The type of the email_verified (standard) claim is STRING. According to the specification [1] it should be BOOLEAN.
Current Example Returned by Apple: "email_verified": "true"
OpenID Standard Should Ve: "email_verified": true
[1]openid.net/specs/openid-connect-core-1_0.html#StandardClaims
The following documentation states the value could be either a Boolean or a string value:
email_verified
A string or Boolean value that indicates whether the service verifies the email. The value can either be a string (
"true"
or"false"
) or a Boolean (true
orfalse
). The system may not verify email addresses for Sign in with Apple at Work & School users, and this claim is"false"
orfalse
for those users.
Authenticating users with Sign in with Apple https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_rest_api/authenticating_users_with_sign_in_with_apple#3383773
Your implementation should handle both types for this value.
Cheers,
Paris X Pinkney | WWDR | DTS Engineer