Auth0 Home Blog Docs

Auth0 HTTPS certificate changed?




I have an iOS 9+ app that has recently started failing authentication at AWS. I am trying to determine whether the failure is due to my Auth0 configuration.

I install Auth0 components using CocoaPods. Currently I have

pod 'Lock', '~> 1.28'
pod 'Lock/Safari'

in my pod file. The message I am receiving from AWS is

Error Domain=com.amazonaws.AWSCognitoIdentityErrorDomain Code=8 “(null)” UserInfo={__type=NotAuthorizedException, message=Invalid login token. OpenIDConnect provider’s HTTPS certificate doesn’t match configured thumbprint}

During login I call Lock’s


passing in

"facebook", "google-oauth2" or "Username-Password-Authentication"

as the connection name. All 3 connection types are failing with the same error.

This login sequence worked well until recently. Have I missed an update that could be causing this problem?



This happened to me today too, starting around noon eastern. In a production application. I updated the fingerprint in cognito’s OpenIdConnect configuration and resolved the issue.

Auth0, why did this change? Why did we receive no advanced notice? How can we stay informed of this in the future and prevent an outage for our users?


Hey looks like auth0 rotated their certs. We just had to add the SHA1 Digest for the new cert to AWS.
Login to AWS > IAM > Identity Providers > click your auth0 provider > "Add a Thumbprint"
Paste in “f301d61981fd59a3271d0b8a8412448f500e0f86”

(To verify the SHA1 digest I pasted, you can go to, open chrome dev tools, click security, view certificate, details, scroll all the way to the bottom)