Phone number missing in response from users endpoint

dhawkings · September 8, 2020, 7:34pm

Forgive me if this has been asked and answered. I have looked around and not found anything.

I’m calling the get user endpoint in the v2 api as described here:
https://auth0.com/docs/users/user-search/retrieve-users-with-get-users-by-id-endpoint.

The response I’m getting does not include the user phone number even though the user was verified using SMS. I’m using the Universal Login.

Does anyone know why the phone number is being left out?

The response I’m getting looks like this. I’ve redacted a bunch of it.
{

created_at: “2020-09-07T20:37:47.283Z”,
email: “user44@REDACTED.com”,
email_verified: false,
identities: [
{
user_id: “REDACTED”,
provider: “auth0”,
connection: “Username-Password-Authentication”,
isSocial: false,
},
],
name: “user44@REDACTED.com”,
nickname: “user44”,
picture: “https://s.gravatar.com/avatar/REDACTEDrs%2Fus.png”,
updated_at: “2020-09-07T21:12:06.540Z”,
user_id: “auth0|5fREDACTEDddbdc02”,
multifactor: [
“guardian”,
],
multifactor_last_modified: “2020-09-07T20:38:22.225Z”,
app_metadata: {
REDACTED
},
last_ip: “REDACTED”,
last_login: “2020-09-07T21:12:06.540Z”,
logins_count: 6,
}

dan.woda · September 11, 2020, 4:28pm

Hi @dhawkings,

It doesn’t look like it is possible to get phone numbers that were used as MFA factors. Would you mind describing your use-case?

Thanks,
Dan

dhawkings · September 14, 2020, 9:40pm

Hi @dan.woda,

We are a financial services company and need to collect the user’s phone number as we sometimes need to follow up to get verbal confirmation of transactions entered on our website. If we can’t get the user’s phone number from the Auth0 user info, then we have to ask the user to enter it a second time after authentication is complete, which isn’t a great user experience.

Thanks,

David

dan.woda · September 16, 2020, 8:21pm

@dhawkings,

Thanks for that feedback, I understand what you are describing. Would you mind submitting it to our product team as a feature request via our feedback page? I can also submit it on your behalf, please let me know and I will ask you for some contact information.

In the meantime, you have a few options:

You can collect the phone number as an additional field or during a redirect in a rule (this method will do as you describe, force the user to provide it at signup and during registration for MFA; if they are all using SMS MFA that is. You could also handle this when you collect other profile information like address etc.)
You could use the MFA API’s sms endpoints to build out your own MFA flow, which would allow you to collect the phone number and add it to the auth0 profile or store it in your DB. (This will require more development time as it is not an out of the box solution).

Does this make sense?
Dan

dhawkings · September 16, 2020, 4:26pm

Thanks @dan.woda. I’ll submit the feature request on your feedback page. In the meantime, I’m just asking for the phone number again after authentication along with address and other info, as you suggested.

Thanks.

dan.woda · September 16, 2020, 8:21pm

Thank you very much, we appreciate your input.

If you run into anything please let us know.