Hey Harry. We are hijacking 4constanzas17’s question a little here :).
You are passing the audience in the correct place. Sorry about the docs, adding the audience from client applications is a new feature and the doc are still work in progress. You can find more information here: Call Your API Using the Authorization Code Flow, although it refers to the /authorize call (that uses Auth0’s hosted Lock) instead of embedding Lock in your app.
The error message you are getting suggests an incorrect API identifier. Are you sure you are using the right one?