When you authenticate a user by using OpenID Connect and request the email scope, most identity providers add two additional claims to the ID Token, email and email_verified. The email claim does not need much explanation – but what about email_verified, what does this claim indicate and how does Google populate it? The email_verified claim is defined as part of the OpenID Connect standard claims set as: True if the End-User's e-mail address has been verified; otherwise false. When this Cla...
