<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D5KZ00001IC43r0ADOkta Classic EngineAuthenticationAnswered2025-09-29T15:55:54.000Z2025-09-18T02:22:25.000Z2025-09-29T15:55:54.000Z

VovN.86756 (Customer) asked a question.

September 18, 2025 at 2:22 AM
Can Okta enable including email verified in ID tokens for my org

Hi everyone,

I’m working with an OIDC integration where I need access to the email_verified claim inside the ID token. I’ve confirmed that:

  1. email_verified is available from the /userinfo endpoint when the email scope is requested.
  2. email_verified is available in the implicit flow.
  3. It does not appear in ID tokens when using the Authorization Code + PKCE flow.
  4. Creating a custom claim doesn’t solve the problem, since custom claims can only pull values from the Okta User profile (and email_verified is not a core profile attribute, but an internal Okta verification state).

 

We can't use the implicit flow or calling the /userinfo endpoint due to some security constrain.

 

For our use case, it would be ideal if Okta could include the standard email_verified claim in ID tokens, alongside email, when the email scope is requested.

 

Is it possible for Okta Support to enable this behavior for our org, or is there an alternative configuration we should use to have email_verified reliably emitted in ID tokens?

  • 3 answers
  • 192 views
This question is closed.
Loading
Can Okta enable including email verified in ID tokens for my org