Auth0 Home Blog Docs

Implicit grant custom domain: identitity provider login returns auth0 domain iss

jwt
auth0
login

#1

I am in the process of switching to a custom domain for our SPA with implicit grant authorization method, using auth0-js v9.7.2. Authentication on auth0 domain works fine with username/password as well as identity providers. However when using the custom domain it seems that the token issuer value differs when attempting to login via an identity provider, so username/password still works, but via identity provider I get the following error:

{error: “invalid_token”, errorDescription: “Issuer https://mydomain.eu.auth0.com/ is not valid.”}

Explicitly setting the token issuer by adding __token_issuer: ‘https://mydomain.eu.auth0.com/’ as an option resolves the issue for authentication via identity provider, but then introduces a similar error for username/password authentication stating:

{error: “invalid_token”, errorDescription: “Issuer https://login.mydomain.com/ is not valid.”}

Due to this, I can not get both authentication methods functioning via a custom domain at the same time. The document on https://auth0.com/docs/custom-domains states that the iss claim should always be the domain via which the request was done, but this does not appear to be the case here.