In order to give the end user more control, applications may be developed to have dynamic scopes, which currently is on the third-party developer's side to manage, such as providing a list of checkboxes to determine which permissions to grant.
I suggest adding a parameter to <id.twitch.tv/oauth2/authorize> to turn the listed permissions into checkboxes, and only the checked permissions returned in the scope list that accompanies the resulting token. This will make the user's interaction with the permissions feel more seamless, as well as prevent "backouts" when the user is presented with a list of access permissions they can't "un-choose".