Ok, we’ve found something, but it’d like to know if this is expected behavior.
On both the request to get an access token and the request to renew it, we’re sending our services audience. It appears that, if we do that, we don’t get the userinfo audience back on the access_token.
But if we keep the audience field empty on the request to renew the access token, then we DO get the userinfo audience in the access_token.
Is that expected behavior?