Thanks for helping out on this one @john.gateley.
Hi @mattymillar,
You’ll need to take one step back to your /authorize request and make sure that you’ve included the audience parameter.
For example:
https://YOUR_DOMAIN/authorize?
response_type=code&
client_id=YOUR_CLIENT_ID&
redirect_uri=https://YOUR_APP/callback&
scope=SCOPE&
audience=API_AUDIENCE&
state=STATE
Moreover, I’d like to reiterate that the access token is opaque because there is no value passed for the audience parameter. This is to be expected and explained in our Get Access Tokens docs. Using your API identifier or the Management API identifier will produce a JWT access token instead.
Please let me know us if there’s anything else we can do to help.
Thank you.