Auth0 openid with custom domain failing


Just trying to integrate with open id connect option for a “regular web app” authentication with Auth0 using a custom domain. We are integrating using on a express based node js app.

The domain, has been verified via CNAME record using the “Auth0 managed certificate option” and passes the test on the auth0 portal. The auth flow works perfectly with auth0 subdomain, however when we switch to the custom domain as the Issuer_base_url we get the following error:

“error”: {
“status”: 400,
“message”: “unexpected iss value, expected, got:”

Any ideas on how we can fix this issue, thanks.

Also should mention, the error shows up after the callback is returning the user to our portal. From the logs we can tell the user has been authenticated however the callback is not getting the expected custom domain value

Hi @manish1 and welcome to the Auth0 Community! :tada: :grinning:

Can you please confirm that you’ve followed our documentation concerning additional configurations for your Custom Domain?

Please review those and let me know if you’ve already attempted following those guidelines. If you’re still having trouble, I’d ask that you DM me your tenant so I can have a closer look.

Best Regards,

1 Like

Hi @colin.coutts ,
Thanks for response. Yes, have been through the guides and still no luck.
Best we can tell is that using the ‘express-openid-connect’ library the config params for auth do not allow of setting the a value of a custom domain.

Below is our middleware that is trying to instantiate auth. It works when we use the “auth0” subdomain, but fails when we try and use our verified custom domain.

authRequired: false,
auth0Logout: true,
issuerBaseURL: process.env.ISSUER_BASE_URL,
baseURL: process.env.BASE_URL,
clientID: process.env.CLIENT_ID,
clientSecret: process.env.SECRET

Happy to DM you our tenant details, if you would like to verify the auth0 settings

I have the exact same issue and followed the links above. I added custom domain, verified it and adjusted the Universal Login.
I use nextjs-auth0 package and adjusted the AUTH0_ISSUER_BASE_URL to point to the custom domain.
From now every login attempt is redirected to the custom domain. So far so good, but after login I get redirected and I see following error:

unexpected iss value, expected https://<CUSTOM_DOMAIN>/, got: https://<TENANT>

Any help appreciated.

Hi @dohomi

Thanks for reaching out, apologies for the delay in response.

Would you mind sending me your tenant information in a DM as well as a .har file that captures this issue? Details on recording a .har file can be found here:

Best Regards,

Following this discussion, please update the thread with updates!

Hi @manish1,

Did you ever send me your tenant/.har file in a DM for me to review? Apologies if I’ve missed that but I don’t seem to see any messages from you.

In any case, this thread will be updated to post a solution once one is found.


@colin.coutts I could solve the issue - it was an issue with the Google OAuth and using the demo credentials which is not supported

1 Like

Thanks for sharing that with thee rest of community!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.