[keycloak-user] Updating an email address of an account

[Manuel Baumann]

Hi all

I am new to this list but have some experience with Keycloak and am
looking for a solution of the following problem:

Let's assume there is a user account with email and password and
he/she also uses that account to login and then access our
application.

Now we want to allow the user to modify its email address.

I saw this use case implemented in other products. There it would send
an email to the old address to verify the change (this step is not
required in our case) and then send an email to the new email address
with a verification link. Only when the link in the second email is
clicked, the email is updated.

What I managed to do so far is to update a users email, setting it to
not verified and triggering the "send-verify-email"  action all via
admin REST interface.

However my approach has the con that the entered email address is
updated on the user whether it was verified or not, which makes a user
who did not finish the email update (by verifying it) unable to login
with the currently active credentials (email, password) anymore since
the email was updated.

Hopefully there is another way to achieve that and any hints are appreciated.

Best regards
Manuel