diff --git a/backend/src/app/auth/oidc.clj b/backend/src/app/auth/oidc.clj
index e69713d6c..145d04a79 100644
--- a/backend/src/app/auth/oidc.clj
+++ b/backend/src/app/auth/oidc.clj
@@ -520,17 +520,22 @@
 
     (redirect-response uri)))
 
-(defn- provider-matches-profile?
-  [{:keys [::provider] :as cfg} {:keys [props] :as profile}]
-  (or (= (:auth-backend profile) (:name provider))
-      (let [email-prop (qualify-prop-key provider :email)]
-        (contains? props email-prop))))
-
 (defn- provider-has-email-verified?
   [{:keys [::provider] :as cfg} {:keys [props] :as info}]
   (let [prop (qualify-prop-key provider :email_verified)]
     (true? (get props prop))))
 
+(defn- profile-has-provider-props?
+  [{:keys [::provider] :as cfg} profile]
+  (let [prop (qualify-prop-key provider :email)]
+    (contains? (:props profile) prop)))
+
+(defn- provider-matches-profile?
+  [{:keys [::provider] :as cfg} profile info]
+  (or (= (:auth-backend profile) (:name provider))
+      (profile-has-provider-props? cfg profile)
+      (provider-has-email-verified? cfg info)))
+
 (defn- process-callback
   [cfg request info profile]
   (cond
@@ -539,7 +544,7 @@
       (:is-blocked profile)
       (redirect-with-error "profile-blocked")
 
-      (not (provider-matches-profile? cfg profile))
+      (not (provider-matches-profile? cfg profile info))
       (redirect-with-error "auth-provider-not-allowed")
 
       (not (:is-active profile))
diff --git a/backend/src/app/rpc/commands/verify_token.clj b/backend/src/app/rpc/commands/verify_token.clj
index fc92727da..c23c2e993 100644
--- a/backend/src/app/rpc/commands/verify_token.clj
+++ b/backend/src/app/rpc/commands/verify_token.clj
@@ -83,17 +83,17 @@
 
 (defmethod process-token :auth
   [{:keys [conn] :as cfg} _params {:keys [profile-id] :as claims}]
-  (let [profile (profile/get-profile conn profile-id {::sql/for-update true})
-        props   (merge (:props profile)
-                       (:props claims))
-        profile (assoc profile :props props)]
-
+  (let [profile  (profile/get-profile conn profile-id {::sql/for-update true})
+        props    (merge (:props profile)
+                        (:props claims))]
     (when (not= props (:props profile))
       (db/update! conn :profile
                   {:props (db/tjson props)}
                   {:id profile-id}))
 
-    (assoc claims :profile profile)))
+
+    (let [profile (assoc profile :props props)]
+      (assoc claims :profile profile))))
 
 ;; --- Team Invitation