I’ve tried that and a rule and i’m still not able to set the email_verified flag to true.
As for the email_verified flag, it’s a ‘protected’ attribute in regards to direct assignments, see this thread and my comments in there.
Basically, you cannot assign a value directly like this: user.email_verified = true; (or let’s say, just like this it doesn’t have any effect on the email_verified claim in the ID token).
As you can see in the example above, I also update the user via management API (like you do) as well and also add it in the ID token.
If your above code is the complete Rule, then the callback is missing; compare with the example in the linked post.