diff --git a/packages/strapi-plugin-users-permissions/controllers/Auth.js b/packages/strapi-plugin-users-permissions/controllers/Auth.js
index 13e27a6791..77f3bf2dea 100644
--- a/packages/strapi-plugin-users-permissions/controllers/Auth.js
+++ b/packages/strapi-plugin-users-permissions/controllers/Auth.js
@@ -57,15 +57,17 @@ module.exports = {
       const isEmail = emailRegExp.test(params.identifier);
 
       // Set the identifier to the appropriate query field.
+      let key = "email";
       if (isEmail) {
         query.email = params.identifier.toLowerCase();
       } else {
         query.username = params.identifier;
+        key = "username";
       }
 
-      // Check if the user exists.
-      const user = await strapi.plugins['users-permissions'].queries('user', 'users-permissions')
-        .findOne(query, ['role']);
+      const user = await strapi.plugins["users-permissions"]
+        .queries("user", "users-permissions")
+        .findOne(_.pick(query, [key, key]));
 
       if (!user) {
         return ctx.badRequest(