Thanks Remus, that is also very helpful.
Last question - I have reconfigured our application to callback to /login. After logging into the IDP, which is successful, the browser does successfully redirect to our /login, but then gets stuck in a loop. On the login, we call getAccessTokenSilently first and that fails with “Login required”. It feels like I am missing something because like you said, Auth0 is automatically doing all the redirect work.
What does the error mean? Thanks!