Hello! The issue that I am seeing is that you are not requesting an access token, you’re requesting only an ID token. By specification definition, the audience of an ID token will always be the client ID. In order to request an access token for API authorization, you can format your your WebAuth instance like so:
new auth0.WebAuth({
clientID: YOUR_CLIENT_ID,
domain: YOUR_DOMAIN,
responseType: 'token id_token',
audience: 'YOUR_AUTH0_API_IDENTIFIER',
...[etc]
Requesting token id_token as the responseType will ensure that you receive an access token with the appropriate audience for your API in addition to the ID token. The WebAuth instance’s audience should match the identifier for the API that you set up at https://manage.auth0.com/#/apis
I hope this helps! Please let us know if you have any further questions or run into issues.