Seems you are referring to the account pending status feature in WSO2 IS.
It supports in three user onboarding scenarios as mentioned in the doc:
- Self-registration
- On-boarding users with Ask password
- On-boarding user with Email Verification
In these scenarios initially onboarded user is locked and, upon some verification, the account will be unlocked. That account status changes are tracked in account state claim. That should be the functionality you have mentioned in point one.
In point two, you may be referring to Enable Email Account Verification for an Updated Email Address feature. In this scenario, we do not lock the user account. It just waiting to change the user's email until he/she approves the newly changed email. The new email is kept in Verification Pending Email claim until the user confirms it.
Since user account locking is not required for email changing, PENDING_AP status change to UNLOCKED doesn't have any sense in this user scenario.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…