My website has been using Cloudflare Zero Trust for authentication for a few years now without issues. Suddenly users are greeted with an authentication error, stating “Failed to fetch user/group information from the identity provider”. The application uses only the Azure AD application provider (one-time PIN is disabled). Testing the authentication provider (AzureAD) gives the following error message:
Failed to get your identity
Looks like something went wrong. Here are the details.
AZURE ERROR: Failed to exchange code for token
{
“name”: “azureAD”,
“idpType”: “azureAD”,
“originalError”: {
“body”: “”
}
}
I’ve added the one-time PIN login method, however that doesn’t seem to have gone through properly - it doesn’t present as an option on the application.
I haven’t changed any of these settings recently. Is there an outage at Cloudflare which may be causing this issue? I’ve seen this incident appear recently, could it be related?
Well, it does seem the problem is with Cloudflare. I’ve just tested Authorization Code Flow from Postman, and Microsoft is responding with the access code, which can be exchanged for a valid token without issues. The resulting token in JWT contains all the correct claims.
I hope Cloudflare investigates and resolves the problem quickly. It does make sense that it is somehow related to the Cloudflare pages issue mentioned.
Hi we’re having the same issue here with azure ad, in addition when we try to add an alternative mechanism to log, like one time pin, the login box does not get updated so we’re stucked here