Zitadel does not include email in User info inside ID Token

[LeVraiRoiDHyrule]

Hi,

I have an app that need and search for an email in user info or ID Token. According to the documentation here : https://zitadel.com/docs/guides/manage/customize/user-metadata#send-metadata-inside-the-id-token , activating User Info inside ID Token should result in the following infos being sent:

{
  "amr": [
    "password",
    "pwd",
    "mfa",
    "otp"
  ],
  "at_hash": "lGIblkTr8faHz2zd0oTddA",
  "aud": [
    "170086824411201793@portal",
    "209806276543185153@portal",
    "170086774599581953"
  ],
  "auth_time": 1687418556,
  "azp": "170086824411201793@portal",
  "c_hash": "dA3wre4ytCJCn11f7cIm0A",
  "client_id": "1700...1793@portal",
  "email": "road.runner@zitadel.com",
  "email_verified": true,
  "exp": 1687422272,
  "family_name": "Runner",
  "given_name": "Road",
  "iat": 1687418672,
  "iss": "https://...-abcd.zitadel.cloud",
  "locale": null,
  "name": "Road Runner",
  "preferred_username": "road.runner@...-abcd.zitadel.cloud",
  "sub": "170848145649959169",
  "updated_at": 1658329554,
  "urn:zitadel:iam:user:metadata": {
    "ContractNumber": "MTIzNA"
  }
}

The email field here is what I need. But that is not what I get when I enable this setting. Here is what I get in my ID token:

{
  "iss": "https://api.auth.redacted.com",
  "sub": "263932904613216259",
  "aud": [
    "264080136108834819@redacted",
    "265257631239700483@redacted",
    "265976263691272195@redacted",
    "264077012140883971@redacted",
    "264076946105696259"
  ],
  "exp": 1715109937,
  "iat": 1715066737,
  "auth_time": 1715065357,
  "nonce": "zdUxTF9WZf4MNlP5WRbjDg",
  "amr": [
    "password",
    "pwd"
  ],
  "azp": "264077012140883971@redacted",
  "client_id": "264077012140883971@redacted",
  "at_hash": "ssA-jWkMYUKvtc2HORQGcQ",
  "c_hash": "82qCtXhcMi1SLjIxviF0Dg",
  "name": "ZITADEL Admin",
  "given_name": "ZITADEL",
  "family_name": "Admin",
  "locale": "en",
  "updated_at": 1713812271,
  "preferred_username": "zitadel-admin@zitadel.auth.redacted.com"
}

As you can see, there is no email field. But my user does have a verified email, so why is it not including it in the token?

Thanks in advance for any answer, have a nice day.

[hifabienne]

which scopes did you send on the authrequest? did you include openid, email, profile?

[LeVraiRoiDHyrule]

Thanks, I had email and profile but I was missing openid. I've added it to the scopes the application requests and now I have it in the ID token. Have a nice day