I’m trying to retrieve a user’s accessToken with the correct audience using the Auth0 Lock. My code is as follows:
import Auth0Lock from 'auth0-lock';
new Auth0Lock(clientId, domain, {
oidcConformant: true,
auth: {
redirectUrl: `${ROOT_URL}/auth/signed-in`,
responseMode: 'form_post',
responseType: 'token',
audience,
},
params: {
scope: 'openid',
},
}).show();
When oidcConformant
is true, the Lock seems to disregard the redirectUrl
and responseMode
fields. Instead, it shows me “Thanks for logging in.” in the modal. Is this an intended behaviour or is this a bug?
Is there another way for me to get the user’s full access token while hiding it from the web client (considering we can only specify an auth.audience
if we set oidcConformant
to true)?