[keycloak-user] Prevent users from changing email address when email is used as username

[Lukasz Lech]

What do you mean by 'the input with email can be hidden'? Do you mean disabling editing username in Realm Settings -> Login ?

We've also discovered recently that the email change flow is broken If email is used as username, and the recommended solution was to disable editing username.  Have you tested, that this setting has only visual implication and you can still edit email via manipulating the form? 

However, I  suppose if the user locks himself out by manually the html, you can say, self-guilty.

Best regards,
Lukasz Lech


-----Original Message-----
From: keycloak-user-bounces at lists.jboss.org [mailto:keycloak-user-bounces at lists.jboss.org] On Behalf Of Ales Fuchs
Sent: Mittwoch, 31. Juli 2019 16:08
To: keycloak-user at lists.jboss.org
Subject: [keycloak-user] Prevent users from changing email address when email is used as username

Hello,

We are using Keycloak version 4.8.3 and in our setting we have the option "Email as username" switched on and "Edit username" switched off.

At the same time we need to let users to log in and change their name in the account console. Once the name and surname is editable, email can be changed too, which changes also the username.

The input with email can be hidden, but whoever knows how Keycloak works can simply add this input and update the username.

Does anyone have any idea how updating of username can be prevented?

Best regards,
Ales Fuchs
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user