Hi @kaylakantola and welcome to the Auth0 Community!
Thanks for reaching out, let me see if I can help. I was just able to spin up a React App that uses the Auth0-SPA-SDK + Universal Login with Passwordless Lock + Custom Domain using an email code to try and have something close to what you’re working with. Were you able to get this flow working when you weren’t using a Custom Domain?
The error you’ve identified invalid request: ... can stem from a few things such as Auth0 not identifying the correct tenant for the custom domain. Was this custom domain previously used by a tenant that was deleted?
The only difference I can see at this point from the code you’ve shared is I didn’t include an audience parameter in my createAuth0Client and haven’t been able to replicate your error as of yet. If you wouldn’t mind sending along a .har in a DM of this interaction then I’d be happy to look at this further.
Best Regards,
Colin