My config looks fine as compared to your example.
The trick is to check your given JWT to set your issuer and client ID properly:
What does this mean exactly? Am I to assume the token given to me by auth0 is not valid unless I otherwise modify it?
The instructions state to simply add the Authorization header with a value of Bearer {token} (which is familiar JWT practice).
What version does the Tyk Cloud run?