Thanks for confirming!
It looks like the token shared is from a different authorized app - The sub
claim should be the client_id
of your brokerx-secure
application. Basically, it looks like you just need to use the brokerx-secure
credentials to get an access token as opposed to the application with a client_id
beginning in WidyZzQpW...
.