Hi @elja1989,
Thanks for reaching out to the Auth0 Community!
Firstly, I must obfuscate all the sensitive information you shared in your initial post. This is for security reasons and to ensure we do not expose sensitive information like your access token.
After checking your first access token, I noticed that the user already has the secondary user linked to their profile, as shown under the identities array:
"identities": [
{
"connection": "Username-Password-Authentication",
"user_id": "6638820ef54520ecca12593a",
"provider": "auth0",
"isSocial": false
}
This user_id matches the user_id of the secondary user.
So, in this case, you should use the primary account to authenticate, which means you should use the initial access token. You do not need to create a new access token and send it back for consumption. This could be why the token was invalid.
Could you give that a try and let me know how it goes?
Thanks,
Rueben