Hi @martin5,
Welcome to the Community!
Can you confirm that you toggled on the Add Permissions in the Access Token setting and saved afterwards? I just tested this to confirm, and you should just have to add the custom API as the audience, add the permission to the role, and the role to the user, then you should get an access token with the respective permissions.
Also, the aud claim is typically the identifier uri of your API, it looks like you may have used the id.
Let me know if either of those solve it,
Dan