No email or email_verified claim in Google ID token

1.3k Views Asked by manh At 23 June 2020 at 05:08

Our app allows users to sign in with Google account and uses Google API client library for ID token validation.

According to the Google doc, email claim is supposed to be contained in the ID token payload when the scope includes the email scope value.

However, I noticed in some cases, email or email_verifiedclaim is missing from the ID token payload though the email scope value is included.

Why is this happening? I suppose a Google account always has a verified email address on the profile.

Original Q&A

There are 2 best solutions below

Linda Lawton - DaImTo On 23 June 2020 at 07:08

I asked the team about this very question several years ago. They do not guarantee that the claims will come with every call.

The work around is

If you make a request to the userinfoendpoint

GET /oauth2/v2/userinfo HTTP/1.1
Host: www.googleapis.com
Content-length: 0
Authorization: Bearer [accessToken]

Response

{
  "picture": "https://lh3.googleusercontent.com/a-/AOh14GhroCYJp2P9xeYeYk1npchBPK-zbtTxzNQo0WAHI20", 
  "verified_email": true, 
  "id": "11720047553267277534", 
  "email": "[email protected]"
}

Assuming you have requested the email scope email and verified_email will return every time.

Arfairulazril On 26 June 2020 at 01:19

GET /oauth2/v2/userinfo HTTP/1.1
Host: www.googleapis.com
Content-length: 0
Authorization: Bearer [accessToken]

{
  "picture": "https://lh3.googleusercontent.com/a-/AOh14GhroCYJp2P9xeYeYk1npchBPK-zbtTxzNQo0WAHI20", 
  "verified_email": true, 
  "id": "11720047553267277534", 
  "email": "[email protected]"
}

No email or email_verified claim in Google ID token

There are 2 best solutions below

Related Questions in GOOGLE-OAUTH

Related Questions in GOOGLE-OPENIDCONNECT

Trending Questions

Popular # Hahtags

Popular Questions