The user is able to update his/her Email without verification overwriting existing email (verified).
If User don't verify or has entered wrong email while updating then email is still updated in the system with unverified state.
We don't have any option to roll back to the old email if the user is not able to verify his/her email.
Is there any option where the user's new email can be updated in the system only when he verifies his email otherwise old email will remain unchanged with a verified state?
Using the following API to update the email:
PATCH /api/user/{userId}
{
"user": {
"username": "user@mail.com",
"email": "user@mail.com"
}
}