This seems to be a regression of Missing CORS headers for cached /.well-known/jwks.json • Auth0 Status Page
When trying to authenticate, our
<custom-domain>.com/.well-known/jwks.json file throws a CORS error client-side:
Access to fetch at 'https://login.klausapp.com/.well-known/jwks.json' from origin 'https://kibbles.klausapp.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
But when visiting the URL itself, it responds with a 502 Bad Gateway
This means that currently none of our users are able to log in. This is happening on our production tenant.