Login issue with custom domain and embedded login

Hi guys,

I feel frustrated with your support service. I have created a ticket and nobody has answered, I also called at the phone numbers on the home page. My subscription includes support. Could anyone please help me, the ticket number is: #00456537.

1 Like

Hello, @robi1

I am sorry that you feel frustrated. Our Support team is constantly working on help our customers so I am sure they will get back to you anytime soon.

In the meantime, have you followed this documentation? https://auth0.com/docs/custom-domains/additional-configuration#embedded-lock


1 Like

@karen.bermudez, thank you for the quick reply.

I already did. this is how my Auth Object is set:

export const environment = {
auth0: {
domain: ‘login.mydomain.com’, //omitted for security
clientId: ‘**********770hjqcG’, // omitted for security
callbackURL: ${window.location.origin}/Callback ,
appURL: window.location.origin,
allowedConnections: [‘Username-Password-Authentication’],
auth0Tenant: “lockhartandleith”,
authorizationServer: {
issuer: ‘login.mydomain.com’,

In the Auth.service.ts we have:
private options = new BehaviorSubject({
auth: {
redirectUrl: environment.auth0.callbackURL,
responseType: ‘token id_token’,
audience: https://${environment.auth0.domain}/userinfo ,
params: {
scope: ‘openid profile’,
trainer_slug: ‘’
allowedConnections: environment.auth0.allowedConnections,
autoclose: true,
oidcConformant: true,
closable: false,
rememberLastLogin: false,
allowForgotPassword: true,
forgotPasswordLink: ${window.location.origin}/${this.urlSlug}/reset-password ,
configurationBaseUrl: ‘https://cdn.auth0.com’,
overrides: {
__tenant: environment.auth0.auth0Tenant,
__token_issuer: environment.auth0.authorizationServer.issuer
} as Auth0LockConstructorOptions)

this.lock = new Auth0Lock(

Any thoughts?

1 Like


After reading your code I found why you are getting an error.

If you read this documentation: https://auth0.com/docs/custom-domains/additional-configuration, it will explain the following:

If you use the Auth0 APIs, such as the Management API, the API identifier will use your default tenant domain name (such as https://YOUR_TENANT.auth0.com/userinfo and https://YOUR_TENANT.auth0.com/api/v2/ ).

Being said that, when you specify the audience to get /userinfo (when you make this call you are calling our Authentication API) you must pass your tenant url and not the custom domain, otherwise this will not work as our API does not identify your custom domain as existent.

This should solve your issue, it seems everything else looks fine on your code.

I hope I got to help you.

Thank you!


I updated my code. When I hit the login button the following is returned:
{error: “invalid_token”, errorDescription: “Issuer (iss) claim mismatch in the ID token, expec…“login.gdtr.biz”, found “https://login.gdtr.biz/””}

1 Like


If you try changing your domains adding the “https://” ?


I changed the domain to: “https://login.gdtr.biz” and got the following:
Issuer (iss) claim mismatch in the ID token, expected “login.gdtr.biz”, found “https://login.gdtr.biz/

1 Like

hmmmm, I wonder if it’s something about the Issuer configuration that is missing
I found in here https://auth0.com/docs/custom-domains/additional-configuration#apis that you should validate the JWT issuer(s) against your custom domain

I will keep searching about this specific error

Thank you!

Hello @karen.bermudez

I updated my code and now I was able to set up my custom domain using the embedded login flow. However, when disabling third party cookies I’m getting this error {error: “access_denied”, errorDescription: “Unknown or invalid login ticket.”, state: “SbGMg-h7K0Ix7gbPJFh-p7NAzTVNqXzZ”}. The reason why we paid for a custom domain was to convert third-party cookies into first-party cookies. Am I missing any configuration step?

Hi @karen.bermudez,

Did you have the chance to look in to the issue related to the “Invalid login ticket” ?