I’d like to use Cloudflare Access to protect an AWS API Gateway HTTP API.
API Gateway has native support for JWT Authorizers, however it tries to fetch keys by assuming the jwks_uri is /.well-known/openid-configuration
. Is it possible to add support for this path to cloudflareaccess.com
?
In the meantime, I assume I can use a worker to make this path available on another domain (it would rewrite requests to /cdn-cgi/access/certs
). However, this is just a guess because I couldn’t find any documentation on the specification the response there follows - there’s a format implied by Validate JWTs · Cloudflare Zero Trust docs but a definite schema would be nice.
1 Like
Looking a little closer, I don’t think the two URLs are equivalent. Instead, the well-known path would simply return some configuration values including the fact that /cdn-cgi/access/certs
should be used for fetching keys: Get OpenID Connect Well-Known Configuration | OAuth Authorization Server Discovery Service | Akana OAuth API
1 Like
Hi, Im trying to implement the same functionality.
Can you please let me know if you were able to get it done, and how did u made it?
Thank you
Hey,
Sorry for the slow response!
I ended up going down a slightly different route. I have a Cloudflare Worker, and the worker checks that a request is authenticated with Cloudflare acccess and then issues some temporary AWS credentials if so.
Hoping to write a blog post about this soon! Will share here if I get to it.
1 Like
Hey
Thank you, I used auth0 instead