Hi @howlettga,
Auth0 is simply providing the token returned from Salesforce, so it shouldn’t be related to Auth0 configuration. I would be fairly confident we can rule this out.
I would start by looking at the types of tokens SF issues and start troubleshooting from there.
https://help.salesforce.com/s/articleView?id=sf.remoteaccess_access_tokens.htm&type=5
Usually, invalid token errors mean that there is a problem with the token itself; i.e. it is expired, malformed, etc.