Changing issuer value in JWT when account is accessed using custom domain

girish.chalumuri.c · February 27, 2024, 7:24am

Hello Everyone,
I am trying to access my application using custom domain in auth0 and when access token is getting generated , iss value is coming out to be my custom domain not the default auth0 domain.
I tried editing that from auth0 rules but iss still remained the same.

{
  "iss": "custom-domain.us.auth0.com", ---> this is my custom auth0 domain.
  "sub": "******",
  "aud": "https://******nrich.com",
  "scope": "*****",
  "gty": "****",
  "permissions": [
    "******"
  ]
}

but when what I actually want is

{
  "iss": "default-domain.us.auth0.com", ---> this is my default auth0 domain.
  "sub": "******",
  "aud": "https://******nrich.com",
  "scope": "*****",
  "gty": "****",
  "permissions": [
    "******"
  ]
}

i tried doing this using rules by wrting

context.accessToken.iss = “default-domain.us.auth0.com”

but this didnt change the iss in access token.

Any help on this topic would be helpful

rueben.tiow · March 1, 2024, 1:29am

Hi @girish.chalumuri.c,

Welcome to the Auth0 Community!

Yes, what you have observed is by design. The iss claim signifies the issuer, meaning the entity that generated and signed the token. So, when you access your application via your custom domain, that custom domain is identified as the issuer.

Similarly, if you log in through your canonical domain, then your canonical domain is the issuer.

This is a fixed aspect of how tokens are issued and cannot be modified once an access token has been issued.

If needed, you can still call your canonical domain to login and still issue an access token that way. Just call the login endpoint on your browser like the following:

https://{yourDomain}/authorize?
    response_type=code&
    client_id={yourClientId}&
    redirect_uri={https://yourApp/callback}&
    scope={scope}&
    audience={apiAudience}&
    state={state}

Thanks,
Rueben

girish.chalumuri.c · March 7, 2024, 3:32am

But it is not possible to call authroize end point from react code right, My application is a single page application So I cannot configure that

Please suggest a approach for this.

Thanks and regards,
Girish

rueben.tiow · March 8, 2024, 6:04pm

Hi @girish.chalumuri.c,

In the Auth0 React SDK, you would call loginWithRedirect() to initiate the authorize endpoint. (Reference: Auth0ContextInterface | @auth0/auth0-react)

Then, if you need to adjust your domain values, you can change them in the auth_config.js file. (Reference: auth0-react-samples/Sample-01/src/auth_config.json.example at master · auth0-samples/auth0-react-samples · GitHub)

system · March 22, 2024, 6:04pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.