If a user is allowed to change the username and/or the email address, the UCP requires the current password. However, if an external auth provider is used, there is no current password in phpBB. Thus, the username/email cannot be changed.

Suggestion: Don't ask for current password, but ask external auth provider for valid login.

Edit: Just to clarify: My external auth provider is based on email + password. "Username" is a concept that applies only to the forum. So I can't sync the username with the external one on login, because it simply doesn't exist. Hence, the "change username" functionality must remain in the forum. The email address on the other hand is managed through the external auth provider, but obviously, maybe someone else has a different scenario and wants to manage the email address through phpBB.