Hi all, Currently, WSO2 Identity Server only supports email account verification during the self-registration and user onboarding process. There is no feature to trigger the email verification via email notification in a scenario where the user’s email address is updated.
To address this limitation, we will be modifying the UserEmailVerificationHandler [1] to trigger the email account verification process when "emailaddress" claim has been updated. In order to achieve this, the events PRE_SET_USER_CLAIM and POST_SET_USER_CLAIM will be subscribed with the UserEmailVerificationHandler. To persist the changed email address till account verification happens we wish to introduce a new claim called "verificationPendingEmail". Upon email account verification, the new email address will be persisted against the "emailaddress" claim. In a scenario where the user updates the profile with the same email address which has already been verified, we have made the decision not to trigger an email verification. Please find attached the draft user stories and solution implementation documentation. [1] https://github.com/wso2-extensions/identity-governance/blob/master/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/handler/UserEmailVerificationHandler.java Kind regards, Dewni Weeraman -- Dewni Weeraman | Software Engineer | WSO2 Inc. (m) +94 077 2979049 | (e) [email protected] <[email protected]> <http://wso2.com/signature>
Documentation-User Stories and Solution.pdf
Description: Adobe PDF document
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
