Description
User update API's cannot modify a User when FusionAuth is not the source of record
Problem
Background: This relates to issue #1438 with regard to multi-factor configuration on a user not being preserved on a subsequent external connector login. We decided that the connector reconciliation process is working by design since the external connector is the user source of record.
This leads to the broader topic as to whether we should allow any updates to a User with this type of connector configuration. Currently, we allow updates, but on a subsequent login, if FusionAuth is not the source of record, the synchronization process will not preserve these. Thus, updates are lost.
Solution
Do not allow User update API's to modify a User where FusionAuth isn't the source of record. The intent being to make it clear that external connectors manage User objects.
Alternatives/workarounds
Leave as-is and document that User configuration is not preserved via external connector authentication.
Community guidelines
All issues filed in this repository must abide by the FusionAuth community guidelines.
How to vote
Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.