flaky-kilobyte-10585
06/06/2025, 9:17 AMbrief-egg-61061
06/06/2025, 9:17 AMbrief-egg-61061
06/06/2025, 9:17 AMverified_addresses
field, using the email_verified
claim from Google: jsonnet local claims = { email_verified: false, } + std.extVar('claims'); { identity: { traits: { [if 'email' in claims && claims.email_verified then 'email' else null]: claims.email, given_name: claims.given_name, family_name: claims.family_name, }, verified_addresses: std.prune([ // Carry over verified status from Social Sign-In provider. if 'email' in claims && claims.email_verified then { via: 'email', value: claims.email }, ]), }, }
2. Ensure your identity schema marks the email as verifiable: json { "traits": { "email": { "type": "string", "format": "email", "<http://ory.sh/kratos|ory.sh/kratos>": { "verification": { "via": "email" } } } } }
With this setup, when a user signs up via Google and Google marks their email as verified, Ory will automatically mark the email as verified in the user's identity. This only works if the email is present in the identity's traits and is marked as verifiable in your schema. If these conditions are not met, the verified status will not be carried over [Carry over verified status from Social Sign-In](https://www.ory.sh/docs/kratos/self-service/flows/verify-email-account-activation#carry-over-verified-status-from-social-sign-in). Important: Never trust unverified email addresses from social providers. Always check the email_verified
claim before marking an email as verified [Emails and phone numbers](https://www.ory.sh/docs/kratos/social-signin/data-mapping#emails-and-phone-numbers).