Thanks @moonkrj ! Still, I try to use that endpoint and I am unauthorized. If I use the access token, I get an Unathorized Error regarding a Bad Audience. My audiences are my custom API and /userinfo.
Would setting the client domain as an audience help? If so, how can it be done (or is it a good practice)?