Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

:wave: Hello. I’m looking to implement google SSO for our app. Currently we require a verified email for a user to access our app & trust googles `email_verified` claim in the identity token they provide to do this.

Having done a basic PoC for this - it looks like ory doesn’t (at least with the default claims mapper). What is the best way of accomplishing this?.

I was thinking

• Storing the `email_verified` claim from googles identity token in the admin metadata in the claims mapper
• Using an after registration webook to then read that and update the identity with a verified email address.
Or is there a way I can do this just in the claims mapper?

Figured this out with the help of <#C0522079BS5|>

You can modify verified addresses directly in the claims mapper

```    verified_addresses: std.prune([  
      // Carry over verified status from Social Sign-In provider.  
      if 'email' in claims &amp;&amp; claims.email_verified then { via: 'email', value: claims.email },  
    ]),  ```