`/userinfo` endpoint in OIDC returns `updated_at` field as a string


I’ve added an application to my auth0 tenent so I can verify identities via a third-party app. That is, I’m using Auth0 and the database of users I have in my Auth0 tenant to verify users via OIDC. (The third party app is Ory’s Kratos.)

As part of this, I’m hitting the /userinfo endpoint. The json returned contains things I expect and want, but the updated_at field given back is an RFC3339 formatted string instead of an int64. I expect an int64 as that’s in the standard and is documented by Auth0 itself here: Authentication API Explorer. The scope I’m requesting is openid profile email.

Here’s a sample of what I get back from Auth0:

  "sub": ...,                  
  "nickname": ...,                                    
  "name": ...,                                
  "picture": ..., 
 "updated_at": "2021-05-11T21:13:25.566Z",                  
 "email": ...,                                
 "email_verified": true                                     

This matters to me as I’m unmarshalling that JSON into a Claims struct that assumes updated_at is an int64.

Is this a bug in the auth0 implementation?


edit: Here’s an example in the Auth0 docs which shows the updated_at field as the RCF3339 formatted string: Auth0.js v9 Reference What am I missing about the context of the differences in the /userinfo endpoints here?

Hi @glawler,

You are right about the format of updated_at. It is a known issue that has been challenging to fix due to backward compatibility issues. You can read more about the context behind this in this related topic:

If your tenant is on a paid plan, you can open a support ticket to update this behavior so that an integer is returned for updated_at. Otherwise, you can send me a DM with your tenant name and I can request that update for your tenant.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.