fix(clients): update email validation

lib/auth.js

@@ -35,11 +35,11 @@ exports.strategy = function() {
         if (details.scope.indexOf(exports.SCOPE_CLIENT_MANAGEMENT) !== -1) {
           logger.debug('check.whitelist');
           var blocked = !WHITELIST.some(function(re) {
-            return re.test(details._email);
+            return re.test(details.email);
           });
           if (blocked) {
             logger.warn('whitelist.blocked', {
-              email: details._email,
+              email: details.email,
               token: tok
             });
             return reply(AppError.forbidden());

lib/token.js

@@ -23,15 +23,11 @@ exports.verify = function verify(token) {
 
     // token.scope is a Set/Array
     if (token.scope.indexOf('profile') !== -1 ||
-        token.scope.indexOf('profile:email') !== -1) {
+        token.scope.indexOf('profile:email') !== -1 ||
+        token.scope.indexOf(auth.SCOPE_CLIENT_MANAGEMENT) !== -1) {
       tokenInfo.email = token.email;
     }
 
-    // the schema validator for /v1/verify will prevent _email from leaking
-    if (token.scope.indexOf(auth.SCOPE_CLIENT_MANAGEMENT) !== -1) {
-      tokenInfo._email = token.email;
-    }
-
     return tokenInfo;
   });
 };