Most of what you’ve described seems correct so that’s good I don’t think the namespace you’ve used (auth0.com) will work per the guidelines here. Are you able to test using a different namespace or a non-namespaced value instead?
I also recommend checking out this post with regards to permissions:
I don’t think the namespace you’ve used (