Cloudflare Access Application - cloudflared

I have a cloudflared tunnel exposing a HTTP API…

I have created a Cloudflare Zero Trust - Application - Self Hosted

  • Service Auth using a Service Token
  • No CORS
  • I have selected “Enable automatic cloudflared authentication”

I can send a request to my API setting the CF-Access headers…

- CF-Access-Client-Id
- CF-Access-Client-Secret

I successfully receive a response from my API… and receive a Set-Cookie from Cloudflare (CF_Authorization).

For my next request… I disable the two headers (CF-Access-Client-Id, CF-Access-Client-Secret) and create a CF_Authorization header with the value of the JWT received in the Cookie.

I receive a “Cloudflare Access Error”… my origin receives no request.

I have tried every setting possible, I have read everything on the internet… I cannot seem to find a solution…