I assume you’re referring to Auth0Client of of auth0-spa-js? This is a client-side SDK not intended to handle client credentials of any kind (see public vs confidential applications). A client credentials exchange should take place server-side and you can go about writing that code however you like.