Skip to content

Commit b9229f2

Browse files
ranbelranbel
committed
send service token in one header
1 parent fe52c30 commit b9229f2

File tree

1 file changed

+26
-1
lines changed

1 file changed

+26
-1
lines changed

src/content/docs/cloudflare-one/identity/service-tokens.mdx

Lines changed: 26 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ sidebar:
55
order: 6
66
---
77

8-
import { AvailableNotifications, Render } from "~/components";
8+
import { AvailableNotifications, Render, APIRequest } from "~/components";
99

1010
You can provide automated systems with service tokens to authenticate against your Zero Trust policies. Cloudflare Access will generate service tokens that consist of a Client ID and a Client Secret. Automated systems or applications can then use these values to reach an application protected by Access.
1111

@@ -35,6 +35,31 @@ curl -H "CF-Access-Client-Id: <CLIENT_ID>" -H "CF-Access-Client-Secret: <CLIENT_
3535

3636
If the service token is valid, Access generates a JWT scoped to the application in the form of a [`CF_Authorization` cookie](/cloudflare-one/identity/authorization-cookie/). You can use this cookie to authenticate [subsequent requests](#subsequent-requests) to the application.
3737

38+
#### Authenticate with a single header
39+
40+
You can configure a self-hosted Access application to accept a service token in a single HTTP header, as an alternative to the `CF-Access-Client-Id` and `CF-Access-Client-Secret` pair of headers. This is useful for authenticating SaaS services that only support sending one custom header in a request (for example, the `Authorization` header).
41+
42+
To authenticate using a single header:
43+
44+
1. In your Access application, specify the name of the header you want to use for service token authentication:
45+
46+
<APIRequest
47+
path="/accounts/{account_id}/access/apps/{app_id}"
48+
method="PUT"
49+
json={{
50+
"domain": "app.example.com",
51+
"type": "self_hosted",
52+
"read_service_tokens_from_header": "Authorization"
53+
}}
54+
55+
/>
56+
57+
2. Add the header to any HTTP request. For example,
58+
59+
```sh
60+
curl -H "Authorization: {"CF-Access-Client-Id": "<CLIENT_ID>", "CF_Access-Client-Secret": "<CLIENT_SECRET>"}" https://app.example.com
61+
```
62+
3863
### Subsequent requests
3964

4065
After you have [authenticated to the application](#initial-request) using the service token, add the resulting `CF_Authorization` cookie to the headers of all subsequent requests:

0 commit comments

Comments
 (0)