Nonce and State:
When I login with “loginWithCredentials” method, the request is created with the nonce and state in the querystring and after a succesfully login, the id token has the same nonce and the callback url has the same state. Is the following method checking if the nonce and state match? or more in general, is auth0-js somwhere verifiing this values?
this.auth0.parseHash((err, authResult) => {
if (authResult && authResult.accessToken) {
window.location.hash = ‘’;
this.auth0.client.userInfo(authResult.accessToken, (err, profile) => {
//if (profile) {
this._setSession(authResult, profile);
…