Service not enabled within domain after switch to custom domain when onboarding new users


I have following setup:

  • asp net core app with custom domain set in configuration via openid connect with following code:
    .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
    options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    options.SignOutScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    options.ResponseType = OpenIdConnectResponseType.IdToken;
    options.CallbackPath = “/”;
    options.UsePkce = true;

          options.Authority = $"https://{configuration["Auth0Domain"]}";
          options.ClientId = configuration["Auth0ClientId"];
          options.ClientSecret = configuration["Auth0ClientSecret"];
  • auth0 with custom domain in place

  • two custom action wich are assigning roles to users upon login and password reset and use management API to do so

Everything works like a charm except onboarding new users. When user is created and tries to access app for the first time I can see in the Auth0 logs following message: Failed Exchange: Service not enabled within domain: https://mydomain/api/v2/. In both my actions i am creating management API like this:

const management = new ManagementClient({
  domain: event.secrets.domain,
  clientId: event.secrets.clientId,
  clientSecret: event.secrets.clientSecret,
  scope: "read:roles",

where domain is ‘old’ domain, not custom one. Can you point out what I am doing wrong here?
For old users both login and password change works fine

In addition to this when I compare successful exchange (for existing user) and failed exchange (for new user) I can see that failed exchange in hostname nad audience contains my custom domain whereas successful exchange in hostname and audience contains ‘old’ domain

I have managed to fix this so I will leave answer here. What helped was following code:

        options.Events.OnRedirectToIdentityProvider = context =>
            context.ProtocolMessage.SetParameter("audience", configuration["Auth0Audience"]);
            // logic

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.