Missing Email in Token for ASP.net Application


When authenticating users into an ASP.net application using auth0-aspnetcore-authentication, the issued tokens do not include the user’s email attribute.


By default, the SDK only requests openid profile scopes, but additional scopes can be configured.

As per the OIDC specification, the email scope must be requested in order to get the user’s email in tokens.

Therefore, updating the scope to include email should result in it being available within the ID Token.

If the email attribute is still not being passed in tokens when the scopes are correct, check that the IdP is passing an email attribute in its responses to Auth0. For example, if a user is missing an email attribute when inspecting them in the Auth0 Dashboard, then Auth0 was unable to map the email - either because one was not sent at all, or it was passed using a non-standard claim.

Related References