JWT token is "invalid signature"?

Hey again!

You’re on the right track!

My guess is that this token is missing the audience - If you do not specify an audience (aud claim) then the access token you get back will be opaque (not a jwt). That is, it cannot be decoded but can be used against the /userinfo endpoint. Some more on that here:

And a helpful FAQ on audience in general:

Hope this helps!