@amine.foo If you’d like to authorize APIs with access tokens, you have to create an API in Auth0 and request this API’s access with the audience parameter when you’re authenticating. This will give you a JWT access token that you can send to the API, and the API can validate the JWT.
I won’t go into more detail, but there are a lot of docs that explain the process:
If you come across any specific problems, feel free to create a new discussion.
@kurt.sys It’s yes for all the questions. If you use Auth0.js, all these (validating ID token, calling /userinfo, etc) will be done automatically for you.