"Service not found" Error Occurs When Using a Custom Domain for Auth0 MFA Audience
Auth0 generates a Service not found error when an application attempts to use a custom domain for the Multi-Factor Authentication (MFA) audience URL. This happens because Auth0 requires the canonical tenant domain for the audience parameter, even when utilizing a custom domain. To resolve this issue, set the audience URL to the default tenant identifier.
When using a custom domain URL such as https://<mycustomdomain.com>/mfa/, Auth0 generates the following error:
Service not found
In addition, using the canonical URL format such as https://<appname>.auth0app.com/mfa/ for the login request bypasses the Universal Login branding linked to the custom domain.
- Custom Domains
- Multi-Factor Authentication (MFA)
- Universal Login
- Auth0
When calling API endpoints such as /mfa, the specified audience must remain the canonical tenant domain, specifically https://<CanonicalDomain>/mfa, even when utilizing a custom domain on the tenant.
To resolve the error and maintain Universal Login branding, configure the application to use the canonical tenant domain for the audience parameter and maintain the custom domain for the primary authorization request.
- Set the "audience URL" parameter to the default tenant identifier, formatted as
https://<CanonicalDomain>/mfa. - Route the primary authorization request through the custom domain to maintain the Universal Login branding.
