* send AuthType in request payload and allow empty email field * re-introduce validation enforcing non-empty email field