Userinfo "email_verified" field. String, Boolean or both?

Hi all,

In my call to the userinfo endpoint I get profile information, including a flag “email_verified” which I’m checking in my app. Docs say that “email_verified” is a boolean. User Profile Structure

I can see that it’a a boolean when I use the username/password from a database - looking good:

{
    "sub": "auth0|5d2xxxxxxxxx",
    "nickname": "foo.bar",
    "name": "foobar@example.com",
    "picture": "https://s.gravatar.com/avatar/blah.png",
    "updated_at": "2019-07-06T09:32:07.441Z",
    "email": "foobar@example.com",
    "email_verified": true
}

I’ve enabled the PayPal social login. For those identities I see “email_verified” is a string, which is in conflict with the documentation.

{
    "sub": "paypal|HJKf4sxxxxxxxxxxxxxxxxxxxxxx",
    "nickname": "paypal",
    "name": "Foo Bar",
    "picture": "https://s.gravatar.com/avatar/blah.png",
    "updated_at": "2019-07-06T09:35:29.839Z",
    "email": "foobar@example.com",
    "email_verified": "true"
}

I’ve had to work around this in my code because my JSON parser throws a wobbly when it encounters a string in a boolean field. Is it fair to assume it’s a bug?

As per OIDC standard, it should be a boolean:

33%20PM3214×88 25.6 KB

so I would say it’s a bug.

This is still broken at least when using “Sign in with Apple”.
Any plan to fix it?

same problem here, with apple provider

+1. Just hit this with Apple.

+1 for apple. Is anyone at auth0 looking at this?

April 21’ and still seeing this behavior with Apple social provider. What is auth0’s recommendation for dealing with this? This seems significant enough that auth0 should address it. (For others coming here: I addressed this by adding a rule to check for string type on this property so I can transform it to a boolean before it even touches my app when I need it for flows in my app)

Thanks,
Ky