We are in the middle of migrating from auth0-js because we want to follow your best practises in our apps, but our main authentication method relies heavily on the OpenID connect option in AWS AppSync.
Their authentication method requires JWKS to validate the JWT (ID Token) from auth0, I am aware of Getting the JWT id token from auth0-spa-js - #8 by mathiasconradt and I hope a serverless product from AWS itself represents a use case big enough for you to care.