Verify zerotrust access token
Is there anyway to have a 3rd party server verify the zero trust JWT token. I have Google Oauth setup as the authentication but I'd like to be able to verify the JWT when extracting the email from the server as part of an API call.
3 Replies
Yes see https://developers.cloudflare.com/cloudflare-one/identity/authorization-cookie/validating-json/
Validate JWTs · Cloudflare Zero Trust docs
When Cloudflare sends a request to your origin, the request will include an application token as a Cf-Access-Jwt-Assertion request header and as a …
thank you!
More info on the paylod is https://developers.cloudflare.com/cloudflare-one/identity/authorization-cookie/application-token/#payload
Application token · Cloudflare Zero Trust docs
Cloudflare Access includes the application token with all authenticated requests to your origin. A typical JWT looks like this: