Cloudflare Zero Trust: Identity error (Azure AD)

My website has been using Cloudflare Zero Trust for authentication for a few years now without issues. Suddenly users are greeted with an authentication error, stating “Failed to fetch user/group information from the identity provider”. The application uses only the Azure AD application provider (one-time PIN is disabled). Testing the authentication provider (AzureAD) gives the following error message:

Failed to get your identity

Looks like something went wrong. Here are the details.

AZURE ERROR: Failed to exchange code for token
“name”: “azureAD”,
“idpType”: “azureAD”,
“originalError”: {
“body”: “”

I’ve added the one-time PIN login method, however that doesn’t seem to have gone through properly - it doesn’t present as an option on the application.

I haven’t changed any of these settings recently. Is there an outage at Cloudflare which may be causing this issue? I’ve seen this incident appear recently, could it be related?


I have the same error. It started about 40 minutes ago. Again, no changes at all to any configuration on either Cloudflare or Microsoft’s side.

Same timing as me - last successful login was 11:59 UTC and then had a report of failure at 12:19 UTC.

Well, it does seem the problem is with Cloudflare. I’ve just tested Authorization Code Flow from Postman, and Microsoft is responding with the access code, which can be exchanged for a valid token without issues. The resulting token in JWT contains all the correct claims.

I hope Cloudflare investigates and resolves the problem quickly. It does make sense that it is somehow related to the Cloudflare pages issue mentioned.

Cloudflare are now tracking the issue:


Hi we’re having the same issue here with azure ad, in addition when we try to add an alternative mechanism to log, like one time pin, the login box does not get updated so we’re stucked here

same issue here

I have the same error.

Same issue with us.

Same issues here as well

same boat, hopefully they get it resolved soon

Replying to mark as solution.

Incidents to follow:


This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.