Accepted answer

You would use id_token to construct the User object in SPA application and access_token is used to access the API. So, you don't put the id_token in the header.

There is a JavaScript library for Auth0 that can help with authentication/authorization tasks: Auth0.js.

The library may help with constructing the user object and refreshing the access token.

Related Query

More Query from same tag