Email: trigger email verification flow (#85587)

* Add email and email_verified to id token if identity is a user

* Add endpoint to trigger email verification for user

* Add function to clear stored id tokens and use it when email verification is completed

pkg/services/auth/idimpl/service.go

@@ -90,7 +90,7 @@ func (s *Service) SignIdentity(ctx context.Context, id identity.Requester) (stri
 		}
 
 		if identity.IsNamespace(namespace, identity.NamespaceUser) {
-			if err := s.setUserClaims(ctx, identifier, claims); err != nil {
+			if err := s.setUserClaims(ctx, id, identifier, claims); err != nil {
 				return "", err
 			}
 		}
@@ -130,7 +130,11 @@ func (s *Service) SignIdentity(ctx context.Context, id identity.Requester) (stri
 	return result.(string), nil
 }
 
-func (s *Service) setUserClaims(ctx context.Context, identifier string, claims *auth.IDClaims) error {
+func (s *Service) RemoveIDToken(ctx context.Context, id identity.Requester) error {
+	return s.cache.Delete(ctx, prefixCacheKey(id.GetCacheKey()))
+}
+
+func (s *Service) setUserClaims(ctx context.Context, ident identity.Requester, identifier string, claims *auth.IDClaims) error {
 	id, err := strconv.ParseInt(identifier, 10, 64)
 	if err != nil {
 		return err
@@ -140,6 +144,9 @@ func (s *Service) setUserClaims(ctx context.Context, identifier string, claims *
 		return nil
 	}
 
+	claims.Email = ident.GetEmail()
+	claims.EmailVerified = ident.IsEmailVerified()
+
 	info, err := s.authInfoService.GetAuthInfo(ctx, &login.GetAuthInfoQuery{UserId: id})
 	if err != nil {
 		// we ignore errors when a user don't have external user auth