It sounds like you may be getting an opaque access token instead of a JWT access token. To get a JWT access token you must have an API registered in the APIs section and you must use the identifier for it as the audience
parameter in your auth0.WebAuth
config.
Can you confirm that you have an API registered and that you are using its identifier as the audience
parameter in your config?