Hi garym,
Sorry for the delay in getting back to you.
Per the RFC, the audience is optional when verifying the token. We choose to include it in our guides but it is not required.
In your situation, I believe the correct audience would be " [ ‘https://api.myappdomain.com’,
‘https://myappdomain.auth0.com/userinfo’ ]" as this is the audience listed in the token.
Could you tell me where in the docs it instructed you to use the private key? I could not find that in the documentation you linked me (but maybe I missed it as they are quite long).