Invalid ID token: Issuer (iss) claim mismatch in the ID token

The application in universal login start to give this error out of nowhere . “Issuer (iss) claim mismatch in the ID token, expected “https://https://auth0-domain.us.auth0.com/”, found “https://auth0-domain.us.auth0.com/””

Hi there @codexitos welcome to the community!

That’s bizarre this seemingly came out of nowhere as I suspect it’s do to a misconfiguration in application code. This is typically caused by setting the incorrect issuer (i.e. https://https://auth0-domain.us.auth0.com/) on the Auth0Provider or similar interface in the SDK you’re working with. The issuer defined in the configuration linked is what’s used in validation of the ID token - Omitting the issuer will default to the domain which should avoid this issue as well.

Hope this helps at least give you an idea of what might be going on!

i have some information about your question which i shared, ID tokens are used in authentication processes to verify the identity of a user. The issuer claim indicates the entity that issued the token, usually an identity provider or an authentication server. When validating the ID token, the receiving party checks whether the issuer claim matches the expected value to ensure the token’s authenticity and integrity.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.