Recently for my web-based JS app I tried to use auth0-spa-js and universal login passwordless classic template for authentication. I needed a JWT with email scope so I could use it to authenticate directly to restdb.io, identifying the user.
I could not find a way to finish up with a JWT, which I needed for the restdb calls. I could use getTokenSilently to get a token after login but that seemed about it and it wasn’t a JWT.
I couldn’t find documentation that closely matched what I was trying to do.
I have now got around it by throwing out auth-spa-js and using auth0 lock passwordless in my app and getting the idToken JWT from that. Since that was documented.
So two remaining questions:
What does the lock code do in the manage Auth0 Universal Login setting code do now that I call the lock from my own code? Is it ignored?
Was there something I was missing about auth0-spa-js in my first attempt? It seemed I should have been able to get a JWT to my JS web code at some point but just couldn’t find out how.