I’d like to use Cloudflare Access to protect an AWS API Gateway HTTP API.
API Gateway has native support for JWT Authorizers, however it tries to fetch keys by assuming the jwks_uri is /.well-known/openid-configuration. Is it possible to add support for this path to cloudflareaccess.com?
In the meantime, I assume I can use a worker to make this path available on another domain (it would rewrite requests to /cdn-cgi/access/certs). However, this is just a guess because I couldn’t find any documentation on the specification the response there follows - there’s a format implied by https://developers.cloudflare.com/access/setting-up-access/validate-jwt-tokens/#programmatic-verification but a definite schema would be nice.