Hi @morgan.zolob,
Welcome back to the Auth0 Community.
This is actually the expected behavior when refreshing the access token. Usually the aud claim is meant to be populated with a single API identifier ( for general security measures when requesting an access token ), the intended resource server receiver of the token, while the /userinfo endpoint presents the only exception. It is the single case where 2 different audiences can be specified for requesting a token.
You can check out this github page for more information.
The solution would be making the first request for your custom API set as the audience, then either make a separate call using a function such as getTokenSilently ( this depends on the SDK that is being used ) to the /userinfo endpoint with the API identifier set such as https://{CanonicalDomain}/userinfo. This is also mentioned in our Get User Info documentation:
To access the most up-to-date values for the
promptparameter for your call to theauthorizeendpoint equalsnone).
You can also simply rely on the ID token issued from the initial request ( if you only need basic information about the user ).
I hope this helps!
Best regards,
Remus