Is there a way to prevent users from changing their email from their preferences in the profile page but still allow changes through the API?
I have a site that discourse is authing against (using the discourse-oauth2-basic plugin) and is using the API to change their email. Since the external id from the plugin seems to have no effect on the external id for the discourse site, and the “SSO overwrides…” settings only apply to the build in sso, right now I’m:
- Pulling all active users
- Determining their id from their current email
- Using the API to change their email (by id)
The problem is that if they change their email on discourse itself, I can no longer determine their site id and if I try to disable email changes on discourse, I get a forbidden error from the API as expected.