Custom Login Methode

How about a custom login Methode for Cloudflare access?

What I mean:
My idea would be that you can login to Zero Trust in the access area of third party providers or if you have your own application or API or login method or the like. How I would implement it would be as follows.

How I would implement it
I would just add another login method name Custom. When you click on it, it will ask you for the api endpoint, header you need. What is also important to know for Cloudflare would be email, username and other information. I would simply add a code field where you then define the necessary data such as username, email and so on. (I would also add a DOCS where standard JSON data such as “username”, “email” etc. are entered so that Cloudflare can also recognise it or you define yourself which variables are used for what.

Why do I suggest such a thing?

I suggest something like this because we don’t always want to or can’t log in ourselves with GitHub or MS or Google and the function with the code via email is also such a thing with Cloudflare that we don’t like to see or use because it simply takes far too long until you even receive the email. And that would be one of the possibilities to implement an endless number of third party providers in Zero Trust.

Reference images:

Second reference Config Schema: upload://lCwPzDYjJRZ3uPZoVbJkllc2GvC.png
First reference Config Schema: upload://mo5cUXgv52QYCbO6GCSvpsLxuNg.png

Here are the last two references:

Hey @Slush thanks for your suggestion!

I like this, I just would like to note that you can already create custom providers using OpenID Connect or SAML.

One example of using this to implement a custom provider is my Discord example here: discord-oidc-worker/worker.js at main · Erisa/discord-oidc-worker · GitHub (Not an official CF product, a personal side project) - you actually only need to implement a subset of the OIDC spec, which simplifies quite a bit.

1 Like

the problem is its a bit very complicated and you need prob. to recode the existing code then its not anymore really readable for other api users or you have to register on another platform what I dont really like tbh and yea. Something like that would make it easier.

1 Like