Mystery "personal data" fields in password policy

markd · July 26, 2021, 1:31pm

ref: Password Options in Auth0 Database Connections

The “personal data” checks include checks against:

user_metadata.name
user_metadata.first
user_metadata.last

Does anyone know what these are? I’ve not seen them before despite being on Auth0 for over 4 years. There are, or should be, no standard fields in user_metadata. I mean, I know what they are supposed to be, first name, last name, etc., but should these checks not reference the root family_name, given_name, …? Or is this just an error in the docs?

dan.woda · July 26, 2021, 3:17pm

Hi @markd!

Let bring this question to our field team. I’ll report back here with the response.

dan.woda · August 23, 2021, 4:32pm

Hi @markd,

I apologize for the delayed response. You are right in saying that we should expect no standard claims in the user_metadata object. I can’t find a direct answer as to ‘why’ this exists, other than that it is an artifact from a historical implementation.

I’ve recorded this as product feedback.

Topic		Replies	Views
User_metadata not being populated on signup using Auth0.js Archived signup , user_metadata	1	3818	March 2, 2018
Auth0 DB search by user_metadata Get Help database , rules , actions	2	2770	July 7, 2021
Auth0 does not return user_metadata Archived auth0 , rules , login	7	4265	October 6, 2020
Auth0 additionalFields are not mapping in users profile's data Archived auth0 , signup , additionalsignupfiel	5	4444	August 24, 2019
Accessing user_metadata in Auth0 Action Get Help auth0 , change-password	4	5371	March 11, 2022

Mystery "personal data" fields in password policy

Related topics