Silent Auth errors with Login Required after updating app_metadata via Management API

Hi,

Is your backend updating the email or email_verified attributes when it patches the user?
Patching Email or Email_verified via the management API will invalidate the Auth0 session.

Example:

This post body will invalidate the session:

{
  "email_verified": true,
  "app_metadata": {
          "TestData": "TestValue"
        }
}

This one works without invalidating the session:

{
  "app_metadata": {
          "TestData": "TestValue"
        }
}
2 Likes