This is not the same issue because if you get a success response (even with less info) then the access token is suitable (has the right audience). You should post this as a separate question and then delete this post. Ideally you should include in your question all the options used to initialize Auth0.js and then call the client.login and client.oauthToken methods.