Trouble with authorizing my own backend api invalid token error

I am building a web app that utilizes react as the front end (SPA) and flask as the back end. I have a route in my backend that I am trying to protect with auth0. In order to do this I followed auth0’s backend quick start for python: Auth0 Python API SDK Quickstarts: Add Authorization to a Flask API application. I copied all the necessary code and here is what my and look like now.

import json
from urllib.request import urlopen

from authlib.oauth2.rfc7523 import JWTBearerTokenValidator
from authlib.jose.rfc7517.jwk import JsonWebKey

class Auth0JWTBearerTokenValidator(JWTBearerTokenValidator):
    def __init__(self, domain, audience):
        issuer = f"https://{domain}/"
        jsonurl = urlopen(f"{issuer}.well-known/jwks.json")
        public_key = JsonWebKey.import_key_set(
        super(Auth0JWTBearerTokenValidator, self).__init__(
        self.claims_options = {
            "exp": {"essential": True},
            "aud": {"essential": True, "value": audience},
            "iss": {"essential": True, "value": issuer},

from os import environ as env

from dotenv import load_dotenv, find_dotenv
from authlib.integrations.flask_oauth2 import ResourceProtector
from validator import Auth0JWTBearerTokenValidator

require_auth = ResourceProtector()
validator = Auth0JWTBearerTokenValidator(
    "{my domain}",
    "{my api identifier that I created through auth0}"

@app.route("/create_listing", methods=["POST"])
def create_listing():
    #create listing code here

I also had to update my front end code as well and here are my main.jsx and create_post.jsx

main.jsx: only showing the changed part

      domain={my domain}
      clientId={my client id}
        redirect_uri: window.location.origin,
        audience: {the identifier for the api I created on auth0},
        scope: "create:listing",
      <RouterProvider router={router} />
  </React.StrictMode >,

This part of the code is essentially getting the access token and then sending the form data with the access token in the header.

try {
            const accessToken = await getAccessTokenSilently({
                authorizationParams: {
                    audience: {my api identifier},
                    scope: "create:listing",

            const payload = {
                postDate: formattedDate,
                images: fileBase64,
                userSub: user.sub

            const url = ""
            const options = {
                method: "POST",
                headers: {
                    "Content-Type": "application/json",
                    "Authorization": `Bearer ${accessToken}`,
                body: JSON.stringify(payload)
            const response = await fetch(url, options)
            if (response.status !== 201 && response.status !== 200) {
                const data = await response.json()
                setError('formError', {
                    message: data.message,
            } else {
        catch (e) {

However, every time when I go to submit, I always get “error”: “invalid_token”. I saw some other posts mention that you need to go to your api and under machine to machine applications you need to update the permissions available for your api. I did add create:listing but it still didn’t fix the issue. If anyone could offer some help, I would very much appreciate it.

Additionally, I also saw another auth0 page on creating a api with auth0 here: Flask/Python API: Authorization Code Sample. The sample code is much longer and convoluted, but when I ran the curl command I did get the message. I’m just kind of confused on which one actually works and obviously if the shorter code works, I would much rather use the shorter code.

Thanks in advance.