They are setup identically, and I’ve tried lots of different settings for the eu one trying to get a different result with no luck. The problem is that the EU site doesn’t return a populated user_json:
The key fix was the scope needs to be passed to the authorize url value (I also updated all my oauth2 json values to match what you have above once I was getting a json result back from Auth0).
Rather than adding the scope directly to the URL though, there actually is somewhat recent addition to the discourse oauth2 basic plugin that adds a scope field to the site settings, so that you can have these settings:
Sorry for the trouble here, my old Auth0 account still works without adding the scope fields to the auth url, but my new Auth0 account (and everyone elses!) needs them. Looks like this is in the auth0 oauth2 docs, so I probably should have read them!
scope: A space-delimited list of permissions that the application requires.
I can confirm that following the updated docs on the Discourse thread results in Auth0 working and the required data being populated! Hurrah, thanks so much everybody for helping us get to the bottom of this!