With “empty” do you mean why you’re getting an opaque token (string) instead of a JWT ? That’s because you’re not passing an audience
parameter in the request.
The audience
parameter would be the API identifier for the backend/API (resource server) that the access token would be used for.
If it’s not something you need in your use case (in case you’re just interested in authentication but not authorization), the opaque access token you’ve got will work just fine for retrieving the user information from the Auth0 (https://YOUR_TENANT.auth0.com/userinfo
endpoint)