To test which scopes (such as email) are being returned from an OAuth client in Ory, you should: 1. Configure your OAuth2 client to request the desired scopes (e.g., openid, email) when initiating the authorization flow. For example, when creating an OAuth2 client, you can specify the scopes:

ory create oauth2-client --project "$PROJECT_ID" \      --name "Example Client" \      --grant-type authorization_code \      --response-type code \      --scope openid --scope email \      --redirect-uri <http://localhost:3000/callback>

[Add OAuth2 and OpenID Connect to your ExpressJS app](https://www.ory.sh/docs/getting-started/oauth2-openid/add-oauth2-openid-connect-nodejs-expressjs) 2. Perform the OAuth2 authorization flow with your client, making sure to request the relevant scopes (e.g., openid, email). 3. Inspect the returned ID token and/or call the /userinfo endpoint to see which claims are present. For example, after obtaining an access token, you can introspect the token or call the /userinfo endpoint:

js    import { Configuration, OAuth2Api } from "@ory/client"     const ory = new OAuth2Api(      new Configuration({        basePath: `https://${process.env.ORY_PROJECT_SLUG}.<http://projects.oryapis.com|projects.oryapis.com>`,        accessToken: process.env.ORY_API_KEY,      }),    )     export async function introspectToken(accessToken) {      const { data } = await ory.introspectOAuth2Token({ token: accessToken })      data.active // true or false    }

[OAuth 2.0 token introspection](https://www.ory.sh/docs/hydra/guides/oauth2-token-introspection) Or, to check the /userinfo endpoint:

curl 'https://<project slug>.<http://projects.oryapis.com/userinfo|projects.oryapis.com/userinfo>' \      -H 'Authorization: Bearer <Access Token>' -XPOST

[Github Issue: Email is missing from the ID token and /userinfo response when a consent is remembered](https://github.com/ory/network/issues/206) 4. Check for the presence of the email and email_verified claims in the ID token or /userinfo response. If the email scope was requested and consented to, these claims should be present. Note: If you use "remember my decision" in the consent UI, be aware of a known issue where the email and email_verified claims may be missing in subsequent flows when consent is remembered. This is being tracked and fixed by Ory, and you can follow updates in their changelog [here](https://changelog.ory.sh/) [Github Issue: Email is missing from the ID token and /userinfo response when a consent is remembered](https://github.com/ory/network/issues/206). In summary: - Request the desired scopes in your OAuth2 flow. - Complete the flow and obtain tokens. - Inspect the ID token or /userinfo response for the claims associated with those scopes.