[keycloak-user] Changed email is written to DB without verification, then the account is blocked
Lukasz Lech
l.lech at ringler.ch
Wed Jun 19 03:03:39 EDT 2019
Hello,
I have a following scenario.
The user has changed email. Because of the typo the new email is invalid.
The email was saved to the DB without verification, which makes it impossible to log in using valid email.
The new email requires verification, which is impossible, because it is invalid.
The user is effectively blocked.
I've discovered this misbehavior in 4.8.1
Is my realm configured wrongly, or this is a known misbehavior?
Or maybe it was our failure that we have allowed users to change email, which should be immutable by design?
Best regards,
Lukasz Lech
More information about the keycloak-user
mailing list