I’d like to have a safe and secure way for my users to change their email address.
By safe and secure, I mean that an user shouldn’t be able to set an email that s-he does not control, in order to avoid:
- account squatting
- users getting locked out of their account, without any usable mean to recover it
/users/ endpoint of the management API, the new email erases the old one, even if it’s not verified yet. This means the user can potentially be in a state where her-his account has no verified methods for recovery.
There’s been a similar request from another user on the old forum :
The desired workflow was :
1. User changes his email 2. A verification email is sent to the new email address 3. The user will only be able to login with his old email and password until the new email is verified 4. Once the new email is verified the user can only login using the new email address
But the provided answer (link a new identity and delete the old one) doesn’t seem to be completely satisfying and is potentially dangerous.
A malicious user could block others from signing up by attempting to change its email to one that he doesn’t control, thereby linking a new identity to its account, and that unverified email would stay there, preventing the legitimate owner of the email address to sign up.
This angle of attack would be mitigated by the ability of the legitimate user to connect to the malicious account and remove itself from the identities (assuming that a full identity management interface is implemented), but that’s far from a simple and zero-friction scenario.
Can someone please tell me if there is a recommended sane way to update an user’s email with auth0 ?