In reference to the React Custom Login sample here:
Has anyone else found that it no longer works since the new default grant types are in place?
I think it assumes that the ‘Password’ grant type has been enabled but for all new clients (of type SPA) this is now disabled by default.
Auth0 recommend that it is disabled for public clients so it would be nice to see this example updated.
Yes, you’re correct, the sample was not fully updated and the login method was still incorrectly triggering a resource owner password credentials grant. The samples may soon receive a more serious update, but meanwhile I submitted a PR that shows cross-origin authentication being used (Fix custom login form step to call cross-origin authentication by jmangelo · Pull Request #63 · auth0-samples/auth0-react-samples · GitHub). That should be fully working on browsers that have third-party cookies enabled; due to time constraints I did not have a chance to test the handling of the fallback processing when third-party cookies are disabled.