According to the access token document:
- If the audience is set to
{YOUR_AUTH0_DOMAIN}/userinfo, then
the Access Token will be an opaque
string.
- If the audience is set to the unique
identifier of a custom API, then the
Access Token will be a JSON Web Token
(JWT).
Also, when the audience is set to a custom API and the scope parameter includes the openid value, then the generated Access Token will be a JWT valid for both retrieving the user’s profile and for accessing the custom API.
For more information about creating and configuring an API in Auth0, see: https://auth0.com/docs/apis#how-to-configure-an-api-in-auth0
You should also check the OIDC Conformant switch, located in the client’s advanced settings. See this for more info: https://auth0.com/docs/api-auth/tutorials/adoption/oidc-conformant