Searching the user with the management API returns a token from the external Identity of the user. This article explains how to prevent the token from being returned in the Response.

Code:

u = auth0.users_by_email.search_users_by_email(email=<email>)
print(u)

 
Response:

[{'created_at': '2022-10-06T17:06:52.287Z', ……, provider': 'waad', 'access_token': <token>', 'expires_in': 3842, 'last_login': '2023-11-23T06:55:08.033Z', 'logins_count': 136}]

• Management API
• Search Users

The tokens for external IdPs are stored on the user profile. If the M2M client used for the management API has the read:user_idp_tokens scope, the search user by email API will return this token in the response.

Removing this scope from the M2M app from APIs > Auth0 Management API > Permissions view on the application settings will help to avoid getting the identities array in the user profile, including this token.