Custom domain with auth0.js getting error "You should not be hitting this endpoint"


I’m currently instantiating Auth0 with my custom domain using auth0.js in a custom login with on my website.


var customDomainAuth0 = new auth0.WebAuth({
    domain: customDomain,
    configurationBaseUrl: '',
    clientID: clientId,
    redirectUri: callbackUrl,
    responseType: 'token'

I then issue an authorize when user presses a button and encounter the error “You should not be hitting this endpoint. Make sure to use the code snippets in the tutorial or contact for help”

    connection: enterpriseConnection,
    scope: 'openid',
    responseType: 'code',
    redirectUri: callbackUrl

All of this code works fine using the Auth0 issued tenant domain (, and I’m not quite sure what I’m missing here. I read that custom domains was supported if you use the /authorize endpoint, so assumed that it would work with my configuration.

Any help would be much appreciated.


1 Like

This error can appear if you haven’t done the additional configuration required in the hosted login page?

It says it’s for the hosted login page though. I’m using a custom login, do they still apply to here? Also, what values would I use? I understand that the config.auth0Tenant probably means my tenant name. But what about the config.authorizationServer.issuer?

The only value you need to manually specify there is your custom domain - all other values are derived from the variables. Here’s an example:

      configurationBaseUrl: config.clientConfigurationBaseUrl,
      overrides: {
        __tenant: config.auth0Tenant,
        __token_issuer: 'SET_CUSTOM_DOMAIN_HERE'

You should only change the SET_CUSTOM_DOMAIN_HERE value to something like

By the way, if you are using the Auth0.js code snippet you posted in a custom login page (not hosted login), you need not specify the configurationBaseUrl parameter.

If this doesn’t help, can you capture an HTTP trace during the error and DM that to me?

Hi Thameera, I’m sorry but I don’t think I quite understand. You said that I only need to set the 'SET_CUSTOM_DOMAIN_HERE, but I’m pretty sure that I’m meant to set the tenant as well to my tenant name? Either way, I’ve tried setting the overrides value and am still getting the error. I’ve DMed you my HTTP Trace.

The tenant is automatically deduced at runtime - it’s populated in the config object. So you don’t need to set them there.
Based on the HAR file it looks like you don’t have this snippet in the Lock config in the hosted login page.

Solved the problem, thanks @thameera.

I had Hosted Login Page enabled, even though I didn’t require it. However because it was enabled, my calls from app to Auth0 were getting rerouted to the HLP, and therefore I received the errors above. I simply had to turn HLP off to get it working.

1 Like

Glad you made it! Thanks for sharing it at the end with rest of community @intergalena!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.