But, the problem is that rule execute when the user login after he verified his account, but to reflect the list of the roles in the token the user needs to refresh the page or logout and login another time, but I need to execute the assign of the role with the email verification action
Unfortunately, rules only run after successful authentication, and the email verification link will not authenticate the user. The most similar flow possible when forcing email verification would look like this:
User signs up with database connection (email/password)
User is redirected back to the app with an unauthorized error and shown a message that they must first verify their email address.
The rule will send the user back to your app with an error in the URL.
Your app will use the error in the URL to display a user-friendly message.
The user will verify their email address and they will click a button to go back to the app (you will need to configure an Application Login URI to show the button on the email verification page when using the New Universal Login)
The user will have to log in again to be assigned the roles.