This is an ancient thread, but I’m going to drop a tip here in case it is useful to someone in the future. the email_verified field in idTokenClaims should be considered “read-only” by your app. It refers to whether the user email has been marked verified in the auth0 users database. If a user verifies their email e.g. by clicking an email verification link sent by Auth0, then this flag will be true. You can update the flag using the Management API by using the Update User endpoint, setting email_verified to true. Or if you’re creating the user yourself using the API and the email is known-good, you can set email_verified to true when the user is created with Create a user