It’s hard to know exactly what the issue could be, but if you are not getting the email claim back in the Access Token then something is off - Might I suggest that you take a look at using Actions instead? In particular, you will want to look at utilizing a Post Login Action, something like this:
exports.onExecutePostLogin = async (event, api) => {
// This adds the authenticated user's email address to the access token.
if (event.authorization) {
const namespace = 'https://MY_DOMAIN_DOT_COM';
api.accessToken.setCustomClaim(`${namespace}/claims/email`, event.user.email);
}
};