Show email in Hydra userinfo context

src/main/kotlin/com/faforever/userservice/backend/hydra/HydraService.kt

@@ -142,12 +142,22 @@ class HydraService(
 
         val roles = listOf("USER") + permissions.map { it.technicalName }
 
+        val context = mutableMapOf(
+            "username" to user.username,
+            "roles" to roles,
+        )
+
+        if (OAuthScope.canShowEmail(consentRequest.requestedScope)) {
+            context["email"] = user.email
+            context["email_verified"] = true
+        }
+
         val redirectResponse = hydraClient.acceptConsentRequest(
             challenge,
             AcceptConsentRequest(
                 session = ConsentRequestSession(
-                    accessToken = mapOf("username" to user.username, "roles" to roles),
-                    idToken = mapOf("username" to user.username, "roles" to roles),
+                    accessToken = context,
+                    idToken = context,
                 ),
                 grantScope = consentRequest.requestedScope,
             ),

src/main/kotlin/com/faforever/userservice/backend/security/OAuthScope.kt

@@ -4,6 +4,11 @@ package com.faforever.userservice.backend.security
  * Contains pre-defined FAF scopes
  */
 object OAuthScope {
+    // OIDC scopes
+    const val EMAIL = "email"
+    const val PROFILE = "profile"
+
+    // FAF scopes
     const val PUBLIC_PROFILE = "public_profile"
     const val WRITE_ACHIEVEMENTS = "write_achievements"
     const val WRITE_EVENTS = "write_events"
@@ -16,4 +21,9 @@ object OAuthScope {
     const val READ_SENSIBLE_USERDATA = "read_sensible_userdata"
     const val ADMINISTRATIVE_ACTION = "administrative_actions"
     const val MANAGE_VAULT = "manage_vault"
+
+    fun canShowEmail(scopes: List<String>?) =
+        if (scopes == null) {
+            false
+        } else scopes.contains(EMAIL) || scopes.contains(PROFILE) || scopes.contains(PUBLIC_PROFILE)
 }