Erroneous client-side validation prevents renaming Federated ID users

Description

We're using umapi_client to sync local users to UMAPI federatedID users. One use case in this sync is renaming users.

When renaming a user, we want to change both the username and the email of the federatedID user, which umapi_client forbids.

user_action.update(email=lu.email, username=lu.email)
con.execute_single(user_action)

However, this fails due to this check in UserAction.update:

So we tried to follow the instructions in this error message (it claims that when chaning the email, the username will be changed as well):

user_action.update(email=lu.email)
con.execute_single(user_action)

However, the username is in fact not updated. Effectively, this prevents the affected user from logging in:

Our SAML IdP requires the user to sign in with the new email, and returns a corresponding assertion to auth.services.adobe.com
auth.services.adobe.com does not know this new email, so login fails.

Trying to set the username separately from the email fails due to another check in UserAction.update:

So we tried to circumvent this check:

user_action.update(email=local_user.email)
user_action.commands[-1]['update']['username'] = local_user.email
con.execute_single(user_action)

And see there, it works: Both the username and the email are updated, and the user can log in again.

Renaming a federatedID user should work without having to circumvent erroneous client-side checks:

Either remove the check and permit both username and email to be updated
Or umapi_client should do what the AttributeError above state and automatically update both username and email when only email is provided.