The registration endpoint in the identity API is very powerful; it can update the first and last name of any user in Sierra. If somebody found a way to abuse this endpoint, it would be bad!
This endpoint should only be used when after a user is signing up for the first time, which means their account will be in a known state. In particular, they'll have the placeholder name we give to all new users:
To give us an extra level of protection, the identity API endpoint should look for this placeholder name, and refuse to update a patron with a different name.
The registration endpoint in the identity API is very powerful; it can update the first and last name of any user in Sierra. If somebody found a way to abuse this endpoint, it would be bad!
This endpoint should only be used when after a user is signing up for the first time, which means their account will be in a known state. In particular, they'll have the placeholder name we give to all new users:
To give us an extra level of protection, the identity API endpoint should look for this placeholder name, and refuse to update a patron with a different name.