Are you planning to support recommendations given in https://tools.ietf.org/id/draft-parecki-oauth-browser-based-apps-00.html?
Auth0.js does not support Authorization Code flow or the PKCE feature. Would like to see a commitment for supporting that.
Until further, we are looking into using Appauth-js instead, and marking our SPA as Native to get the PKCE support. Is this a valid approach in your opinion?