So the data is saved on local storage under id_token however it’s still incomplete as app_metadata and user_metadata are missing.
Also in almost every example of auth0 setup I’ve seen client_secret is used but not in the blog post I linked to in my main post. How is it secure if the secret is not used?