Hi @hez,
It looks like this may be because you are using an Auth0 domain.
I tested it and was not able to get the claims in my token with this rule. Changing to a non-auth0 domain fixed it for me. Take a look at this thread for more detail:
Please let me know if this works.