Email updated through account API does not remove email verified flag

Skip to first unread message

Perot Francis

Oct 12, 2021, 10:35:33 AMOct 12
to Keycloak Dev

Hi everyone,


We recently migrated from KC8 to KC14 but we noticed that when updating an email through the account API, the email verified flag was not reset.

Is this something we are expecting in the recent versions or is it something that was not seen after recent changes to manage some values as attributes?


In order to keep the same behavior as previously, we solved this by just overriding the matching API method (for our needs, we already were extended


public Response updateAccount(UserRepresentation rep) {
boolean emailUpdated = user != null && rep.getEmail() != null && !rep.getEmail().equalsIgnoreCase(user.getEmail());
Response resp = super.updateAccount(rep);
(emailUpdated && resp.getStatus() < 400) {
         * EmailVerified is not updatable through KC API in version 14.0
return resp;



Francis Pérot



ELCA Informatique SA |

Tour Balexert – Avenue Louis-Casaï 18 | CP | CH - 1211 Genève 28


This message may contain confidential and/or privileged information. If you are neither the addressee nor authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please contact the sender and delete this message. Thank you.




PS: I offered my help at beginning of 2020 to help reducing the technical debt using some static analysis tools. I only checked a little part of the code and I identified some bugs but I had no time to communicate them. Most bugs I identified have been already fixed.

  • In some rare cases, a NullPointerException could be thrown in, statusCode.setStatusCode(subStatusCodeType); (statusCode can be null)
  • In TLSUtils#33 and #46, there are ;; (not an issue but not necessary)
Reply all
Reply to author
0 new messages