"email_verified=False" Attribute when User Logs in with GitHub Social Connection
When a user logs in via a GitHub social connection, the "email_verified=False" attribute is set in their user profile.
- Create a Github social login connection in the tenant
- Assign this connection to a test application
- Login via the test application, selecting the Github social login
- Inspect the state of the user meta_data and view the state of the "email_verified" attribute
This article details under what conditions this attribute may be set to False.
- Login with GitHub Social Connection
- email_verified attribute
The most likely reason for this is that GitHub does not require users to verify their email addresses. For more details, refer to the GitHub document Verifying your email address.
When a user logs in via a social connection, the email_verified attribute in the user's profile will be updated with the value that is sent by the provider. By default, the user profile attributes provided by identity providers other than Auth0 are not directly editable because they are updated from the identity provider each time the user logs in. This is explained in the Auth0 public documentation User profile attributes.
If the user has not verified their email address in Github, then email_verified=False would be what Auth0 retrieves from the social connection.
When reviewing the use of social connection providers in a broader context, not all of them provide the email_verified attribute to Auth0. When users authenticate with a federated identity provider (e.g. a social or enterprise connection), the value of the email_verified field will match what the identity provider returns in the user profile. If the identity provider does not return any value, this attribute will be set to false. Refer to When does Auth0 set emails as verified in the product documentation for more details.
To troubleshoot this, capture a HAR file of the login to the social provider. When analyzing the file, review the value of email_verified provided by the social login provider. It is not unusual that no value for this attribute is returned.
