Unable to authorized with the custom domain

Hi,
I successfully setup a custom domain and it was verified. Updated my custom Login Page with the needed settings mentioned in the documentation.
But when I tried to do a test cURL with the custom domains, I got
{"error":"access_denied","error_description":"Service not enabled within domain: https://devlogin.<domain>.com/api/v2/"}
and this is my cURL.
curl --request POST \ --url https://devlogin.<domain>.com/oauth/token \ --header 'content-type: application/json' \ --data '{"client_id":"<clientId>","client_secret":"<clientSecret>","audience":"https://devlogin.<domain>.com/api/v2/","grant_type":"client_credentials"}'

Anyone from the community can help me solve my issue?

Thanks so much!

4 Likes

:wave: @ebony

It seems you are passing the custom domain here:

If you are using the Management API then the API identifier will actually use your default tenant domain name, https://<default-tenant-name>.auth0.com/api/v2/, instead of the custom domain.

4 Likes

just to clarify for others that may be viewing this post - if you get an Access Token for the Management API using an authorization flow with your custom domain, then the Management API must be called using the custom domain.

So to elaborate, we obtain the access token using the custom domain /oauth/token endpoint, but we use the Auth0 domain as the audience since the API Identifier of the Management API will still use the default Auth0 domain. And then when we call the Management API, we use our custom domain.

For example:

POST https://mycustomdomain.com/oauth/token
... // other parameters 
...
audience:https://defaulttenant.auth0.com/api/v2/

and then

GET https://mycustomdomain.com/api/v2/clients

Headers:
Authorization: Bearer <access_token>
7 Likes

Thanks Kim. I set up client apps and the management API against the default domain, then later created a custom domain. Is there a way to retroactively change all of my settings to now reference the custom domain? Those fields look to be disabled now.

I seem to have the same problem. My Tenant settings shows the custom domain as “ready”, but within each application settings the domain field is greyed out and cannot be changed. I also tried creating a new application, but it was created with the default domain, again without any apparent way to change it.

FWIW, I’m trying to get this to work with the Wordpress plugin. The docs don’t seem to be super explicit, but I’m guessing that to start using the custom domain I should change the domain field in the relevant application, and the domain field in the WP plugin.

So @kimcodes is there an answer to @taylor? There is no apparent way to change the client apps. For me, impersonation is broken as a result (among other problems)

I’ve created a new topic for the issue described in the previous three comments: Custom domains with Social Connections