Hi @xiaonan.zhang,
Thanks for following up.
For testing your APIs in Postman, you will need to pass an audience parameter in your login request. This is intended to create a JWT access token to be used against your API. For example:
auth0.authorize({
scope: 'openid profile email', // Specify the desired scopes
audience: 'your-api-audience', // Specify the API audience
// Add any additional parameters as needed
})
Yes, if you intend to use the token in the future against your API. Let me also add that you can get most of the information found in your opaque access token as you do in your JWT access token. If there are any attributes missing, you could always append them to your JWT access token as custom claims.
See Adding custom claims to tokens.
You will need to use the Authorization Code flow or the Client Credentials flow.
Thanks,
Rueben