Skip to content

Commit d8df357

Browse files
ranbelranbel
committed
access jwt verification
1 parent 19432cb commit d8df357

File tree

1 file changed

+9
-3
lines changed
  • src/content/docs/cloudflare-one/identity/devices/service-providers

1 file changed

+9
-3
lines changed

src/content/docs/cloudflare-one/identity/devices/service-providers/custom.mdx

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -13,19 +13,25 @@ Cloudflare Zero Trust allows you to enforce custom device posture checks on your
1313
```mermaid
1414
sequenceDiagram
1515
participant WARP
16+
participant Cloudflare Access
1617
participant External API
17-
WARP->>External API: Client ID and Secret
18+
WARP->>Cloudflare Access: Client ID and Secret
19+
Cloudflare Access->>External API: Application token
1820
WARP->>External API: JSON with user and device identity
1921
External API-->>WARP: JSON with 0-100 result
2022
```
2123

2224
## External API requirements
2325

24-
The custom service provider integration works with any API service that meets the following request/response specifications. Sample code is available in our GitHub repository. To learn how to build a custom external API, refer to our [Create custom device posture checks with Workers](/cloudflare-one/tutorials/custom-device-posture-workers) tutorial.
26+
The custom service provider integration works with any API service that meets the following specifications. To get started with building a custom external API, refer to the sample code and our [Create custom device posture checks with Workers](/cloudflare-one/tutorials/custom-device-posture-workers) tutorial.
27+
28+
### Authentication
29+
30+
The WARP client authenticates to the external API through Cloudflare Access. The external API should [validate the application token](/cloudflare-one/identity/authorization-cookie/validating-json/) issued by Cloudflare Access to ensure that any requests which bypass Access (for example, due to a network misconfiguration) are rejected.
2531

2632
### Data passed to external API
2733

28-
Cloudflare will pass the following parameters to the configured API endpoint. You can use this data to identify the device and assign a posture score. For some devices, not all identifying information will apply, in which case the field will be blank.
34+
Cloudflare will pass the following parameters to the configured API endpoint. You can use this data to identify the device and assign a posture score. For some devices, not all identifying information will apply, in which case the field will be blank. A maximum of 1000 devices will be sent per a request.
2935

3036
| Field | Description |
3137
| ----- | ----------- |

0 commit comments

Comments
 (0)