diff --git a/index.js b/index.js
index 3da437e..68cb4fd 100644
--- a/index.js
+++ b/index.js
@@ -55,14 +55,28 @@ app.get('/.well-known/oauth2-client-configuration', function(req, res) {
   });
 });
 
+
+function jwtMiddleware(req, res, next) {
+  const rta = req.webtaskContext.data.AUTH0_RTA || 'https://auth0.auth0.com';
+  const middleware = expressJwt({
+    secret: rsaValidation({ strictSSL: true }),
+    algorithms: ['RS256'],
+    getToken: function(req) { return req.body.access_token; },
+
+    /**
+     * Note: We're normalizing the issuer because the access token `iss`
+     * ends in a slash whereas the `AUTH0_RTA` secret does not.
+     */
+    issuer: rta.endsWith('/') ? rta : `${rta}/`,
+  })
+
+  return middleware(req, res, next);
+}
+
 app.post(
   '/',
   bodyParser.urlencoded({ extended: false }),
-  expressJwt({
-    secret: rsaValidation({ strictSSL: true }),
-    algorithms: ['RS256'],
-    getToken: function(req) { return req.body.access_token; }
-  }),
+  jwtMiddleware,
   function(req, res) {
     if (
       req.user.aud === req.audience ||
diff --git a/package.json b/package.json
index 547d075..9077f92 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "auth0-extension-realtime-logs",
-  "version": "1.3.5",
+  "version": "1.3.6",
   "description": "Access real-time webtask logs",
   "scripts": {
     "build": "npm run clean && npm run extension:build",