Cannot see the email in the access token AND userinfo Unauthorized

Hi there,
SETUP: python with FASTAPI, most of the code is copied from here: Build and Secure a FastAPI Server with Auth0.
GOAL: I want to be able to recognize/identify the user based on the token attached to the request.

I added the token rules [Add email to access token]: but I cannot see the email in the access token.
I copied the code below from auth0 application test menu.
First problem: I am able to receive the token, verify it (Build and Secure a FastAPI Server with Auth0) but the email is not inside the decoded token.
Second Problem: I cannot get the userinfo, it says I am Unauthorized, despite I am using the access token got directly from Auth0. Am I missing something on the Auth0 dashboard? Something wrong in the code?


import http.client
    import json

    conn = http.client.HTTPSConnection("YOUR_DOMAIN")

    payload = "{\"client_id\":\"CLIENT_ID\",\"client_secret\":\"CLIENT_SECRET1\",\"audience\":\"YOUR_DOMAIN\",\"grant_type\":\"client_credentials\"}"

    headers = {'content-type': "application/json"}

    conn.request("POST", "/oauth/token", payload, headers)

    res = conn.getresponse()
    data = res.read()
    data = json.loads(data.decode("utf-8"))
    access_token = data['access_token']
    result = VerifyToken(token=access_token).verify()
    print(result)
    import requests

   
    url = "https://YOUR_DOMAIN/userinfo"
    headers = {
        'Authorization': f'Bearer {access_token}'
        # 'content-type': "application/json"
    }
    print('headers', headers)
    response = requests.request("GET", url, headers=headers)
    print(response.text)

Hello there @loras welcome to the community!

I apologize for the delayed response, but wanted to check to see if you were able to resolve this issue?

How are you getting the Access/ID Token? The tutorial just grabs the access token from the “test” section of the API settings which is for a client credentials flow and will therefore not be associated with a user and thus have no /userinfo audience (required to use the access token against the userinfo endpoint).

Let us know!