Mystery "personal data" fields in password policy

ref: https://auth0.com/docs/connections/database/password-options#personal-data

The “personal data” checks include checks against:

  • user_metadata.name
  • user_metadata.first
  • user_metadata.last

Does anyone know what these are? I’ve not seen them before despite being on Auth0 for over 4 years. There are, or should be, no standard fields in user_metadata. I mean, I know what they are supposed to be, first name, last name, etc., but should these checks not reference the root family_name, given_name, …? Or is this just an error in the docs?

Hi @markd!

Let bring this question to our field team. I’ll report back here with the response.

1 Like

Hi @markd,

I apologize for the delayed response. You are right in saying that we should expect no standard claims in the user_metadata object. I can’t find a direct answer as to ‘why’ this exists, other than that it is an artifact from a historical implementation.

I’ve recorded this as product feedback.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.