Ok I have solved everything as intended for the GDPR no-logging strategy.
Some final points:
- When I created these namespaced custom claims, I had to also change the requested claim type in my app code from the default/initial “email” to the new namespaced format “www.mydomain.com/uri/email” (so actually that’s why I was seeing a successful test of the Rules in the Auth0 dashboard, but in my app I was getting empty “email” claims
) - after you set all this up (get connections ids, patch connections, set Rules) you have to delete all the existing users from the Users & Roles table, because the names & emails etc are not retroactively removed from the logs even when the same user logs-in again after the changes.
- Auth0 is actually very customizable, but there is no top-down, or, big picture way of noticing that it is. So without Stephanie’s help, I would have either thought it’s impossible, or would have literally had to read half of the documentation not knowing what I want until it somehow clicks what you can do. There should really be some hints based on “if you want to achieve this then do x” or “did you know you can configure this by going in the management api and then in the rules functions?”.
I’ve created a post in the feedback forum about this and more specifically the request for a log-less users log