Because otherwise anyone could make an authentication provider that's authenticating as you@gmail.com and assume your identity.
Remember that the goal is to delegate authentication, user profile and/or user creation. It's implicitly trusting everything coming from the third party. For instance when supporting google login, it's expected that google only validate user accounts that really exist and are hosted by google.
Authentication cannot be bound to any email or format.
For instance when using google authentication, the user and the email can be anything, because google apps support custom domains for paying customers.
For instance when using google authentication, the user and the email can be anything, because google apps support custom domains for paying customers.
Remember that the goal is to delegate authentication, user profile and/or user creation. It's implicitly trusting everything coming from the third party. For instance when supporting google login, it's expected that google only validate user accounts that really exist and are hosted by google.