Hi @dgilman,
Welcome to the Auth0 Community!
Thanks for following up! The opened, profile, and email scopes are for user-centric transactions. Because you are performing a M2M machine operation, you only need to include the scopes for that transaction. In your case, it sounds like you just need to read user info, and that would require the read:users scope.