Email Magic Links and OAuth: possible to have 0 or strictly more than 1 email(s)?


The responses of the OAuth and Magic Links authenticate call contain a user.emails property with a list of emails.

If all we use is the magic links login or create user, authenticate, as well as the OAuth authenticate and sessions authenticate calls, it is possible for a user to have either zero or more than one email?


If all we use on the system is

Hey Sami – thanks for posting!

Yes, I believe both of those cases (zero email addresses and >1 email address) are possible.

There are some OAuth providers that do not return verified user email addresses, and in those cases, we do not add an email address to the associated Stytch User. I’d recommend checking out this resource for more detailed information about OAuth email address behavior and for a breakdown by OAuth provider.

The case of multiple email addresses can occur if the primary email address associated with a user’s OAuth login changes. In that case, we’ll add the new primary email address to the existing Stytch User’s emails array.

Please let us know if you have any additional questions about this, and we’ll be happy to follow up!


Is there a way to determine which email address is considered the primary one?
Does the order of the emails have any particular meaning / consistency over time?

The order of the email addresses doesn’t have any significance at the moment, but we’re considering adding a created_at value to the email factors associated with a given user in order to address this use case.

Do you think a created_at value would serve your purposes?


Assuming that the newest email becomes the primary email, then yes, I think it would help.

Got it, thanks for confirming! I’ll reach back out here when we’re able to add that field (it’s on our team’s radar, but we don’t have an ETA available quite yet). Please let us know if there’s anything else we can help out with in the meantime!