diff --git a/api-server/src/server/boot/authentication.js b/api-server/src/server/boot/authentication.js
index c7589da53ce..26765096f10 100644
--- a/api-server/src/server/boot/authentication.js
+++ b/api-server/src/server/boot/authentication.js
@@ -220,7 +220,7 @@ function mobileLogin(app) {
 
       const { email } = await auth0Res.json();
 
-      if (!isEmail(email)) {
+      if (typeof email !== 'string' || !isEmail(email)) {
         return next(
           wrapHandledError(new TypeError('decoded email is invalid'), {
             type: 'danger',