Still running into a bit of trouble - the high level makes sense, and adding the connection_scope parameter properly informs the user that we’re requesting phone numbers in the consent screen. However, the rule seems to error out with:
{
error: "access_denied",
error_description: "Cannot%20read%20property%20'0'%20of%20undefined",
state: "S5O...4r1"
}
Looks like user.identities in the rule is undefined for some reason. Not sure what user.identities is supposed to be (looks like there’s a markdown error on User Object Properties in Rules)
I also wasn’t able to use the Google API call to decode the access token - according the SO answer, it looks like they use a new endpoint (https://oauth2.googleapis.com/tokeninfo?id_token={token}), but neither one works - not a big deal, but makes it kind of hard to debug. I tried pasting the returned access token into both, and it returned:
{
"error": "invalid_token",
"error_description": "Invalid Value"
}
Main question at this point: what is user.identities and why might it be undefined? Is it possible the access token is somehow invalid, as indicated by the Google API? We can still retrieve GET /userinfo properly if I disable the rule, so I’m not too confident on that idea.