[keycloak-user] Changed email is written to DB without verification, then the account is blocked

Lukasz Lech l.lech at ringler.ch
Wed Jun 19 03:03:39 EDT 2019


Hello,

I have a following scenario.

The user has changed email. Because of the typo the new email is invalid.
The email was saved to the DB without verification, which makes it impossible to log in using valid email.
The new email requires verification, which is impossible, because it is invalid.
The user is effectively blocked.

I've discovered this misbehavior in 4.8.1

Is my realm configured wrongly, or this is a known misbehavior?

Or maybe it was our failure that we have allowed users to change email, which should be immutable by design?

Best regards,
Lukasz Lech



More information about the keycloak-user mailing list