I’m looking for a way to change the behaviour that keycloak changes the user’s email address on the account page.
The current (default) behaviour is:
- A user update his email on the account page and clicks save button.
- Email address will be changed immediately.
- After next login with new email the user will receive email verification.
- User clicks on link in email and can login with new email.
It would be great if the following were possible:
- User types new email into the field on the account page.
- There is a second field for the password the user has to type. Otherwise it is not possible to update the email.
- If password was correct a verification email is sent to the new email address.
- User clicks on the link in verification email.
- Now the new email address was saved in keycloak.
- User is logged out and he sees the page with message “Your email address has been changed successfully. Please log in again.”
- The necessary entry of the password prevents a third party from changing the email address on the user’s PC.
- Save new e-mail address only after verification prevents the user from accidentally saving a wrong e-mail address and being unable to log in afterwards.
- Is this possible?
- If yes, how should I implement this?
- If no, are there any alternatives?