Hi @djfy,
I reviewed your Post Login action script and noticed that you used a non-namespaced custom claim ( user_metadata), which is not allowed when generating access tokens with an Auth0 API audience.
To avoid this conflict, you should use collision resistant namespaced custom claims.
Please refer to our Adding custom claims to tokens knowledge solution for an example.
Cheers,
Rueben