Difference between aud in custom authrization server and ClientId

I have a SPA client that authenticates and gets back a token with aud equals to the client ID. Now if I want to use this token to validate against my authorization server it will fail because the authorization server has a different aud.
in the OKTA documentation it states that Audience in the authorization server should equals to the API url. so If I try to authenticate using the authorization server I still get the client Id as aud and not what I specified in the auth server.

Can someone explain the difference here?

That should be the case for an id token: https://developer.okta.com/docs/guides/validate-id-tokens/overview/#verify-the-claims but the access token should have the audience specific to the downstream API (resource server): https://developer.okta.com/docs/guides/validate-access-tokens/overview/#verify-the-claims

Ok Thanks that works. now I am able to get the proper aud in the access token. One thing though…
In my angular app I am trying to get the identity claims using
The claims that I get are from the id token. How can I get the identity claims from the access token instead?