The issue was that we hadn’t added the custom domain settings to our production tenant’s universal login page’s Lock config. Really wish the error was more descriptive.
Found from: Custom domain with auth0.js getting error "You should not be hitting this endpoint" - #2 by thameera