Power Apps Oath2 to Auth0 leads to incorrect audience and issuer in JWT

We’re trying to see if we can get a Microsoft ‘Power App’ to query an api that’s part of an already well working Auth0-protected app ecosystem.

Now, PowerApps offers an Oauth2 connection implementation, but it’s a bit restrictive and inflexible. For example, you can’t customise the auth url with additional parameters like ‘audience=blah’ (an issue with the product that people have been complaining about to Microsoft for years and looks unlikely to be addressed).

We can get the Power App to successfully request an access token from Auth0, but that token then fails when used to query our api (checked there by express-jwt). Inspecting the JWT, I believe the problem is that the JWT has the wrong audience (microsoft) and the wrong issuer (windows.net). Neither of which we can control due to the restrictive implementation on Power Apps.

Given we’re not likely to make headway on the Microsoft side, I was hoping to find suggestions around this roadblock on the Auth0 side. Is there a configuration solution? Is there an alternate authentication method that might work better? Any advice?