That’s how the system is expected to behave.
When using Auth0 Management API v2 API, three strategies can be used to create a user identifier:
- database connection that supports both email and username fields (if requires username enabled)
- passwordless sms connection that supports phone_number only
- passwordless email connection that supports email only
The email, username and phone_number in root user profile are identifiers and depending on the connection strategy we don’t allow some of the attributes.
If you want to add extra attributes like an email in a sms connection, you can use app_metadata and the phone_number can be added in the IdToken in a rule if needed.