Since a couple of days I’m getting invalid access_tokens. It’s in this form 41-NESMPfNb39I7xbG0JyXiB6yDM-1Yw and I don’t seem to have changed anything that might have caused this. The that initiates authentication is an Angular SPA using code grant with the angular-auth-oidc-client package for authentication. I’m not getting any errors and the id_token looks fine.
Welcome to the community!
Do you mean to say that earlier you received JWT format access_tokens in your app, and recently started receiving opaque access_tokens?
Also, what makes you say those access_tokens are “invalid” (especially since you are not getting any errors)? Auth0 Authorization Server returns a JWT format access_token only when you specify an audience=my-custom-api-identifier parameter in your authorization request. Otherwise an opaque access_token is returned which is only good for use on your tenant’s /userinfo endpoint.
Sorry for being a bit unclear. I actually meant that it’s not a valid JWT token. Adding the audience to the token request seems to be going wrong indeed, which was also the case some time ago.