oauth2.dev

email_verified

OpenID_Foundation_Artifact_Binding_Working_Group

Registry Context

The email_verified claim is a boolean indicating whether the End-User's e-mail address has been verified.

Technical Summary

OpenID Connect Core defines email_verified as a Standard Claim with type boolean. A true value means the OP took affirmative steps to ensure the e-mail address was controlled by the End-User when verification occurred.

When Used

Used in OpenID Connect UserInfo responses or ID Tokens as a Standard Claim; the email scope requests access to both email and email_verified.

Normative Requirements

OpenID Connect Client

OPTIONAL
1
  1. openid-connect-core-1_0 - Section 5.4

    Use the email scope value to request access to the email and email_verified Claims..

    OPTIONAL. This scope value requests access to the email and email_verified Claims.

Validation Guidance

info

Validate email_verified as a JSON boolean when present.

info

Do not infer a universal verification method from this claim; the specification says the means of verification is context specific.

info

When modeling OpenID Connect scope behavior, the email scope requests access to email_verified along with email.

Security Notes

openid-connect-core-1_0 - Section 5.1

A true email_verified value only indicates that the OP took affirmative steps to verify control of the e-mail address at the time verification was performed; the verification method depends on the applicable trust framework or agreements.

Reference

Details

Entry Id
email_verified
Claim Name
email_verified
Claim Description
True if the e-mail address has been verified; otherwise false
Change Controller
OpenID_Foundation_Artifact_Binding_Working_Group
Reference
OpenID Connect Core 1.0 - Section 5.1