Access Service Tokens not working?
I'm trying to use Service Tokens with Cloudflare Access but they are seemingly not working...
Steps taken:
1. Created service token
2. Added
CF-Access-Client-Id and CF-Access-Client-Secret headers
3. Added an Include rule for the service token in question in the Access application's additional rules
Cloudflare just completely ignores the CF-Access-Client-Id and secret and shows that it has never been used before, and it redirects to the Cloudflare Access sign in page.
In desperation, I also added rules to allow any access service token both to the application and the access group of the application, which also did not work.
I've tried it from a Cloudflare Worker, Curl, and Fiddler and in any case despite passing the CF-Access headers it just redirects without giving a JWT.
Am I missing anything?
5 Replies
Does the rule have the Service Auth action?
oh shoot, I think you're right
I'll double check that
I'll let you know if that fixes it
So far, it's still not working, but I've seen Access not update its rules immediately before so
Does it matter what order these are in? I put Service Auth on top for now.
For now I just said it can allow any Service Auth token
(and yes i did click Save Policy and Save Application , i've forgotten to do that before LOL)
@kiannh OKAY THANK YOU THAT WORKED :D
I neglected that detail when trying to set this up <.<