email_originalis up to you.
But, at the same time, I worry about UX, when a user changes capitalisation (or some other detail that doesn't matter for the address) and suddenly gets a new account.
I agree, that's bound to be confusing
firstname.lastname@example.org, will suddenly start logging in as
email@example.com is problematic sicne the broker can't easily react to that
token['email_verified']to be a boolean instead of the email address