Usually POST is non idempotent. But if, for example, database doesn't allow duplucates (user registration), then POST adds a user on the first call and then when performing again returns 409. Is POST idempotent in this case? I mean, does this behavior meet the definition of idempotency?
When a HTTP method is defined as non-idempotent, it means that there are not guarantees.
However, any of these methods can still have idempotent behavior. It's just that generic clients can't assume either way.
Similarly, if a method is defined as non-safe, they might still not have side-effects.