Differences in Bearer Token from Different Access

I implemented the Auth0 using Auth0 Python SDK Quickstarts: Login

From the successful login page, I am able to view the the following :

{
    "access_token": "xxx",
    "expires_at": 1657696308,
    "expires_in": 86400,
    "id_token": "xxx",
    "scope": "openid profile email",
    "token_type": "Bearer",
    "userinfo": {
        "aud": "a6GNX8ifpOrWovu9NakUp4Sxz0kqdJul",
        "email": "gerardsho@gmail.com",
        "email_verified": true,
        "exp": 1657645903,
        "iat": 1657609903,
        "iss": "https://randomsilver.us.auth0.com/",
        "name": "gerardsho@gmail.com",
        "nickname": "gerardsho",
        "nonce": "vumVyni7iVWzB7HRoAmY",
        "picture": "https://s.gravatar.com/avatar/1d847a5259fe55eb7c84f439e5f00277?s=480&r=pg&d=https%3A%2F%2Fcdn.auth0.com%2Favatars%2Fge.png",
        "sub": "auth0|62c45daf67fdea356d28bad4",
        "updated_at": "2022-07-11T19:34:14.775Z"
    }
}

What I would like to know is that if I access the raw login page from :

https://{AUTH0_DOMAIN}/authorize?audience={API_AUDIENCE}&response_type=token&client_id={CLIENT_ID}&redirect_uri={CALLBACK_URI}

I would see a token at the end of the url, upon successful login.

I found that this token neither fits in any of tokens shown in the successful login page configured above in the first method. Mainly, when I decoded via the jwt.io, it seems like the token from the second method is more complete, containing the permission rights. Kindly shed some light on this.

Hi @showall,

Welcome to the Auth0 Community!

Do you have an example of the second token?

It could be an opaque token, but it’s hard to say without seeing it.