Is it possible to allow a user to change her/his e-mail address only upon its verification? currently it changes upon editing, but this, in some cases, is not preferable.
I see, that’s currently not possible. Kratos only knows logged in and not logged in and does not have a concept of permissions yet.
Why would you want to do that though in the first place? I think if you set up an email, and you have a typo, and you notice that typo, you should be able to change the email address to the correct one. With your approach, you would effectively lock out users who have a typo in their email!
@hackerman, if a user changes from one valid email address to another (in case he has several), then if her/he mistyped the new one, then he will have no way to recover his password if needed, or perhaps even blocked, in case the application logic requires a verified email account in order to proceed.
I see, that makes sense! We have a feature planned which would update the identity only after the verification email was clicked. This is currently not implemented but I assume would cover your use case, right?
The issue is this one: https://github.com/ory/kratos/issues/292