At community.letsencrypt.org, one of our users signed up using GitHub. They had an old, dead email address on their GitHub account. After signing up with Discourse, they removed the old, dead email address from GitHub. However, it’s still present in Discourse. When they go to their preferences page and try to update to a new email, they get a message saying a confirmation email has been sent. However, they never receive a confirmation email. When I change my own email, I do get the confirmation. Could this be linked to the OAuth setting? What should I do to further debug / fix?
Follow-up: Are you proposing to remove the connection at the Discourse end or the GitHub end? If you’re proposing to disconnect it at the Discourse end, where is the UI for that? And will the user be able to still log in once they’ve removed the OAuth connection?
Feature request: When doing email changes for moderators, it would be nice to include messaging about the dual-confirmation requirement, either in the Web UI when submitting the request, or by sending mail to both old and new addresses in parallel, and including a note about the dual confirmation in the mail that goes to the new address.