Cloudflare Access & JWT Verification using Java. -403 result-

Hi All, i am using cloudflare access and it seems very promising.

I am trying to validate the generated JWT Token using the basic instructions found at (validate-jwt-tokens) [https://developers.cloudflare.com/access/setting-up-access/validate-jwt-tokens/].

I am able to validate it using jwt.io, but now i will have to programmaticaly verify the token. I am using java and the the auth0 library.

My input is

  1. the stored cookie jwt-value with name “CF_Authorization”
  2. the rsa-public-key found at ‘.{my-domain}/cdn-cgi/access/certs’

The problem is that when i try to access programmaticaly the ‘.{my-domain}/cdn-cgi/access/certs’, i am receiving a ‘403’ error code.

I have already validate the cooki-token if i hardcode the public-key in my code, but i assume that i will need to retrieve from the url and not keep it in my code.

Do i have to use specific request-header or something to retrieve the rsa-public-key details programmaticaly ?

It seems that when i use a not-null ‘user-agent’ i am able to read the keys.

Thank you for your time & help.