Do you need the profile to load directly after login? How it is handled in the example app I linked above, the user has to visit a /profile route before that call is made. In essence, the user logs in, is redirected to a home page, then will have to navigate to a profile route before the getProfile method is called. This would be more efficient as well, since the /userinfo endpoint is not called on every authentication.
We also just released the new auth0-spa-js with auth code + pkce (the recent standard grant type for SPAs according to the OAuth2.0 Spec). It looks like they may have addressed your issue. Take a look at the new example here.
Thanks,
Dan