A root-cause analysis for this issue has been performed and is now available at https://cdn.auth0.com/blog/20210120-Incident-RCA.pdf
This incident has been resolved.
The fix has finished being deployed and we are monitoring the results
The fix is in the process of being deployed
We have determined the cause of the issue and now have a possible fix; we are working on reviewing it and preparing its deployment.
We have identified an issue where requests to the /.well-known/jwks.json endpoint performed in the scope of a CORS request may receive a response without the necessary CORS response headers. This prevents the user-agent from allowing access to the response body. We are currently working on a fix.