Enable non-confidential applications for use with an organization

Hi there,

I’m tinkering with Auth0 for some of our products and I really like the organization feature. The ability to assign permissions to the same user in different organizations is quite handy and meets pretty much all our needs.

The only wrinkle I’m running into is that I can’t use universal login with a single page app because it’sI’m getting an “unauthorized” request on the token endpoint when the exchange finalizes without specifying the client secret. As you probably know, it’s not secure to specify a secret on a single page application because it can’t keep a secret. This means I’ll need to wrap the call to the authorize/token endpoints with my own application code to keep the client secret, well, secret.

Is there a configuration option I’m missing somewhere that makes this work? Maybe this works correctly on an enterprise installation and my development sandbox doesn’t have this feature?