No email or email_verified claim in id token

t-davies · August 3, 2018, 3:55pm

I’m trying to integrate with AWS Cognito, however the id_token I get back from Twitch doesn’t seem to contain the users email address. I’ve tried various combinations of scopes including “user_read” and “user:read:email” (along with “openid”) but it is never returned.

The docs and .well-known endpoint seem to indicate that “email” is a supported claim so not sure what else is required here?

Edit: it also doesn’t come back from the userinfo endpoint Given up on Cognito and implementing our own IdP now… but still means we’ll have to make a call to the Twitch API to get these details after sign in unless this is fixable.

BarryCarlyon · August 6, 2018, 10:18pm

After seeing your post.

And then testing it

And then having it not working

And then had a DM with Some TwitchDevs about something else, where I mentioned this post.

Here is the answer:

NodeJS:

    var url = oidc_data.authorization_endpoint
        + '?client_id=' + config.twitch.client
        + '&redirect_uri=' + config.twitch.redirect
        + '&response_type=code'
        + '&scope=' + oidc_data.scopes_supported.join('+')
        + '&claims=' + JSON.stringify({
                                                userinfo: {
                                                    email:null,
                                                    email_verified:null,
                                                    picture:null,
                                                    preferred_username:null
                                                }
                                            });

Where oidc_data is the output of https://id.twitch.tv/oauth2/.well-known/openid-configuration

Where this URL is the URL you would redirect people to, in order to authenticate with Twitch.

system · September 5, 2018, 10:19pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.