How would the flow look like if the token exchange should happen on the backend but the authorization is triggered from the Auth0 lock on a React Web app?
I have configured the redirect URL to be a the endpoint of the backend. Using the code query parameter I perform the token exchange but how would I send back the token?
I can only do a redirect again to the web app but I wouldn't be able to pass the token unless I put it into the URL aa query parameter, too. Would that be the expected implementation? I mainly want to do the exchange server side because I only want to allow certain email address to gain access.
