Service not enabled within domain after switch to custom domain when onboarding new users

konrad.galczynski · January 3, 2024, 2:26pm

Hello,

I have following setup:

asp net core app with custom domain set in configuration via openid connect with following code:
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.SignOutScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.ResponseType = OpenIdConnectResponseType.IdToken;
options.CallbackPath = “/”;
options.UsePkce = true;
```
      options.Authority = $"https://{configuration["Auth0Domain"]}";
      options.ClientId = configuration["Auth0ClientId"];
      options.ClientSecret = configuration["Auth0ClientSecret"];
```
auth0 with custom domain in place
two custom action wich are assigning roles to users upon login and password reset and use management API to do so

Everything works like a charm except onboarding new users. When user is created and tries to access app for the first time I can see in the Auth0 logs following message: Failed Exchange: Service not enabled within domain: https://mydomain/api/v2/. In both my actions i am creating management API like this:

const management = new ManagementClient({
  domain: event.secrets.domain,
  clientId: event.secrets.clientId,
  clientSecret: event.secrets.clientSecret,
  scope: "read:roles",
});

where domain is ‘old’ domain, not custom one. Can you point out what I am doing wrong here?
For old users both login and password change works fine

konrad.galczynski · January 3, 2024, 2:40pm

In addition to this when I compare successful exchange (for existing user) and failed exchange (for new user) I can see that failed exchange in hostname nad audience contains my custom domain whereas successful exchange in hostname and audience contains ‘old’ domain

konrad.galczynski · January 4, 2024, 10:10am

I have managed to fix this so I will leave answer here. What helped was following code:

        options.Events.OnRedirectToIdentityProvider = context =>
        {
            context.ProtocolMessage.SetParameter("audience", configuration["Auth0Audience"]);
            // logic
        }

system · January 18, 2024, 10:11am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Making a Call using the Audience Parameter Generates the Error: "Service not enabled within domain" Knowledge Articles audience	1	275	May 14, 2024
Custom domain 401 when calling management api Help auth0 , custom-domain	3	6670	September 14, 2020
API access using the custom domain Help management-api , users	2	1859	July 25, 2023
Issuer invalid with custom domain Help	5	5132	April 15, 2020
Still using custom domain on free tier Help bug , api , custom-domain	12	3693	May 6, 2021

Service not enabled within domain after switch to custom domain when onboarding new users

Related Topics