In order to obtain a JWT access_token, you need to provide a valid audience parameter when calling /oauth/token. The audience value is the Identifier of the API you create in Auth0. In short, you need to create an API in Auth0, and provide the Identifier as the audience value.
Securing your WebAPI is outlined in our Quickstart: https://auth0.com/docs/quickstart/backend/aspnet-core-webapi/00-getting-started