I have a Single Page App that works as http://localhost:5000 but not as http://appname.com:5000. I get the error “auth0-spa-js must run on a secure origin”.
I have read that http: is not supported, which doesnt seem right to me, but I am guessing I need another workflow. Curently I am:
- Loading static html/JS site.
- App runs createAuth0Client() ← Failure happens here
- User logs in using auth0.loginWithPopup()
- User gets a JWT token using auth0.getTokenSilently()
- User makes call to registered API using the JWT token
This seems like it should be supported. I dont want to require https for the SPA. Is there a different workflow I should use?