_idp_error"
}