I'm pretty sure what I'm trying to do is not currently supported at this point.
Essentially the docs don't make it clear, but I believe the manifest files and actions only apply to applications run from the Itch client application, and do NOT seem to apply to hosted HTML5 games on itch.io
Furthermore you can not make calls to the server side API from inside a hosted HTML5 app on itch.io due to CORS
Even using a CORS proxy to circumvent this a call to "https://itch.io/api/1/jwt/me" will not return the currently logged in itch user.
At this point I have to assume there is no valid way to get the currently logged in itch user from a hosted HTML5 game.... which is a bummer.
Creating a OAuth flow is a lot of overhead when all you want to do is verify who's running the game.