Angular/SPA Application with Auth0 Authentication Integration

We have a scenario - business Angular/SPA application with Auth0 authentication integration, with possible require ”heavy lifting/resolution call” on sign-in (app user profile pr0vision, idp profile provision, content lookup….).

What is the realistic life authentication scenario:

  1. Strict Client side calls. On sign in, Angular/SPA with client side Auth0-OIDC authentication by Auth0 Client Api.

(when I say client side, I mean both authorization code request call, and call for ID/Access token exchange originate on client)

  1. Hybrid. On sign In, authorization code requests call on the client by Auth0 Client Api but calls for ID/Access token call exchange delegate on the server side by Auth0 Server Api. Then control returns to the client.

  2. Strict Server side. On sign in, authentication and “heavy lifting” delegates and handles on the server by Auth0 Server Api. Then returns to the client for processing accordingly.

Appreciate all of yours help and ideas!