Authenticated user email header missing after OTP login

I created a Cloudflare Access self-hosted application, with a policy to allow users with emails from a specific domain to login via One Time Pin.

The login works correctly but I am trying to get the email of logged in users.

I read that I am supposed to see the email the user used to login/pass the policy in the headers:
“Cf-Access-Authenticated-User-Email”:
“Cf-Access-Jwt-Assertion”:

Unfortunately when I login via OTP I don’t see any of these headers… does anyone know why?

There should be a CF_Authorization header in the form of a JWT. If you decode the JWT, the email will be available as a field.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.