Custom social connection user profile script fails

I have the following code in the “fetch user profile script” of a custom social connection in Auth0:

function fetchUserProfile(accessToken, context, callback) {
      url: '',
      headers: {
        'Authorization': 'Bearer ' + accessToken,
    (err, resp, body) => {
      if (err) {
        return callback(err);
      if (resp.statusCode !== 200) {
        return callback(new Error(body));
      let bodyParsed;
      try {
        bodyParsed = JSON.parse(body);
      } catch (jsonError) {
        return callback(new Error(body));

      const profile = {
        email: bodyParsed.mail || bodyParsed.userPrincipalName

      if (! {
        // Handle the case when email is missing
        return callback(new Error("Email not found in the user profile."));

      callback(null, profile);

I get the following error when authenticating:

  "error": "access_denied",
  "error_description": "{\"statusCode\":400,\"error\":\"Bad Request\",\"message\":\"Query validation error: 'Object didn't pass validation for format email: ' on property email (Email address to search for (case-sensitive)).\",\"errorCode\":\"invalid_query_string\"}"

This is what is returned by the OAuth user profile endpoint in Azure AD:

{\"@odata.context\":\"$metadata#users/$entity\",\"businessPhones\":[\"+32 xxxxxxxx\"],\"displayName\":\"Karl xxxxxxx\",\"givenName\":\"Karl\",\"jobTitle\":null,\"mail\":\"\",\"mobilePhone\":null,\"officeLocation\":null,\"preferredLanguage\":\"en-US\",\"surname\":\"xxxxxxx\",\"userPrincipalName\":\"\",\"id\":\"6db0c3ee-9032-48fc-bdb3-915f34aaaaaa\"}

The “mail” and “userPrincipalName” properties are valid email addresses. So why do i get this error?

Any help much appreciated!