Ok, first of all, this is the only way I have managed to finally change the email of an user.
The culprit for me seemed to have been I provide the email in each sso authentication. I would then expect it to change in any subsequent login (since it works when a user gets registered for the first time I pretty much think the “&email=xxxx” part in the nonce (IIRC) should update it properly).
In the login setting the “sso overrides email” was on. So changes in the sso database should get reflected properly next time you log in? Logging off and logging in to force a new login has no effect.
But, once the “sso overrides email” is off, both the user and an admin can edit the email.
Hey presto! Hopefully this solves the problem for a few other people as well?
Makes sense, wonder why I missed that option earlier. Probably because I thought that exact option should handle it correctly.
So, is the “sso overrides email” the actual bug (apart from the process being overly complicated )?
Just reading the code it would seem so, sso emails do not propagate after the initial registration.
@sam, if needed I can give you the opened up sso details (uncoded message parts) but this is probably something that can be tested without me messing around any further.