- We have SAML Enterprise connections into the application.
- This SAML IDP uses CamelCase identifiers before the @
- Auth0 normalizes all emails coming close to the username-password database to lowercase, as does our app when creating permissions
- Auth0 maps the CamelCase@domain to email, and doesn’t normalize to lowercase
- We would like to normalize where Auth0 won’t and use a management action to update that user, but updating the email address on users from SAML connections is 400 forbidden
- CamelCase@domain doesn’t match camelcase@domain, permissions fail, and they are signed out
At this point it looks like we need to add a whole additional layer of normalization to the entire app to handle this edge case… OR move to a secondary and worse field in the JWT like usermetadata.email_normalized
everywhere we check (a reliable source of bugs)
Is there no way to just keep the email
field normalized with SAML users?
If the enterprise connection upserts the Auth0 user at login, they won’t normalize, and the email is unchangable, is this just a bug Auth0 expects every SSO integration to run into eventually?