I'm very new to about OpenID Connect Authentication! (also OAuth2.0 too..)
Anyway my question is,
"What is the necessary user-data things of the JWT?" ("sub" or "user-email"?)
And what is real mean as google sign in saying? I think, we can not change Google account's email, isn't it?
Note: A Google account's email address can change, so don't use it to identify a user. Instead, use the account's ID, which you can get on the client with getBasicProfile().getId(), and on the backend from the sub claim of the ID token.
The sub claim is required in an id_token, email is optional, see: http://openid.net/specs/openid-connect-core-1_0.html#IDToken. As you mention e-mail addresses can change, sub should not change and when combined with the iss claim that represents the Provider - Google in your case - it can be used to obtain a globally unique user identifier.