But when trying to access the secured endpoint from the application using our access token. It always fails. We send the access token as part of the HTTP header like this:
I noticed that opposed to the access token we get for our backend when checking via Dashboard->Apis->Test the access token we get in our Cordova application does not seem to be a valid JWT token.
Given you mention that you’re receiving an access token in your Cordova application that is not a valid JWT then the likely cause is that you did not correctly configured the Cordova application to request an access token valid for your own API.
The quickstart you mention for Ionic 2 is only about user authentication, that is, you get an ID token with information about the user who logged in and an access token valid to call the user information endpoint as specified in OpenID Connect. Given this endpoint is under the Auth0 control the access token issued does not need to be a JWT and can be an opaque token.
If you want to authenticate the user and also receive an access token valid for your own API then, in general, you need to pass the audience parameter when doing the initial request. The audience parameter must include the API identifier of your own API; after having done this you should then receive a JWT access token that your own API can validate.
From a quick look at the Ionic2 quickstart you should be able to accomplish the above by adding the audience parameter to the auth0Config variable: