Facebook Security Fix

@WebImage reported that Facebook sometimes sends an empty emailVerified string, presumably when the user verifies their Facebook account with their phone number. Before this fix, if several users sign in with empty emailVerified string, they may get logged into the wrong account. This fix adds check for empty string and if so, throws same exception as if emailVerified was missing.