Thanks for your reply! I tried curl with the audience parameter included but I get the same result…
curl --request POST \
--url 'https://***.eu.auth0.com/oauth/token' \
--header 'content-type: application/x-www-form-urlencoded' \
--data 'grant_type=authorization_code' \
--data 'client_id=***' \
--data 'client_secret=***' \
--data 'code=***' \
--data 'redirect_uri=http://localhost:3000/callback' \
--data 'audience=https://***/'
I will do some digging into opaque tokens!
Cheers,
Matt