You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
Matthew Gall 0c23fda078 RELEASE 1.0.4 2 weeks ago
.gitignore Initial commit 3 weeks ago
README.md Added README.md 3 weeks ago
index.js Added JWT decoded as a return to the Promise 2 weeks ago
package.json RELEASE 1.0.4 2 weeks ago

README.md

Cloudflare Workers Access

Authenticate with Cloudflare Access from within a Cloudflare Worker.

Installation

npm install --save @matthewgall/cfaccess-jwt

Usage

import { CFAccess } from "@matthewgall/cfaccess-jwt";

const AUTHENTICATION_DOMAIN = "matthewgall.cloudflareaccess.com";
const POLICY_AUD = "9607121bab7ceeed691bc06782b5030c7e054a27e3f98467b79f97a5f3708112";

async handleRequest(request) {
    // We are going to enforce Cloudflare Access
    let access = new CFAccess(AUTHENTICATION_DOMAIN, POLICY_AUD)
    access = await access.validate(request)

    if (access['valid']) {
        output = {
            "success": true,
        }
    }
    else {
        output = {
            "success": false,
        } 
    }

    return new Response(JSON.stringify(output, null, 2), {
        status: 403,
        headers: Headers
    })
}

addEventListener("fetch", (event) => {
  event.respondWith(handleRequest(event.request));
});

CFAccess takes two parameters:

  1. The team domain, provided when you signed up for Cloudflare Teams: https://developers.cloudflare.com/cloudflare-one/setup#set-up-cloudflare-access

  2. Optionally, two further parameters

    • aud: The "Audience Tag" of your Access Policy.
    • tolerance: Number of seconds of leeway for validating exp and nbf claims. Defaults to 0.

When you're ready to check, call the validate() function with either a request object or a JWT string. This will return a Promise and eventually an object:

  • Promise.valid will contain the status of the JWT
  • Promise.message will contain any reasons for failure to validate