I am setting up Twitch as a Fusionauth “OpenID Connect” Identity Provider.
However, although I am specifying scopes like “user:read:email user_read user:edit openid” I am not receiving any kind of email attribute / info in the resulting ID token:
It seems that Twitch requires claims to be sent as well (which is not supported by Fusionauth. it seems) and does not honor the given scopes, which it should: https://dev.twitch.tv/docs/authentication/#scopes
I do not see a fault in the documentation.user:read:email (or the other user related scopes) does not grant access to the users email when calling OpenID and it’s user info endpoint, that requires a claim.
If you request the right claims then the userinfo endpoint will include that data.
if you include other scopes then you also get back a regular oAuth token that you can use against the none OpenID related endpoints.
The docs
state that the scope MUST include openid
scope string Space-separated list of scopes. This must include the openid scope.
if you include other scopes that doesn’t change the data openID returns, just gives you a standard oAuth token that can be used on the “regular” Twitch API