That part I can help with! Again you can use a rule, one that runs after the UUID rule, which adds profile data to the idToken and / or access token. Something like (this super basic code has not been tested):
function (user, context, callback) {
// Adds app_metadata.uuid to the idToken
var namespace = "https://yourdomain.com/claims/";
context.idToken[namespace + "uuid"] = user.app_metadata.uuid || "";
callback(null, user, context);
}
You might want to make that smarter by checking for the presence of the UUID attribute rather than blindly assigning something.