AWS Authorizer Error: "the issuer in the OIDC discovery endpoint metadata does not match the configured issuer"

Problem statement

When following this blog post and similar resources to setup AWS JWT Authorizers, the following error is returned when validating the JWT:

error="invalid_token" error_description="the issuer in the OIDC discovery endpoint metadata does not match the configured issuer".

Symptoms

  • 401 error returned
  • login will fail

Cause

The issuer had been inaccurately setup during the configuration of the JWT Authorizer by not including the trailing ‘/’ of the Issuer URL.

Solution

Confirm the Issuer URL in AWS includes the trailing ‘/’ and is otherwise accurately configured.

https://{YOUR_TENANT}.{REGION}.auth0.com/