The UUID thing was just an example. You need to modify the rule to add the metadata attributes you are interested in to your ID and / or access tokens. I have a couple more simple examples at the link below, but your best bet are the sample Rules that are available in the management console and the examples in the documentation:
You do need an access token to call /userinfo. In your example above, it looks like you are using the client credentials grant type (“grant_type=client_credentials”). You should be using the authorization code grant type instead.