Hi @xiaonan.zhang,
Thanks for the reply.
You will need the user to authenticate as usual with the audience parameter in the login request.
Is there a reason you are using Resource Owner Password grant flow instead of the authorization code grant flow?
You will need to get a JWT access token to access your API. The opaque access token is only meant to be used against the /userinfo endpoint.
(Reference: Get Access Tokens)