Thanks for confirming! Strange as I’m unable to reproduce on my end currently 
I did notice that your client id is that of a SPA application, what happens if you create a Web App in Auth0 and use that instead here?
If you are using an API registered in Auth0 you will need to have the algorithm set to HS256 there as well.
Additionally, you may want to consider using RS256 if possible: