You can avoid this second call to the Auth0 server. The token is a stateless bearer token, which means it is signed, and can be verified without any additional call. You backend API can verify the token, then return the data.
Take a look at our node quickstart, it shows how to validate tokens on the backend.