from dev group:
This is something I have been thinking about for some time. Currently when a user is created we need to send two requests. I think we could merge them and send a single one to the auth service and it would be responsible to send correct data to the reference data service. In this case from the UI perspective we have a single request to the backend. We would only need to disable some endpoints from the reference data for the users so they need to use endpoint in the auth service. Also in this case it should be easy to check if email address has been changed.
Example of the happy path:
the auth service gets a user creation/update request
verification of auth data
send reference data to the correct service and wait for response
save auth data to the database
user should not be able to call user create/update endpoint from the reference data
user should use the related endpoint from the auth service for user creation/update
the reference data part of user data should still be available in the reference data service.
update UI to use one endpoint
admin should still be able to create/update user on related screens
user should be still be able to update basic details on profile screen