Overview
This article explains why a user session is terminated after updating profile information.
The User is logged out after using the PATCH /api/v2/users/[id] endpoint
Cause
This is expected behavior as of the current design. As documented in Session logout:
“Generally, you clear an Auth0 session by diverting users to the /logout endpoint. However, if you call the Update a User endpoint to reset user attributes (passing values email , email_verified , phone_number , and password ), auth0.checkSession does not renew the session, and the user must re-login.”
Solution
This behavior of sessions being terminated when the email or email_verified attributes are included in PATCHes to a user is due to be deprecated on August 19th, 2025.
Unwarranted Session Removal After Management API User Updates | Deprecations and Migrations
If it is desired that the session not be terminated, in Tenant Settings > Advanced Tab > Migrations Section, there is a toggle to opt into the post-deprecation behavior early. Turning off the below toggle will stop the session from being terminated when PATCHing those attributes:
While the above is enabled, avoid patching these profile attributes with users who currently have a session to avoid disrupting users. If users update their email_verified by clicking the link in a verification email, their session will not end, so this is the ideal route before the deprecation or toggling off the above migration.