It looks like that auth0 code requires a Cryptographically Secure Pseudo Random Number Generator (CSPRNG).

DO NOT IMPLEMENT THAT YOURSELF

CSPRNGs have a very specific purpose which is chiefly, to be completely unpredictable. If you use a regular pseudo random number generator (PRNG) where a CSPRNG belongs, you can easily compromise your application's security. In fact, malware analysts/antivirus companies are sometimes able to reverse the effect of ransomware and recover the encrypted files due to this very error by the malware authors.

Since this code seems to require a CSPRNG, I would only use a proper CSPRNG.

Read more.

Also, see the "Remarks" section of the (msdn.microsoft.com/en-us/library/windows/desktop/…).aspx) of MSDN.