email_ verified
Registry Context
The email_verified claim is a boolean indicating whether the End-User's e-mail address has been verified.
Technical Summary
OpenID Connect Core defines email_verified as a Standard Claim with type boolean. A true value means the OP took affirmative steps to ensure the e-mail address was controlled by the End-User when verification occurred.
When Used
Used in OpenID Connect UserInfo responses or ID Tokens as a Standard Claim; the email scope requests access to both email and email_verified.
Normative Requirements
OpenID Connect Client
openid-connect-core-1_0 - Section 5.4
Use the email scope value to request access to the email and email_verified Claims..
OPTIONAL. This scope value requests access to the email and email_verified Claims.
Validation Guidance
Validate email_verified as a JSON boolean when present.
Do not infer a universal verification method from this claim; the specification says the means of verification is context specific.
When modeling OpenID Connect scope behavior, the email scope requests access to email_verified along with email.
Security Notes
openid-connect-core-1_0 - Section 5.1
A true email_verified value only indicates that the OP took affirmative steps to verify control of the e-mail address at the time verification was performed; the verification method depends on the applicable trust framework or agreements.
Reference
Details
- Entry Id
email_verified - Claim Name
email_verified - Claim Description
True if the e-mail address has been verified; otherwise false- Change Controller
OpenID_Foundation_ Artifact_ Binding_ Working_ Group - Reference
OpenID Connect Core 1.0 - Section 5.1