Invalid iss: MY_CUSTOM_DOMAIN

Hey all!

We recently added a custom domain to our account (customdomain.oursite.com). We followed the instructions about a CNAME, that has been configured correctly. I then started to update our application, as per these docs. Our application is older, and we are still using /delegation .

After the user logs in, we send a request to /delegation , which works fine with our auth0 domain (oursite.auth0.com), however, when we switched our application to using customdomain.oursite.com , we now get a 401 error from /delegation . The error is invalid_iss : https://customdomain.oursite.com/

Extra Info
This is what our front-end config looks like:

	window.IA_CONFIG = {
		AUTH0_DOMAIN: 'customdomain.oursite.com',
		AUTH0_CLIENTID: 'redacted',
		AUTH0_CONNECTION: 'connectionname',
	};

Our back-end config looks like this:

  "Auth0": {
    "Domain": "customdomain.oursite.com",
    "ClientId": "recdacted",
    "ApiUrl": "https://customdomain.oursite.com/api/v2/",
    "TokenUrl": "https://customdomain.oursite.com/oauth/token",
  }
}

Critical note: if we change our front-end config to use oursite.auth0.com , everything works as expected. The custom domain /delegation endpoint does not recognize our expected iss claim (customdomain.oursite.com)

Hi @james13, I’m afraid that endpoint does not support custom domains.

If your setup allows, you may be able to achieve the flow you need using silent authentication to get a 2nd token for a different audience without needing the user to log in again, instead of using the /delegation endpoint.

Will try this out and mark as solution if it works. I was hoping we wouldn’t have to move off of /delegation, but your answer makes sense! Trying this out now…