Use /api/v2/users to find matching emails

[nicosabena]

Switches back to GET /api/v2/users to find matching email addresses so that the search is case-insensitive.

✏️ Changes

Currently, the extension (both in the rules and in the back end) searches for identities with the same email address with the GET /api/v2/users-by-email endpoint. While this endpoint is very efficient, the search it performs is case sensitive. This is a problem for some enterprise identity providers that provide the email address in a capitalized form (e.g. John.Doe@acme.com instead of john.doe@acme.com).
With PR switches to the GET /api/v2/users endpoint, with a q=email:john.doe@acme.com like query string. This search is case insensitive, allowing matches where the casing is different. The search needs to be changed in two pieces:

• In the rule, where matching identities are searched for during the first login
• In the backend, where matching identities are searched to present the option to the user

The slight performance hit from not using /users-by-email should be negligent, since the search is only done on the first login of an identity.

🔗 References

IUM-1301

🎯 Testing

🚫 This change has been tested in a Webtask

🚫 This change has unit test coverage

🚫 This change has integration test coverage

🚫 This change has been tested for performance

🚀 Deployment

✅ This can be deployed any time

🎡 Rollout

🔥 Rollback

📄 Procedure

🖥 Appliance

[stale]

Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?

[nicosabena]

This is still relevant and would help to mitigate the described corner cases.

[stale]

Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?

[ldigiuseppe]

We are having issues with linking account when the emails are registered with different lower/upper cases, for example, we have a b.simon@mail.com (username-password) and a B.Simon@mail.com (waad user) they won't link together because of the capital letters. It would be nice to progress with this PR.

[jcerjak]

According to https://auth0.com/docs/manage-users/user-search/retrieve-users-with-get-users-endpoint, the
GET /api/v2/users endpoint is eventually consistent, not immediately consistent.

If you think this is problematic for this particular use case, please consider upvoting: https://community.auth0.com/t/add-case-insensitive-option-for-user-by-email-search/93303

[brandonin]

There is actually a bug in here. You will also need to utilize the below code here:

        if (user.email.toLowerCase() !== decodedToken.email.toLowerCase()) {