Using service token for all requests with Cloudflare Zero Trust
I'm using Cloudflare Zero Trust to access an API from the Next.js server-side. For this I'm using the service token headers I've generated with Cloudflare. The docs mention that these are for the initial request in the example. Where the initial response returns an authorization cookie. The example in the docs show that you should use the auth cookie for requests after the initial one.
I've tried both the service token headers and the authorization cookie in Postman and both seem to give very similar request latency (30-90ms range). Because the requests are done on the Next.js server-side I would need to store the auth cookie somewhere to use for requests after the first. Let's say Cloudflare KV for this example. Is there a downside to keep using the service token headers for each request instead of the auth cookie? This would save the server-side a trip to KV to get the auth cookie, gains might be small because KV is fast, but might be still worth it. The docs don't feel very clear in why the auth cookie should be used, that's why I'm asking ๐
Cloudflare Docs
Service tokens ยท Cloudflare Zero Trust docs
You can provide automated systems with service tokens to authenticate against your Zero Trust policies. Cloudflare Access will generate service tokens that consist of a Client ID and a Client Secret. Automated systems or applications can then use these values to reach an application protected by Access.
0 Replies