Question concerning an auth tutorial

I’ve been trying to follow a combination of these two tutorials to build auth. The code between them is almost identical, although one is for API and the other not, and more importantly to me, one is tested and the other not. Though it feels very frustrating that I’m doing this at all, like reinventing the wheel, but anyway…

So, what is the point of the User module having both a changeset and a registration_changeset? And maybe more importantly, why put the password in the registration_changeset and the email in the basic changeset? It seems like the reason to use these would be that you have some things you want to set on registration to not be allowed to be edited later, but if anything, it would be the other way around, not allowing a change of emails and allowing changed password.

The registration changeset is for signup.

You can choose the changeset for different contexts.

Note also that the registration changeset includes the normal one.

I guess I framed the question poorly. I realize that the registration changeset is for signup, I just don’t get why the password change would be only there and the email would be in both.