JWT OIDC Token in Workers

matthew36 · March 26, 2025, 2:30pm

Type

New feature

Description

Automatic JWT OIDC Tokens in Workers Delivered by a Cloudflare Managed Trust Store

Benefit

At the moment, secrets need to be hardcoded as environment variables which makes them a little hard to change when automatic rotation etc is needed. It would be so cool if Cloudflare could inject an OIDC JWT token signed by a Cloudflare managed trust (with the subject as the Workers name) somewhere where it can be accessed by the executing code (file system or the context in the runtime).

This is a practice that’s employed and considered best practice by Github Actions Workflows (see About security hardening with OpenID Connect - GitHub Docs)

Topic		Replies	Views
OpenID Connect Authentication for Cloudflare API Feature Request Submitting & Feedback	2	1864	January 2, 2025
Verify Auth0 token in Worker Cloudflare Workers	4	3191	November 25, 2023
Worker auth with Zero Trust Workers	2	2605	February 10, 2023
Alternatives to storing service token secrets in browser extension Developers	1	404	January 29, 2024
How to upload Worker with API Token? Workers	5	3651	April 7, 2021

JWT OIDC Token in Workers

Type

Description

Benefit

Related topics