Hi,
If I understand you correctly, you have redirected to Auth0 universal login, is that correct? If you have the access_token returned back is opaque and cannot be decoded in the manner you are trying. The Id_token will be a standard JWT. A way to get round this is to change the audience to an API you might have associated with the app. In this way Auth0 will now return a normal JWT which can be decoded.