(this is a summary of the discussion in the comments and an answer to the improvement request comment)
Currently, it’s not possible to perform a single request that includes multiple audiences. With some constraints, that scenario is not completely unfeasible and I’ve already seen internal conversations mentioning it so this is something that already has been considered. However, at this time, it’s not supported and I can’t provide you with any definitive outcome/timeline in relation to that possibility.
As alternatives (or workarounds if you prefer) you can for API’s that you control represent them as a single resource server or perform multiple requests with different audiences. If the user authenticated in a way that it established a session with Auth0, then the user will not have to explicitly specify their credentials for the subsequent request. If the individual API’s require consent then yes, the user would need to provide consent each time.
In relation to the specific scenario in question which is related to the API made available by the Authorization extension I would still recommend the client credentials grant (for non-confidential clients, this would indeed require a broker service). The reasoning is that the functionality exposed by that API is sensitive enough to warrant the consideration that is possibly for the best to not expose access tokens directly to end-users and instead go through a broker. This part is mostly my personal opinion, although I believe the extension API will reject tokens not obtained through a client credentials grant.