403 "Service not enabled within domain" error

I’m using the Auth0 CLI to deploy configuration to a tenant. I got this working successfully on my local machine, but couldn’t get it to work in a CI system despite trying many workarounds. I kept encountering the error 403 “Service not enabled within domain”. There are 2 related issues: 403 error on custom domains and 403 error from trailing slash but neither of those fit my situation.

1 Like

Solving my own problem here and posting for others’ benefit. The issue was with the environment variables I was using to store CLI login credentials. I had set the client ID and secret for different environments on both my local machine and on the CI server. But I discovered a difference. On the CI server I had also set the standard environment variables AUTH0_CLIENT_ID and AUTH0_CLIENT_SECRET and they pointed to a different tenant. Apparently what happens is that the CLI uses those credentials to get the initial access token, but then attempts to use that access token to connect to my target tenant. That connection gives a 403 Forbidden error.

The resolution was to remove the AUTH0_CLIENT_… variables. Then Auth0 used the credentials for my target tenant to get the token and then to use it.
I’ll report this as a bug in the CLI, but I was happy to find the workaround.

Thanks a lot for sharing that with the rest of the community!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.