Structure of the User Profile

The following attributes are available on the User Profile:

The User Details page will show pending when a user is first created until they have logged in for the first time.

  • app_metadata: the custom fields storing information about a user. These attributes contain information that influences the user's access;

  • blocked*: the true/false value indicating if the user has been blocked;

  • created_at: the timestamp of when the user profile was first created;

  • email (unique): the user's email address

  • email_verified: the yes/no value indicating if the user has verified their email address;

  • identities: the array of objects with information about the user's identities:

    • connection: the name of the connection used to authenticate the user;
    • isSocial: the true/false value indicating if the connection is a social one or not;
    • provider: the entity that is authenticating the user (e.g. Facebook, Twitter, etc.);
    • user_id: the user's unique identifier for this connection/provider.
  • multifactor: the list of multifactor providers in which the user is enrolled;

  • last_ip*: the IP address associated with the user's last login;

  • last_login*: the timestamp of when the user last logged in;

  • logins_count*: the number of times the user has logged in;

  • name: the user's name;

  • nickname: the user's nickname;

  • phone_number: the user's phone number;

  • phone_verified: the true/false value indicating whether the user's phone number has been verified (only valid for users with SMS connections);

  • picture: the user's profile picture, click here to learn more about the picture field;

  • updated_at: the timestamp of when the user's profile was last updated/modified;

  • user_id (unique): the user's unique identifier;

  • user_metadata: the custom fields storing information about a user. These attributes should contain information about the user that does not impact what they can or cannot access (e.g. work and home addresses);

  • username (unique): the user's username.

In cases where you are accessing the User Profile from inside a Rule using the user object, properties such as the last_ip and last_login would be the values associated with the login that triggered the rule since Rules execute after the actual login.

Fields indicated with an asterisk (*) are not returned as part of user_profile/id_token nor are they included in any response from the /userinfo endpoint in the Authentication API. To retrieve user datails from these fields you will need to utilize one of the User endpoints in the Management API.

Blacklisting User Attributes

If there are user fields that should not be stored by Auth0 due to privacy reasons, you can blacklist the attributes you do not want persisting in Auth0 databases. For details on how to do that refer to Blacklisting User Attributes.