Mystery "personal data" fields in password policy

markd · July 26, 2021, 1:31pm

ref: Password Options in Auth0 Database Connections

The “personal data” checks include checks against:

user_metadata.name
user_metadata.first
user_metadata.last

Does anyone know what these are? I’ve not seen them before despite being on Auth0 for over 4 years. There are, or should be, no standard fields in user_metadata. I mean, I know what they are supposed to be, first name, last name, etc., but should these checks not reference the root family_name, given_name, …? Or is this just an error in the docs?

dan.woda · July 26, 2021, 3:17pm

Hi @markd!

Let bring this question to our field team. I’ll report back here with the response.

dan.woda · August 23, 2021, 4:32pm

Hi @markd,

I apologize for the delayed response. You are right in saying that we should expect no standard claims in the user_metadata object. I can’t find a direct answer as to ‘why’ this exists, other than that it is an artifact from a historical implementation.

I’ve recorded this as product feedback.

system · September 7, 2021, 4:32pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Privacy of user_id and identities Help	3	2321	August 29, 2020
Why is the first and last name not showing correctly in the user database Help login-experience , new-universal-login-experience	7	717	April 18, 2024
New user metadata fields not included in claims Help	1	1103	October 27, 2022
Returned fields in GetUser API documentation are confusing because its not possible to set them Help	5	3127	November 13, 2018
Standard OIDC Claims Help	2	3519	August 26, 2019

Mystery "personal data" fields in password policy

Related Topics