@ioemat Thanks. Those attributes do not allow setting permissions by design.

IIRC, the changes are to allow changing the username but only if e-mail as the username is enabled? In the [realm-user-profile.html](https://github.com/keycloak/keycloak/pull/12620/files#diff-6253c516750d37f94ca35be2ca61b504e14dc26aa8d8209cd1d207bd364e9826) don't we also want to take this into account when deciding whether or not the permission section should be visible?

Thanks for the feedback @pedroigor, good point. I'll have a look into that. Just wanted to mention that it may take some time, since I'm currently busy with other things, but I it's still on my list.

Hi @pedroigor, sorry for the long delay - I looked into the issue again, checked the changes and have a slightly different understanding:

• removing the condition in realm-user-profile makes the username and email fields visible be default
• the change in AccountPage.tsx hides the username field if:
  • RegistrationEmailAsUsername is true
    • in this case the username is derived from the email, so no need to display the username field
  • or the user has no access to the username attribute (attribute is not provided by the REST API in this case, thus undefined)
    • if the user has no access to the field it should not be shown

Please correct me if I get something wrong or I'm overlooking something that should be considered.

@ioemat I see. But why do you want to show the username in the admin console? It shouldn't change at all and it is properly handled internally.

The changes to the account console make sense to me.

@ioemat I see. But why do you want to show the username in the admin console? It shouldn't change at all and it is properly handled internally.

Sorry @pedroigor I was not precise enough in my last comment:

The change in the admin console is in the User Profile tab where attribute settings are configured.
It's about making the Permission section visible for username and email, so that permissions are configurable for these attributes. It's already like this when you use the keycloak.v2 theme.

(Branch rebased to current main and additional test for verify profile page added)

@ioemat This test is failing org.keycloak.testsuite.forms.VerifyProfileTest#testUsernameReadOnlyInProfile. Looks like the profile is fully updated so the current page is not expected (verify profile).

This only happens if running all tests, running in isolation works fine. I think we can just set an attribute to the config to make sure the verify profile page is shown?

Other than that, I run your version here and it looks great.

One thing though. Can we take the opportunity to also support the required marker when configuring the email attribute? If not, we can do a follow-up.

If you can fix the test, I'll approve and merge.

Thanks @pedroigor, I fixed the test (blame on me, I only tested it isolated ...)

Regarding #13923 (that's the issue with required flag for email, right?) I suggest to do a follow-up PR.
I can start working on this later today or tomorrow.

@ioemat Thanks for your patience :)