Don’t get hung up on the phrase “existing token.” I don’t see where the OAuth spec has anything to do with this.
It should be totally possible for Twitch to generate a new token with just the client giving it an ‘add_scopes’ command, for example, and the new scope(s) requested. Twitch already has everything it needs to generate a new token.
Send the user through the user auth flow again. Twitch gets the same data it had in the first place when it generated the original token, but this time it’s just adding another scope to the list. It returns the same data to the callback URL, and everyone’s happy.
Should be totally doable, and I don’t see how that would violate any spec.
I don’t use UserVoice. I don’t agree with their privacy policy, and I don’t want yet another account on yet another site I don’t need. I feel like Twitch should have their own user suggestion forum on twitch.tv.