Whether I’m using the Google social integration or the email/password sign in, I am only able to see the sub property and a few others I’m not interested in. The scopes which are requested and which show up in the token are:
Of note, even when I change this to just “email”, the above property appears the same (openid and profile are listed despite me not requesting them). I can see the email address as verified and visible in the User Management section of the Auth0 dashboard. When I click on “Raw JSON”, I can see the email, email_verified, etc. properties in the dashboard as well. So the email is known and available in all instances. What am I missing which would prevent the email property from being included in the generated access token?