I think I’ve figured this out, if anyone else is a newbie and trying to understand how auth0 works. There appears to be an certain level of trust between any machine to machine app and a native app using pkce, via the auth0 APIs. If you click on one of your auth0 API’s, and then go to the tab labeled “machine to machine applications” it says: "Here is a list of your Machine to Machine Applications. You can authorize these to request access tokens for this API by executing a client credentials exchange.
Single Page and Native apps do not require further configuration. SPAs can execute the Implicit Grant to access APIs while Native Apps can do Authorize Code with PKCE for the same purpose."
So to achieve this I downloaded the ionic 3 demo app from the link below and configured it using my auth0 native application settings:
https://auth0.com/docs/quickstart/native/ionic3/01-login
And then based on akselon’s solution at the bottom of this thread:
I changed the options variable in the auth.services.ts file to look like this:
const options = {
scope: ‘openid profile email offline_access’,
audience: ‘https://AudienceUrlForYourMachineToMachineAppHere/api’
};
Where the AudienceUrlForYourMachineToMachineAppHere, was exactly what it says. It’s not the audience of the Native app. Also, I found that you don’t need the ‘/v2/’ at the end as akselon mentions, and in fact I couldn’t get it to work that way. So in the end, the audience is really just a straight copy of the auth0 API’s audience for the machine to machine auth0 app.
The native demo app will then return an authResult.accessToken that you can use to hit the machine to machine app directly.