Welcome to the Community!
There are a few things here that need clarifying.
-
You should be able to get an access token and an id token without having to declare an audience, although the access token will be opaque
-
Are you using the access token to make requests to the management API? Or did you set that as the audience arbitrarily to get a non-opaque token? The managment API and the authentication API are seperate entities.
-
What is your desired token lifetime?
Let me know,
Dan