Hiya @chris-2,
So you'd like to have the claim that is not linked be set if present in the response? Would that solve your problem? Or is there some other solution that would solve your needs?
The reason we don't allow those claims to be changed in the lambda is that it's an escalation possibility.
One option (for a subset of your use cases) would be to store the value that is delivered from the identity provider in the user.data.email claim which is used for email specific functionality when no email address is available on the user.