Cloudflared - service token based authentication does not work

Introduction

I have configured a TCP tunnel on Argo on one of my severs. The authentication works as expected for the rule “email_domains”. However, I want this TCP tunnel to be available to an automated build pipeline as well, and so I created a service token. I am using Terraform for managing this, and Terraform was able to generated a service token, add the “service_token” rule to the access policy pointing to the ID of the service token created.

However, when I try to access the application through: cloudflared access tcp -T <Domain> -L localhost:2222 --id <ID>.access --secret <Secret>, it opens a new browser page on my machine.

Debugging

I tried doing the same thing on a brand new VM instance with the same results. The token has not expired but for some reason, cloudflared does not recognise it. I also tried changing the rule to Any Service Token but I was met with similar results.

What is also weird is that I can not see the “Service Tokens” category under “Access → Service Auth” as mentioned by this document.

This is all I see:

I also tried using my root account to see if there were any permission issues but everything remained the same. Any help on this would be amazing.