Hello Everyone,
I am trying to access my application using custom domain in auth0 and when access token is getting generated , iss value is coming out to be my custom domain not the default auth0 domain.
I tried editing that from auth0 rules but iss still remained the same.
{
"iss": "custom-domain.us.auth0.com", ---> this is my custom auth0 domain.
"sub": "******",
"aud": "https://******nrich.com",
"scope": "*****",
"gty": "****",
"permissions": [
"******"
]
}
but when what I actually want is
{
"iss": "default-domain.us.auth0.com", ---> this is my default auth0 domain.
"sub": "******",
"aud": "https://******nrich.com",
"scope": "*****",
"gty": "****",
"permissions": [
"******"
]
}
Yes, what you have observed is by design. The iss claim signifies the issuer, meaning the entity that generated and signed the token. So, when you access your application via your custom domain, that custom domain is identified as the issuer.
Similarly, if you log in through your canonical domain, then your canonical domain is the issuer.
This is a fixed aspect of how tokens are issued and cannot be modified once an access token has been issued.
If needed, you can still call your canonical domain to login and still issue an access token that way. Just call the login endpoint on your browser like the following: