I am trying to update the email of users via the Auth0 management Web portal but I am getting the error of type FCE (Failed Change Email) with the following description:
“Cannot read properties of undefined (reading ‘toString’)”
I get the same via the Auth0 management API. I am able to update other fields via both the api and the web portal, ie, name, nickname, email_verified.
I thought maybe because we have “Email” as an attribute to identify users in a DB Connection, this would be why the email address was uneditable? But I removed that and the error remains.
I have just tested this on my end on a user authenticated using a Username-Password connection and the User Profile was updated with the desired attributes, both using the Dashboard or the Management API.
The most likely cause when encountering this error would be related to updating the User Profile on a Custom Database Connection, maybe associated with the change_email script. I would recommend going over your custom database scripts and check for any code that might be trying to access a property on an object that could be undefinedor call a method such as toString() on a variable or object that has no value, but the encountered error should indicate that the custom database scripts need to be updated.
You could check out this Knowledge Base Articles, since they might be helpful:
thanks for your reply. I learned that the GetUser script gets run every time an attempt to change the user’s email is made and that is where the error message is coming from.
It looks like, without a changeEmail script defined, getting a user by their identifier returns nothing since that identifier has been updated and is now out of sync with the custom DB.
I tried to update the user email in the DB ahead of calling the Auth0 management API but its response then is “The specified new email already exists“.
Looks like I have no choice but to define a changeEmail script.
I have a question though: since the changeEmail script can’t be defined in the Auth0 dashboard and I need to do that via the update connection patch endpoint of the Auth0 management API, and the changeEmail script is nothing more than a string, that means I would have to define my api’s base URL plainly and, more importantly, my security token plainly.
I have modified our custom DB GetUser method to perform a null check so we don’t get the error. We are also returning callback(null) when the user is not found.
The current scenario is, I had a brand new user, I used the Auth0 api to change the email address, it worked, but when I tried to change it back to the original it failed with “The specified new email already exists“ even though no user with that email address exists in Auth0 or the custom DB. It looks like the old email address is still stored somewhere in Auth0 and some validation is failing because of that.
I can delete the user and create it again but that is not a solution we want.
Is this something you can help with?
Also, would setting up a changeEmail script eliminate this issue?
To address your first inquiry - The recommended approach to your use case is indeed defining a change_email script since it trusts your script to handle the validation and execution within your own database, while the Change Email Script Template is generally available for this exact specific use case. As for exposing your application’s secrets, the recommend approach would be storing them in a key-value pair in the Database settings( from Authentication-Database-Your Custom Database-click on the Custom Database and scroll down ), therefore encrypting the confidential data.
As for your second inquiry regarding “The specified new email already exists“ , this would currently be the expected behavior since it is mentioned in the first KB article I have linked above that:
The issue stems from a conflict between a user’s current information and older data persisting in a separate database when a Get User script is active.Even if an email is not visible in the Dashboard’s Users menu, the external database might still hold a record linking that email to a user, causing the system to incorrectly flag it as “existing” when reuse is attempted.
I hope this helps, and if you have further inquiries please let me know.