I get the same behavior… using oauth/ro, I only have to add the user_metadata scope (no rule needed) to get all of the user_metadata (in a field of that name) into the JWT payload.
If I try to use the oauth/token endpoint, I get a valid login token, but no user_metadata, even if user_metadata is added to the scope. Using the rule above, I still get nothing added to the JWT payload.
Since the oauth/ro endpoint is marked as deprecated in the postman collection (but not actually in the docs though, which saddens me), I too would like an answer as to how I can actually put user metadata into the the JWT payload using the non-deprecated oauth/token endpoint.