we’ve implemented an EventListenerProvider which reacts on different user events like REGISTER oder LOGIN. For example during registration we add additional attributes to the user. Everything worked fine until we updated from version 10.x to 12.x. We now figured out that keycloak removes all user attributes when the UPDATE_EMAIL event is fired. This makes our accounts unusable, as we store required information with these attributes.
Is this a bug (or a security feature ) with keycloak 12.x? And is there a workaround? We also don’t want to generally forbid users to change their username (=email address).