Bug fix request: OpenID Provider Configuration Information for Cloudflare Access

Cloudflare Access makes extensive use of JWTs in the CF_Authorization cookie and elsewhere as well.

Validate JWTs makes use of jwt.io which fails automatic signature checks by default due to the lack of a /.well-known/openid-configuration document, as defined in:

OpenID Providers supporting Discovery MUST make a JSON document available at the path formed by concatenating the string /.well-known/openid-configuration to the Issuer.
Final: OpenID Connect Discovery 1.0 incorporating errata set 2

However, when concactenating the above well-known uri to the iss value, it returns a 404, kindly fix this so that it’ll be easier to manually verify signatures and help this conform the JWTs to well-known standards.

Thank you

This should be fixed now! Give it a try. Thank you for reporting :slight_smile: good little usability improvement.