Firebase Rule - Match document to user via email address

I'm trying to get a simple rule to work: If a document from my records collection contains an email (fatherEmail || motherEmail) that matches the email of the user logging in, allow that doc to be read. Not working - Missing or insufficient permissions.

Here are my rules: Cloud Firestore Rules

Per Firebase tech support the recommended way to retrieve the auth'd user's email address:

function getUserEmail(){ return request.auth.token.email; }

Here’s the Stackblitz: https://stackblitz.com/edit/login-and-match-record-mvce?file=src%2Fapp%2Fauth.service.ts

Login using a verified email: User: devcore2911@gmail.com Pass: foobar If you look at the console, you'll see the error I mentioned above.

My records collection contains one document that contains devcore2911@gmail.com as the value for thefatherEmail property so that doc should pull up: Matching Doc