Hi,
Is your backend updating the email or email_verified attributes when it patches the user?
Patching Email or Email_verified via the management API will invalidate the Auth0 session.
Example:
This post body will invalidate the session:
{
"email_verified": true,
"app_metadata": {
"TestData": "TestValue"
}
}
This one works without invalidating the session:
{
"app_metadata": {
"TestData": "TestValue"
}
}