Hi,
I may be wrong, yet it seems to me that in the token exchange flow, the audience is the second auth server that trusts the first one. In your case, it means that when the token is exchanged, the audience to set in the POST is the AuthServer2, not the AuthServer1.