An email is indeed required - This requirement is in place because the email address serves as a unique identifier within Auth0. The primary reason for this is that the email address is a globally unique identifier that can be easily used to contact the user (e.g., for password resets, multi-factor authentication, or other communications).