Service token auth returning forbidden

Zero Trust Access
1

What is the name of the domain?

n/a

What is the issue you’re encountering

I have a service token, but the policy is not letting me through, when I curl it comes back with 403 forbidden

What are the steps to reproduce the issue?

curl -L -H “CF-Access-Client-Id: .access” -H “CF-Access-Client-Secret: ” -H ‘Cache-Control: no-cache’

2

My policy is set up like so:

Screenshot 2025-03-01 at 8.34.24 PM
Screenshot 2025-03-01 at 8.34.24 PM1920×1167 119 KB

But CURL is still returning forbidden.

3

And my access like so:

Screenshot 2025-03-01 at 8.35.35 PM
Screenshot 2025-03-01 at 8.35.35 PM2518×932 182 KB

4

curl command: curl -L [urlredacted] -H “CF-Access-Client-Id: [ID].access” -H “CF-Access-Client-Secret: [secret]” -H ‘Cache-Control: no-cache’