Hello,
I don’t know if this is a bug or a feature request, but I think I found an inconsistency with users’ emails. Some endpoints do not behavior as others in how they treat mixed case email addresses.
Automatically Lowercasing Email Address
- Whenever a user is created using the management API POST /users endpoint, the email address provided is always converted to lowercase.
- example: POST with
BOB@example.com
and user will be saved in Auth0 asbob@example.com
- example: POST with
- Whenever attempting a login using the authentication API Resource Owner flow from a trusted API, the passed in email will always be lowercased as well.
- example: user attempts login with
BOB@example.com
, Auth0 will attempt to log the user in withbob@example.com
and whatever password they provided.
- example: user attempts login with
- Fetching a list of users via management API /users using mixed cased email addresses, the emails will be looked up by using lowercase.
- example:
/api/v2/users?q=email:BOB@example.com
will lookup and returnbob@example.com
- example:
Not Automatically Lowercasing Email Address
- When looking up a single user by their email using management API /users-by-email?email=… does not lowercase the email before searching.
- example:
/api/v2/users-by-email?email=BOB@example.com
will not returnbob@example.com
(assuming that user exists in the database).
- example:
This bit us in production a few nights ago. It was an easy fix on our end (just lowercase the email before issuing the request). But it just seems like it should be case-insensitive like all the other user related endpoints.
Also to be fair: the documentation for the /users-by-email endpoint does state it is case-sensitive making it my fault for not reading it thoroughly before we found out in production. Also kinda means this is a feature request and not a bug report