to let my users log in if they need to (some don’t, since they are only reading public stuff, but not writing).
So far a successful login always leads to a complete reload of my SPA since the redirectUri is called, which I set to the same Url which my SPA has. Is there a way to avoid the reload and just get the information that the user has logged in (including access and id tokens)? The logout works without re-load at least.
With popup.authorize() a popup appears and after login my SPA is shown again within this pop-up. Ideally I would like the pop-up to disappear after login so that the user (now logged in) can continue to work with the SPA without reloading.
With the popup showing again after login it sounds like you could be missing a check to see if they are logged in before calling the popup.authorize() method again.
Before calling the popup code you should double check that your code is checking any stored tokens to see if they are logged in (and optionally performing a checkSession() call to see if Auth0 still holds a valid SSO session for the user, this will allow the user to be logged in again without the popup showing).