openidconnect-rs has an optional feature, accept-rfc-3339-timestamps to allow non-OIDC-compliant parsing of timestamp if IDP responses. This is mandatory to obtain tokens on Auth0 when the profile scope is requested, otherwise an error is thrown because the updated_at field fails to parse.

I know it is sad that Auth0 does not follow the spec here, but it would be good for this CLI to be less strict to be more compatible.

I can send a PR if you don't have time and this is something you would be interested in merging.