A few follow up questions.
Why is that not part of the lock library? Lock is useless without this functionality in single page applications regardless of what the declared “best method” is. And older versions of lock had it.
The renewAuth call requires a “nonce” but the documentation contains no information on what that is or how it relates to the Auth0 payload returned by lock.
It sounds like Auth0 is incompatible with SPAs by design now. it isn’t supported natively and isn’t maintained as such. The angular plugin doesn’t work with webpack, lock doesn’t include renewing… grrr!