I’ve run into a situation whereby we’re developing a new frontend for our stack and want that deployed in tandem with the existing frontend. I’m using Cloudflare Access for our dev and stage environments and am authenticating into CF via OIDC.
It would seem that there’s no way to make an access policy work with multiple domains - it’s a single field and I can’t see any documentation that would suggest that you can use regex patterns for the subdomain. So I tried to create another access policy, but it would seem that new access policies are scoped to a different audience.
Our backend uses the audience to validate the jwt that the frontend passes from CF to it. Short of deploying our backend twice, I can’t see any way to work this.
Does anyone have any suggestions?