Auth0 Home Blog Docs

Userinfo "email_verified" field. String, Boolean or both?

Hi all,

In my call to the userinfo endpoint I get profile information, including a flag “email_verified” which I’m checking in my app. Docs say that “email_verified” is a boolean. https://auth0.com/docs/users/references/user-profile-structure

I can see that it’a a boolean when I use the username/password from a database - looking good:

{
    "sub": "auth0|5d2xxxxxxxxx",
    "nickname": "foo.bar",
    "name": "foobar@example.com",
    "picture": "https://s.gravatar.com/avatar/blah.png",
    "updated_at": "2019-07-06T09:32:07.441Z",
    "email": "foobar@example.com",
    "email_verified": true
}

I’ve enabled the PayPal social login. For those identities I see “email_verified” is a string, which is in conflict with the documentation.

{
    "sub": "paypal|HJKf4sxxxxxxxxxxxxxxxxxxxxxx",
    "nickname": "paypal",
    "name": "Foo Bar",
    "picture": "https://s.gravatar.com/avatar/blah.png",
    "updated_at": "2019-07-06T09:35:29.839Z",
    "email": "foobar@example.com",
    "email_verified": "true"
}

I’ve had to work around this in my code because my JSON parser throws a wobbly when it encounters a string in a boolean field. Is it fair to assume it’s a bug?

As per OIDC standard, it should be a boolean:

https://openid.net/specs/openid-connect-core-1_0.html

so I would say it’s a bug.