AWS Authorizer Error: "the issuer in the OIDC discovery endpoint metadata does not match the configured issuer"

konrad.sopala · November 21, 2023, 7:29am

Problem statement

When following this blog post and similar resources to setup AWS JWT Authorizers, the following error is returned when validating the JWT:

error="invalid_token" error_description="the issuer in the OIDC discovery endpoint metadata does not match the configured issuer".

The issuer had been inaccurately setup during the configuration of the JWT Authorizer by not including the trailing ‘/’ of the Issuer URL.

Confirm the Issuer URL in AWS includes the trailing ‘/’ and is otherwise accurately configured.

https://{YOUR_TENANT}.{REGION}.auth0.com/

Topic		Replies	Views
Intermittent "OIDC discovery endpoint communication error" when using JWT Authorizer with AWS HTTP API Help jwt , auth0 , api	12	2824	February 10, 2023
Invalid Issuer, with a custom domain Help configuration , application	3	2658	July 7, 2023
Issuer mismatch in ID token Knowledge Articles custom-domain , id-token , canonical-domain , issuer	1	2641	October 4, 2022
JWT verification from a backend API Knowledge Articles jwt , jwt-validation	1	1520	January 28, 2023
Invalid ID token: Issuer (iss) claim mismatch in the ID token Help login-experience , signup-prompt-new-experience	3	4604	May 27, 2023