Currently I’ve written my SPA’s auth code with auth0 totally from scratch, not using any of the recommended APIs. I’m using the implicit grant flow so I can sign requests with the JWT access token from auth0 in HTTPS requests up to my third party API to verify the user sending them is a real user.
I’d like to move to auth0.js so I can get checkSession() and properly/silently refresh the SPA’s login tokens without disrupting the user. That whole workflow is clear. What I cannot figure out is how do I get the access token out of auth0.js to send to my API server?
I’ve read https://auth0.com/docs/libraries/auth0js/v9 but don’t see anything relevant.