I think this is a corner case related to this field type. Both “Domain of Reporter” and “Domain of Assignee” types have special implications for privacy. Although I can’t entirely explain why some auth mechanisms allow access but not others, I do know this field has been kinda-sorta-deprecated because there are end-user requests to bring it back in the new issue view.
As such, I recommend:
- Comment, vote, and watch that issue.
- Consider using an alternate approach, like the email API, which does require a different App scope. Of course, this still requires some parsing of the domain from the email.