The “personal data” checks include checks against:
user_metadata.name
user_metadata.first
user_metadata.last
Does anyone know what these are? I’ve not seen them before despite being on Auth0 for over 4 years. There are, or should be, no standard fields in user_metadata. I mean, I know what they are supposed to be, first name, last name, etc., but should these checks not reference the root family_name, given_name, …? Or is this just an error in the docs?
I apologize for the delayed response. You are right in saying that we should expect no standard claims in the user_metadata object. I can’t find a direct answer as to ‘why’ this exists, other than that it is an artifact from a historical implementation.