Auth0 openid with custom domain failing

manish1 · December 22, 2020, 2:42am

Hi,

Just trying to integrate with open id connect option for a “regular web app” authentication with Auth0 using a custom domain. We are integrating using on a express based node js app.

The domain, has been verified via CNAME record using the “Auth0 managed certificate option” and passes the test on the auth0 portal. The auth flow works perfectly with auth0 subdomain, however when we switch to the custom domain as the Issuer_base_url we get the following error:

{
“error”: {
“status”: 400,
“message”: “unexpected iss value, expected https://auth..io/, got: https://.au.auth0.com/”
}
}

Any ideas on how we can fix this issue, thanks.

manish1 · December 22, 2020, 2:46am

Also should mention, the error shows up after the callback is returning the user to our portal. From the logs we can tell the user has been authenticated however the callback is not getting the expected custom domain value

colin.coutts · December 23, 2020, 9:47pm

Hi @manish1 and welcome to the Auth0 Community!

Can you please confirm that you’ve followed our documentation concerning additional configurations for your Custom Domain?

Please review those and let me know if you’ve already attempted following those guidelines. If you’re still having trouble, I’d ask that you DM me your tenant so I can have a closer look.

Best Regards,
Colin

manish1 · December 23, 2020, 11:23pm

Hi @colin.coutts ,
Thanks for response. Yes, have been through the guides and still no luck.
Best we can tell is that using the ‘express-openid-connect’ library the config params for auth do not allow of setting the a value of a custom domain.

Below is our middleware that is trying to instantiate auth. It works when we use the “auth0” subdomain, but fails when we try and use our verified custom domain.

router.use(
auth({
authRequired: false,
auth0Logout: true,
issuerBaseURL: process.env.ISSUER_BASE_URL,
baseURL: process.env.BASE_URL,
clientID: process.env.CLIENT_ID,
clientSecret: process.env.SECRET
})
);

Happy to DM you our tenant details, if you would like to verify the auth0 settings

dohomi · March 3, 2021, 5:05am

I have the exact same issue and followed the links above. I added custom domain, verified it and adjusted the Universal Login.
I use nextjs-auth0 package and adjusted the AUTH0_ISSUER_BASE_URL to point to the custom domain.
From now every login attempt is redirected to the custom domain. So far so good, but after login I get redirected and I see following error:

unexpected iss value, expected https://<CUSTOM_DOMAIN>/, got: https://<TENANT>.eu.auth0.com/

Any help appreciated.

colin.coutts · March 8, 2021, 10:06pm

Hi @dohomi

Thanks for reaching out, apologies for the delay in response.

Would you mind sending me your tenant information in a DM as well as a .har file that captures this issue? Details on recording a .har file can be found here:

Best Regards,
Colin

manish1 · March 8, 2021, 10:37pm

Following this discussion, please update the thread with updates!

colin.coutts · March 8, 2021, 10:43pm

Hi @manish1,

Did you ever send me your tenant/.har file in a DM for me to review? Apologies if I’ve missed that but I don’t seem to see any messages from you.

In any case, this thread will be updated to post a solution once one is found.

Thanks!
Colin

dohomi · March 9, 2021, 9:14am

@colin.coutts I could solve the issue - it was an issue with the Google OAuth and using the demo credentials which is not supported

konrad.sopala · March 9, 2021, 9:15am

Thanks for sharing that with thee rest of community!

system · March 24, 2021, 9:16am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.