Marcin
CDCloudflare Developers
•Created by Marcin on 11/7/2023 in #workers-help
Service Auth in Worker with Service Token
Hi, I'm implementing a private API using Workers and want to secure access to it using Service Tokens. I've got a Worker set up and working in Access but wondering what the typical usage is supposed to be from the perspective of the client/caller.
Is the caller supposed to:
1) pass in the
CF-Access-Client-Id and CF-Access-Client-Secret headers on every API call; - OR -
2) Obtain the JWT from CF_Authorization and pass that on subsequent API requests until the JWT times out at which point it will have to supply CF-Access-Client-Id and CF-Access-Client-Secret again to get a new JWT
Thanks for any insights on best practices1 replies