Privacy of user_id and identities

I noticed here that identities and user_id are in the fields not to be included in app_metadata:

I was hoping to get a more detailed understanding of this. Are there some particular security risks associated with these ids being visible (eg to dashboard administrators)?

Sure! Let me reach out to our security team

Those are reserved fields auth0 uses to preserve user integrity. They are used for reasons such as anomaly detection, auditing, etc.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.