We’ve recently switched to using a custom domain to fix issues with users that are blocking 3rd party cookies and we’re finding that this has broken our use of the impersonation API. When using impersonation through the auth0 UI or otherwise there is no option to set the issuer https://auth0.com/docs/api/authentication#impersonation. We’ve found that the issuer is always set to https://[my-sub-domain].auth0.com instead of the new custom domain https://[auth.my-domain].com
This means that when we try to use the response of the impersonation call with an application that is expecting the issuer to be our custom domain there is an issuer mis-match and authentication fails.
Is there a way to set this? If not, what is the best solution to support impersonation and not break users that are blocking 3rd party cookies?