Using the Auth0-spa-js SDK after logging in via the Resource Owner Password Flow


I am building a react app that has a signup page and the Auth0 universal login page. The signup page is for creating a new user - it uses the Resource Owner Password flow to create the user and return an access token. The login page is for a current user, and is the standard Auth0 Universal login using the Auth0-spa-js SDK.

A user is able to Sign up on my app via the Resource Owner Password Flow (responds 200 success with a bearer token), but once they are signed up the Auth0-spa-js SDK has no knowledge of the user. There seems to be no way for the user to be authenticated against the Auth0 api, which is needed for controlling the app’s protected routes.

Am I missing something? Is there a way to make the Auth0Client from the Auth0-spa-js SDK aware of a logged-in Auth0 user using the bearer token received via the Resource Owner Password Flow?


Did you find a way to work around this issue? I’ve just reached this point myself and am wondering if I need to abandon the SPA and just use the auth0-js package.

We got it to work by changing our product slightly. The Resource Owner Password flow now only gives the user limited access to the system during their sign-up process. Once their signup is complete and all the onboarding data is collected, we then log them out and prompt them to log back in via the redirect page/SDK.

Not a perfect solution, but keeping the two flows exclusive to either the signup flow or the login flow for the product UX allowed us to use both.