Okay, I’ve got it. I opened a ticket and got the answer. You cannot use any auth0 url in the namespace. I’m now using https://{my app}.{my company}.com/ as the namespace, and now it works, with the conditions noted below.
Additionally I worked out the following on my own. I was using the oauth/ro endpoint which is marked deprecated in the postman collection, because the oauth/token endpoint didn’t return user_metadata when the user_metadata scope was set, and I needed that metadata. However, now that I am inserting the data into the payload, I don’t need the raw user_metadata.
But I see the opposite occurring. The inserted data doesn’t show up in the oauth/ro endpoint but it does in the oauth/token endpoint.
Conclusions:
- Hoist all of the data you need to include into the payload via the rule.
- Use a namespace distinct from any auth0 url.
- Use the oauth/token endpoint to obtain the token.