janj
CDCloudflare Developers
•Created by janj on 2/24/2025 in #workers-help
workers and cf access jwt validation
I saw multiple mentions online that users are doing jwt validation in cf workers because they saw the cloudflare docs mentioning you need to validate jwt tokens on your origin when access is used in front of a backend. But as far as i understand workers with access is not comparable to an internet reachable origin but comparable to an internal only cluster with an auth proxy. As neither "private only services behind a security proxy" nor "cloudflare workers with cf access" are reachable without going through the auth proxy they completely delegate security to that proxy and can trust the claims they get. Am i missing anything or is this a valid security assumption?
10 replies