Warp-cli: --access-client-id and --access-client-secret no longer exist?

Hello,

How I can enroll linux device without GUI with warp-cli?

Seems like --access-client-id and --access-client-secret no longer exist?

[email protected]:~# warp-cli --version
WARP 2022.4.235

warp-cli teams-enroll --help
warp-cli-teams-enroll
Enroll with Cloudflare for Teams

USAGE:
warp-cli teams-enroll

FLAGS:
-h, --help Prints help information
-V, --version Prints version information

ARGS:

I have the same question. How are we supposed to link servers up with warp-cli? These are not users logging in “for the day”, they need to be always up and connected. I got the impression this is what service tokens were for…why would you remove this functionality?

Yes it’s crazy it was availiable when we were on Free plan, now paying Standard and thinking about Enterprise and this feature dissapear…

We need more stability of core features in SECURITY SOFTWARE because Cloudflare for Teams is now announced as SECURITY SOFTWARE.

  1. Go to https://teamname.cloudflareaccess.com/warp.
  2. Open DevTools.
  3. Login.
  4. When you get a prompt about opening a link with Cloudflare WARP, press cancel.
  5. Look at the request to auth?token=<blah> & copy the Request URL that starts with com.cloudflare.warp
  6. Run warp-cli teams-enroll-token "<paste that Request URL here>"

Ideal? Probably not - but it works.

Source: strings on /usr/bin/warp-cli

image

Maybe the Zero Trust team can chime in with a more seamless flow.

Kian,

Thanks for looking into this, I realize this is outside your scope. This doesn’t work in practice. I’m doing a fresh install on an Ubuntu 20.04 VM (I can post every single step if you’d like). The main thing is that I do the warp-cli register and warp-cli connect and those work fine.

I can certainly follow your directions, that isn’t the issue. I can run warp-cli teams-enroll-token ... and I get a Success in response. But it isn’t actually making things any better. It is actually making things works. After running register and connect if I run curl https://www.cloudflare.com/cdn-cgi/trace/ I get warp=on but gateway=off. My hope was that by running warp-cli teams-enroll, I could get gateway=on as well. But, in fact, after running the commands you suggest, not only do I get gateway=off, I also get warp=off, i.e., is appears to cancel out the previous warp-cli connect command.

Keep in mind, I’d obviously like scriptable way of implementing this for each new VM we try to deploy. So yes, in that sense it isn’t ideal. But that isn’t the part that is so frustrating here, it is the fact that none of this is even documented (and by that I mean in the documentation). Installing to headless Linux servers is a HUGE part of our use case and it is a bit shocking to me that while “Linux support” has been touted for some time, this particular use case seems to have been completely ignored. I’m not complaining, you’ve gone out of your way to help. But I’m just pointing out that a little bit of documentation could go a long way here in improving support for what must be a common use case (that or I do not understand at all what this product is for…which is entirely possible).

In any case, I’m still completely stuck.