Service Desk Customers retrieving issue create metadata through REST API

I want to allow JSM Cloud Customer-type users to retrieve the issue create metadata for individual request types through the Cloud REST API(s). As far as I can tell there are two ways to do this, but neither of them is doing everything I need.

The first option:
Get Request Type Fields in the Jira Service Management REST API works out-of-the-box for Service Desk Customer users, but for some reason is not including the custom fields for the request, which makes it almost useless. I have tried adding the documented “expand=hiddenFields” query string parameter, but still no custom fields are returned. Is it expected that custom fields are omitted from this response? Is there another way to get the full field list through a Service Management REST API?

The second option:
Get create issue metadata in the Jira REST API provides all the fields, which is great, but seems to only work for Customer users if the “Create Issues” permission for the project allows “Public” access, which is definitely not ideal. I have tried granting this permission to all of the following: “Service Desk Customers” project role, “Any logged in user”, “Application access” - “Jira Service Desk”, “Group” - “jira-servicedesk-users”, “Service Project Customer - Portal Access”, “Single User - [SD Customer User I am testing with]”… None of these are working. Accessing the API endpoint returns a 403 - forbidden in all of these cases unless I enable the “Public” access permission here. Is this a bug or am I misunderstanding how this permission is used by this endpoint? The documentation makes it seem as if any user with this “Create Issues” permission should be able to access this endpoint, so one of the settings more restrictive than “Public” should work.