Thanks for your response.
There are a couple of things here I’d like to point. First, allowing users to change their email is not an option that they can self-serve. It is not a functionality that is available with Auth0 OOTB. Seeing that the only way is through some involvement of the Management API, then the scenario of the user being locked out is to be expected. A revert will be needed.
Second, a forgot password is an option that users can self serve, so in that way, users who lock themselves out can retry the forgot password flow to regain access to their account as many times as needed (sparingly).
I found this How to let users change their email? SAFELY Community Post that addresses your scenario.
Please let me know if there’s anything else I can do to help.
Thank you.