How do I configure Auth0-Lock 10.18.0 package to not send the password in plain text but instead send a token for validation? When I look at the request being done over the wire, it has both my username and password in the payload which is typically bad practice. Here is my current config:
new Auth0Lock(result.body.clientId, configuration.getDomain(), {
oidcConformant: true,
autoclose: true,
auth: {
redirectUrl: this.storeUri,
responseType: 'token id_token',
audience: `https://${configuration.getDomain()}/userinfo`,
params: {
scope: 'openid'
},
},
languageDictionary: {
title: this.title
},
theme: {
logo: this.logo
}
});