Impersonation with custom domain

We’ve recently switched to using a custom domain to fix issues with users that are blocking 3rd party cookies and we’re finding that this has broken our use of the impersonation API. When using impersonation through the auth0 UI or otherwise there is no option to set the issuer https://auth0.com/docs/api/authentication#impersonation. We’ve found that the issuer is always set to https://[my-sub-domain].auth0.com instead of the new custom domain https://[auth.my-domain].com

This means that when we try to use the response of the impersonation call with an application that is expecting the issuer to be our custom domain there is an issuer mis-match and authentication fails.

Is there a way to set this? If not, what is the best solution to support impersonation and not break users that are blocking 3rd party cookies?

Hi @gshaw - Thank you for posting on Auth0 community. Welcome! :wave:

Regarding your issue, impersonation is not currently a supported feature when using a custom domain. Please reference the following document regarding custom domain supported features: https://auth0.com/docs/custom-domains#auth0-features-that-use-custom-domains

Unfortunately, we do not currently have an ETA for when this feature will be available, but please keep an eye on the custom domain documentation for the addition of other supported features.

Thank you for your understanding