Can't retrieve email property in access token despite being included in scope

Whether I’m using the Google social integration or the email/password sign in, I am only able to see the sub property and a few others I’m not interested in. The scopes which are requested and which show up in the token are:


Of note, even when I change this to just “email”, the above property appears the same (openid and profile are listed despite me not requesting them). I can see the email address as verified and visible in the User Management section of the Auth0 dashboard. When I click on “Raw JSON”, I can see the email, email_verified, etc. properties in the dashboard as well. So the email is known and available in all instances. What am I missing which would prevent the email property from being included in the generated access token?


My issue is likely due to confusion between access and ID token. When I use the universal login, I appear to get all details so I’m wondering if there’s a way to get all of those details in the single token which is being passed around as an auth token.