Based on the information provided in the knowledge sources, there could be several reasons why the email is missing in the response even though it's present in the data mapping for Google OIDC as SSO. Let's explore some possible causes and solutions: 1. Scope configuration: Make sure you've requested the correct scopes when setting up the OAuth flow. For Google, you should include both the

email

and

profile

scopes. As mentioned in the [Kratos Google Social Sign-in documentation](https://www.ory.sh/docs/kratos/social-signin/google#additional-configuration), you need to add these scopes in your configuration:

yaml
scope:
  - email
  - profile

2. Consent and permissions: Ensure that the user has granted permission to share their email during the OAuth consent screen. If the user didn't agree to share their email address, it won't be available in the response. 3. Claims configuration: Check if you've properly configured the requested claims in your Ory configuration. As shown in the [Kratos Google Social Sign-in documentation](https://www.ory.sh/docs/kratos/social-signin/google#additional-configuration), you should include the following in your configuration:

yaml
requested_claims:
  id_token:
    email:
      essential: true
    email_verified:
      essential: true

4. Data mapping: Review your Jsonnet data mapping to ensure it's correctly handling the email claim. Here's an example of a proper data mapping from the [Kratos Google Social Sign-in documentation](https://www.ory.sh/docs/kratos/social-signin/google#additional-configuration):

jsonnet
local claims = {
  email_verified: false,
} + std.extVar('claims');

{
  identity: {
    traits: {
      [if 'email' in claims && claims.email_verified then 'email' else null]: claims.email,
    },
  },
}

5. Identity schema: Ensure that your identity schema includes the email field and that it's properly configured to receive the email from the social sign-in provider. 6. Verify email in userinfo endpoint: If you're specifically looking at the userinfo endpoint and not seeing the email, it's possible that the email claim is being returned in the ID token instead. As mentioned in a [GitHub issue](https://github.com/ory/hydra/issues/2163), there's a discussion about not returning the email in the ID token but instead in the userinfo endpoint for specific response types. This behavior might vary depending on your Ory Hydra version and configuration. 7. Check for any caching issues: As suggested in a [GitHub issue comment](https://github.com/ory/network/issues/236), try clearing your browser cookies and cache, then attempt the login flow again. If you've verified all these points and are still not receiving the email in the response, it might be helpful to: - Double-check your Ory Network project configuration - Verify that you're using the latest version of Ory Kratos - Review the Ory Kratos logs for any error messages or warnings

Based on the information provided in the knowledge sources, there could be several reasons why the email is missing in the response even though it's present in the data mapping for Google OIDC as SSO. Let's explore some possible causes and solutions: 1. Scope configuration: Make sure you've requested the correct scopes when setting up the OAuth flow. For Google, you should include both the

email

and

profile

scopes. As mentioned in the [Kratos Google Social Sign-in documentation](https://www.ory.sh/docs/kratos/social-signin/google#additional-configuration), you need to add these scopes in your configuration:

yaml scope:   - email   - profile

2. Consent and permissions: Ensure that the user has granted permission to share their email during the OAuth consent screen. If the user didn't agree to share their email address, it won't be available in the response. 3. Claims configuration: Check if you've properly configured the requested claims in your Ory configuration. As shown in the [Kratos Google Social Sign-in documentation](https://www.ory.sh/docs/kratos/social-signin/google#additional-configuration), you should include the following in your configuration:

yaml requested_claims:   id_token:     email:       essential: true     email_verified:       essential: true

4. Data mapping: Review your Jsonnet data mapping to ensure it's correctly handling the email claim. Here's an example of a proper data mapping from the [Kratos Google Social Sign-in documentation](https://www.ory.sh/docs/kratos/social-signin/google#additional-configuration):

jsonnet local claims = {   email_verified: false, } + std.extVar('claims');  {   identity: {     traits: {       [if 'email' in claims && claims.email_verified then 'email' else null]: claims.email,     },   }, }

5. Identity schema: Ensure that your identity schema includes the email field and that it's properly configured to receive the email from the social sign-in provider. 6. Verify email in userinfo endpoint: If you're specifically looking at the userinfo endpoint and not seeing the email, it's possible that the email claim is being returned in the ID token instead. As mentioned in a [GitHub issue](https://github.com/ory/hydra/issues/2163), there's a discussion about not returning the email in the ID token but instead in the userinfo endpoint for specific response types. This behavior might vary depending on your Ory Hydra version and configuration. 7. Check for any caching issues: As suggested in a [GitHub issue comment](https://github.com/ory/network/issues/236), try clearing your browser cookies and cache, then attempt the login flow again. If you've verified all these points and are still not receiving the email in the response, it might be helpful to: - Double-check your Ory Network project configuration - Verify that you're using the latest version of Ory Kratos - Review the Ory Kratos logs for any error messages or warnings If the issue persists, you may want to reach out to Ory support or post a detailed description of your configuration and the steps you've taken to troubleshoot in the Ory Community Slack or GitHub issues.