Hi there,
We are busy implementing login using auth0 on our bubble io app. It is a single page app which we are using Auth0 JS sdk for authenticating the user and getting access to claims and access_token produced.
Using this method, everything goes well until we have a look into the access_token produced. It contains all the default roles and claims it should, however we have an Action Flow for appending custom claims to the access_token before sending it down to the client. However, these claims are not part or visible when we debug and look into the claims.
Using the PKCE Code Flow for logging in a user, ( either using code verifier and code_challenge or using Client Secret Id params), the access token produced includes the custom claims added in the action flow.
We would like to stick to the standard auth0 js sdk if possible and we would assume the results should be the same.
Please could someone point us in the right direction as we are stuck on why the results could be different.