It seems that you’re missing the proper scope for an OpenID Connect request. Add scopes like openid profile email and also the response_type should be token id_token.
See the example at Lock v11 for Web (but replace Auth0LockPasswordless with Auth0Lock).
var lockPasswordless = new Auth0Lock(
'0wESJsu7YgBK8EUUADH9qOBXTP5P5duz',
'dev-thsfactory47.auth0.com',
{
auth: {
redirectUrl: 'http://localhost:3000/',
responseType: 'token id_token',
params: {
scope: 'openid profile email'
}
}
);
By the way: you’re using the embedded login via Lock SDK, not the Auth0 hosted Universal Login Page (ULP). Is it a requirement? Asking because using the ULP is usually easier and comes with less problems (as outlined in the yellow box on https://auth0.com/docs/libraries/lock/v11).