Passwordless login without a redirect with SPA

I am looking to implement passwordless login with a SPA. For project-specific reasons I can not have a redirect, so need to remain on page at all times. Any calls to webAuth.passwordlessLogin redirects to complete the auth process.

Another option is documented here

to manually call POST https://YOUR_AUTH0_DOMAIN/oauth/token but this is not allowed with SPA applications and as expected doing so returns the following error:

  1. error_description: “Grant type ‘’ not allowed for the client.”

My question is, can I use a “regular web application” app even though I actually have an SPA to enable this feature? I could send the request via my API to not expose the secret.

Currently with an SPA can passwordless login happen without a redirect. From the docs I am assuming no and if so why is this the case?