You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Matthew Gall 0c23fda078 RELEASE 1.0.4 2 weeks ago
.gitignore Initial commit 3 weeks ago Added 3 weeks ago
index.js Added JWT decoded as a return to the Promise 2 weeks ago
package.json RELEASE 1.0.4 2 weeks ago

Cloudflare Workers Access

Authenticate with Cloudflare Access from within a Cloudflare Worker.


npm install --save @matthewgall/cfaccess-jwt


import { CFAccess } from "@matthewgall/cfaccess-jwt";

const POLICY_AUD = "9607121bab7ceeed691bc06782b5030c7e054a27e3f98467b79f97a5f3708112";

async handleRequest(request) {
    // We are going to enforce Cloudflare Access
    let access = new CFAccess(AUTHENTICATION_DOMAIN, POLICY_AUD)
    access = await access.validate(request)

    if (access['valid']) {
        output = {
            "success": true,
    else {
        output = {
            "success": false,

    return new Response(JSON.stringify(output, null, 2), {
        status: 403,
        headers: Headers

addEventListener("fetch", (event) => {

CFAccess takes two parameters:

  1. The team domain, provided when you signed up for Cloudflare Teams:

  2. Optionally, two further parameters

    • aud: The "Audience Tag" of your Access Policy.
    • tolerance: Number of seconds of leeway for validating exp and nbf claims. Defaults to 0.

When you're ready to check, call the validate() function with either a request object or a JWT string. This will return a Promise and eventually an object:

  • Promise.valid will contain the status of the JWT
  • Promise.message will contain any reasons for failure to validate