Based on the information provided in the knowledge sources, there are a few potential reasons why the email claim might be missing from the userinfo endpoint response, even when the email scope was requested. Let's explore these possibilities: 1. Email verification status: Some implementations only return the email claim if it has been verified. As mentioned in the [Ory Hydra API reference](https://www.ory.sh/docs/hydra/reference/api): "True if the End-User's e-mail address has been verified; otherwise false. When this Claim Value is true, this means that the OP took affirmative steps to ensure that this e-mail address was controlled by the End-User at the time the verification was performed." If the email hasn't been verified, it might be intentionally omitted from the userinfo response. 2. Data mapping configuration: In some cases, the email claim might be filtered out due to data mapping configurations. For example, in the [Auth0 integration documentation](https://www.ory.sh/docs/kratos/social-signin/auth0), there's a Jsonnet code snippet that only includes the email if it exists and is verified:

jsonnet local claims = {   email_verified: false, } + std.extVar('claims');  {   identity: {     traits: {       [if 'email' in claims && claims.email_verified then 'email' else null]: claims.email,     },   }, }

3. Provider-specific behavior: Some providers might have specific behaviors regarding claim inclusion. For instance, as mentioned in the [GitLab integration documentation](https://www.ory.sh/docs/kratos/social-signin/gitlab): "GitLab returns only the

sub

and

sub_legacy

claims in the

id_token

. Ory makes a request to GitLab's /oauth/userinfo API and adds the user info to

std.extVar('claims')

." 4. Webhook configuration: If you're using webhooks, there might be an issue with how the claims are being processed. As discussed in a [GitHub issue](https://github.com/ory/hydra/issues/3879), there was a problem where the email claim disappeared after enabling a webhook. To troubleshoot this issue, you could: 1. Check if the email is verified for the user in question. 2. Review your data mapping configuration to ensure it's not inadvertently filtering out the email claim. 3. Verify that your provider is correctly configured to return the email claim. 4. If you're using webhooks, ensure they're not interfering with the email claim. If none of these solutions work, you may need to investigate further or reach out to Ory support for assistance.

I apologize for the confusion in my previous response. You're right, and I understand now that you're referring to the email from the identity itself, not from social login. Let me provide a more relevant answer based on the information available in the knowledge sources. The issue you're experiencing, where the email claim is missing in the userinfo endpoint despite the email scope being requested, is actually a known problem that has been reported and discussed in the Ory community. According to a [GitHub issue in the ory/network repository](https://github.com/ory/network/issues/206), there's a bug where the email is missing from the ID token and /userinfo response when a consent is remembered. This issue occurs even when the email scope is explicitly requested during the OAuth2 login flow. The problem seems to manifest in the following way: 1. During the first OAuth2 login flow, when consent is given for the email scope, the ID token and the /userinfo response correctly include the email and email_verified claims. 2. However, in subsequent flows where the consent is "remembered" from the previous login, the ID token and the /userinfo response no longer contain the email and email_verified claims. This behavior is not expected, as the email claim should persist in the userinfo response as long as it was initially consented to and the email scope is requested. Unfortunately, the knowledge sources don't provide a direct solution to this problem. It appears to be a bug in the Ory system that needs to be addressed by the Ory team. If you're experiencing this issue, you might want to: 1. Verify if the problem occurs only when using remembered consent. 2. Check if clearing the remembered consent and re-authenticating resolves the issue temporarily. 3. Report your specific case to the Ory team, providing details about your setup and steps to reproduce the problem. For the most up-to-date status on this issue or potential workarounds, you may want to follow the GitHub issue or reach out to Ory support directly.