Why is the returned jwt access token invalid for Resource Server access?

I have attempting to gain access to the a Management API via PHP so I can update user details. I’ve create a Resource Server API in my account area, validated the user, provided them with scopes (update:users, create:client_grants), etc.

I then retrieve a token form the ‘/oauth/token’ URI with all the relevant data. Then when I attempt to use this token to Authorize the client via ‘/client-grants’ URI it returns telling me the audience is not valid (Bad audience). However the HTTP status code returned is 401 which indicates an invalid token. If I take the access token returned from ‘/oauth/token’ and paste it into the https://jwt.io/ debugger it informs me the it has an ‘invalid signature’. The header and payload section appear to be fine with correct details, however the token is still deemed as invalid. Both for RS-256 and HS-256.

Even when i cut and paste the test script under the ‘test’ tab in the API Resource Server edit UI the return token in still deemed invalid.

Why are the return tokes not valid in the debugger. How can I gain access to the Resource Server so I can manipulate user details?

Focusing on what seems to be your main objective:

…gain access to the a Management API via PHP so I can update user details.

then, if you haven’t done so already you should check the reference documentation page that goes through the process to obtain Management API v2 tokens:

In particular, the process requires you to create a client application and not a resource server/API in your account. The Management API should already be created as a resource server in every account. You should follow the documented process step by step and if you still have issue then update your question with the exact step of the documented process that you experienced an issue with.