Problem statement
This article explains a potential cause for the error Bad Issuer while using the node-auth0 SDK and a custom domain value.
Symptoms
Bad Issuer error when trying to use tokens
Cause
When using a token to instantiate the ManagementClient, the domain that was used to generate the token must match the domain that is configured in the ManagementClient’s settings.
Solution
The node-auth0 library expects the token’s Issuer to match the provided domain, and the issuer claim within the token will match the tenant’s domain that was used in the authentication/client credential exchange to obtain the token originally.
Please note that the audience will not change between tokens issued from custom or canonical/default tenant domains, as this is purely an identifier.
e.g. When using a Management API access token that was issued via a custom domain, the ManagementClient instantiation would look like:
new ManagementClient({
domain: "CUSTOM_DOMAIN_HERE",
token: "END-USER-ACCESS-TOKEN-HERE",
audience: "https://TENANT_CANONICAL_DOMAIN_HERE.auth0.com/api/v2/"",
});
Please see the below doc link for some more information on how custom domains affect API usage: