Originally did this research during my work for Bitwyre. I'm now open-sourcing this and hope this helps anyone who finds it, please let me know by commenting if this did help you!
The access_token
produced by Auth Server (a token grant OAuth2.0) is actually a JWT token itself, but is using a different length and algorithm than your typical JWT.
It is using RS256
rather that the common HS256
algo.