I manage to get it using the management API. But it seems overkill.
Even the test sample in action contains an access token :
"user": {
"app_metadata": {},
"created_at": "2022-10-18T15:29:04.063Z",
"email_verified": true,
"email": "j+smith@example.com",
"family_name": "Smith",
"given_name": "John",
"identities": [
{
"connection": "Username-Password-Authentication",
"isSocial": false,
"provider": "auth0",
"userId": "5f7c8ec7c33c6c004bbafe82",
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gU21pdGgiLCJpYXQiOjE1MTYyMzkwMjJ9.Q_w2AVguPRU2KskCXwR7ZHl09TQXEntfEA8Jj2_Jyew",
"profileData": {},
"user_id": "5f7c8ec7c33c6c004bbafe82"
}