An opaque token is intended to be exchanged for a user profile via the /userprofile endpoint.
If you want to secure the requests between your web app and a backend API, you will want to receive a JWT token that can be verified by your application. To return a JWT, you need to specify and audience when you request the token (the audience will be the API consuming the token).