In future you should be more specific about technologies as otherwise it’s harder and slower to provide definitive responses. Based on the code I can assume .NET and if I recall correctly
ClaimsPrincipal.Current is not recommended/usable in .NET Core so you have some other variation of a .NET application.
With the above in mind and given that you’re already including the
email scope the most likely issue is that the .NET JWT validator performs claims translation for the most common ones so the
email claim coming from the ID token is getting mapped to another one. I did my tests with .NET Core and although you’re likely not using that the claim mapping is something common so if you do the following:
it may address the situation. If not you should really be much more specific about your scenario and include relevant code snippets and steps to reproduce.