logto/.changeset/witty-rivers-laugh.md

---
"@logto/core": patch
---

prevent user registration and profile fulfillment with SSO-only email domains

Emails associated with SSO-enabled domains should only be used through the SSO authentication process.

Bug fix:

- Creating a new user with a verification record that contains an SSO-only email domain should return a 422 `RequestError` with the error code `session.sso_required`.
- Updating a user profile with an SSO-only email domain should return a 422 `RequestError` with the error code `session.sso_required`.
fix(core): add sso only email guard (#6576) * fix(core): add sso only email guard add sso only email guard to registration and profile fulfilling flow * chore: update changeset update changeset * chore(core): update content update content * fix(core): update content update content 2024-09-13 17:34:37 +08:00			`---`
			`"@logto/core": patch`
			`---`

			`prevent user registration and profile fulfillment with SSO-only email domains`

			`Emails associated with SSO-enabled domains should only be used through the SSO authentication process.`

			`Bug fix:`

			- Creating a new user with a verification record that contains an SSO-only email domain should return a 422 `RequestError` with the error code `session.sso_required`.
			- Updating a user profile with an SSO-only email domain should return a 422 `RequestError` with the error code `session.sso_required`.