Only the 1st Service Token in rules / policies being accepted
What are the steps to reproduce the issue?
I’ve had Service Auth Rules setup in Access for well over a year, with multiple service token rules included. It has worked totally fine during that time. However as of 5/28 around 4PM UTC, only the 1st service token listed in a policy (or rule) is accepted now. Any subsequent tokens will fail authentication. I’ve confirmed the tokens are not expired, etc.
Again, I haven’t edited anything on my side, this seems to be due to a change by Cloudflare. I’m on the free plan for Access, if that makes any difference.
I also ran into this problem. I have 3 service tokens in a single rule in a policy and did some further testing. All three service tokens were successfully granted access when I accessed my service through a browser. However, only the first service token granted access using:
This went away for a few days, but now is back to being broken again as of June 7th.
Edit: I believe I figured out a possible solution today, if you add a “require” rule with “any access service token”, then it seems to allow for any number of individual service tokens being added in the “include” rule group. Will then properly evaluate all of them.
We encountered the same problem on 5/28 around 4PM UTC, a number of systems just suddenly stopped working. Trying multiple Service Auth rules in a different Cloudflare account worked ok (also on the free plan), so seems to only be affecting some accounts.
Still having the issue on 9th June, thank you for the workaround of adding both a “require” and “include” rule.
