Overview
When using the Management API’s ‘Update a User’ endpoint, the payload included the user’s email address with capitalization along with some other attributes. For example, the payload looked like the following:
{
"email": "User@example.com",
"app_metadata": { attr1: value }
}
After making the request the user’s profile unexpectedly had the ‘email_verified’ attribute switched to false from true. This may seem unexpected since the PATCH request was for the same email address but in all lowercase (e.g., “user@example.com”).
This article clarified whether this is expected behavior for this endpoint.
Applies To
- Management API
- email_verified
Cause
This is by design. If a user updates their email, Auth0 cannot confirm whether the new email is verified.
Solution
The recommended approach is to incorporate emails that have a lowercasing prior to making the request, and ideally, do not include the email attribute if there is no intention of updating it.