Hi @dan22,
Welcome to the Auth0 Community and thank you for posting your question !
Firstly when receiving a JWE you must ensure that you are not actually getting an opaque token, which happens when you are not providing the correct ApiIdentifier to the request you are making, meaning passing the right 'aud' parameter, as mentioned in our Knowledge Article.
In our docs for Jason Web Encryption ( JWE ) it is mentioned that:
the resource server must decrypt and validate the JWE token
Since you are using the Resource Owner Password Flow with Client Credentials disabled and you are only getting a JWE instead of an actual JWT you’ll also have to follow the guidelines on how to configure a private key for JWT authentication, as mentioned in our documentatation for this particular flow. This can be done by generating an RSA Key Pair, process that can be handled directly from the Auth0 Dashboard.
Finally, in order to get the access token you’ll have to authenticate the JWE using the key pair that was previously generated, so please follow this documentation as well.
Additionally you can also check our our link for more information on how to retrieve an Access Token.
I hope this helped.
Best regards,
Remus