@jmangelo Yep, it’s especially missing documentation. 
There is a solution already:
const lock = new Auth0Lock(clientId, domain, {
oidcConformant: true,
autoclose: true,
auth: {
sso: false,
responseType: 'token id_token',
redirectUri: process.env.AUTH0_REDIRECT_URI,
params: {
audience: 'https://my-api.io'
}
}
})