I am using a Single Page Application type of application in auth0 and all CORS urls are setup properly.
Upon authorizing using the scope “openid profile”, I am confirming the auth, and receiving a valid JWT which has been signed by auth0 and containing the key “scope” set to “openid profile”. However, when I then contact the /userinfo service using that JWT as Bearer token, I receive only “sub” and “updated_at” fields. I also tried adding the “email” scope and this just adds the “email_verified” boolean without the actual email. I can see all of my user info in the raw JSON tab in the auth0 admin panel, so I know it’s all there. Am I missing something?