What is the name of the domain?
What is the issue you’re encountering
I’ve created a Zero Trust access applicaton that points at a cloudflare worker. The application user Azure AD. Authentication completes successfully but the worker can’t validate the jwt
What steps have you taken to resolve the issue?
The worker directs to the access application, I’m able to log in via SSO but then I get the no app token set error. I’ve extracted the jwt from the console and I get the same error when testing with curl. I’ve decoded the jwt and it appears valid and the aud tag matches the application. Here is the relevant section of worker code:
export default {
async fetch(request, env, ctx) {
const { pathname } = new URL(request.url);
// Check if the request has been authenticated by Cloudflare Access
const cfProperties = request.cf || {};
const authorization = request.headers.get('cf-access-jwt-assertion');
if (!authorization) {
// If there's no Cloudflare Access JWT, redirect to login
return Response.redirect('https://<redacted>.cloudflareaccess.com/cdn-cgi/access/login/<app-id-redacted>', 302);
}
try {
// Verify the JWT from Cloudflare Access
const jwt = await fetch('https://<redacted>.cloudflareaccess.com/cdn-cgi/access/get-identity', {
headers: {
'Authorization': `Bearer ${authorization}`,
}
});
if (jwt.status !== 200) {
return new Response('Access Denied', { status: 403 });
}