@ikakavas Resorted to debugging this locally and it seem AWS is returning claims with values of different types in token request vs user info:
"email_verified": true
vs
"email_verified": "true"
Parsing fails and as a result the authentication times out. Removing one of the claims before the merge happens fixes this problem and authentication is possible. Worth noting that there is nothing logged about this error, its simply times out.
Checking why AWS insists on sending the email_verified claim even when I set the scope to openid only