Before reporting an issue

• I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

Area

authentication

Describe the bug

When users log in using a custom Identity Provider (IDP), if the IDP returns the email address with uppercase letters, it causes a case sensitivity issue. This discrepancy leads to the system treating the email as different from the previously registered or verified email, even if the characters are the same but in different cases (e.g., "[email protected]" vs. "[email protected]"). As a result of this case sensitivity, users are prompted to verify their email address every time they log in.

Version

25.0.2

Regression

• The issue is a regression

Expected behavior

The verification of email should only happen when the user signs up.

Actual behavior

The verification of email happens every time the user logs in.

How to Reproduce?

1. Create a user on Keycloak.
2. Set up an IDP.
3. Login using an IDP with the same email with upper case letters.
4. Log out and log in again.

Anything else?

No response