Wordpress plug-in to integrate with Cloudflare Access

It’s only early days but I thought I’d share with the community that I’ve released a WordPress plugin on WordPress.org to integrate with Cloudflare Access.

The plugin is located here: AH JWT Auth

The plugin validates an incoming JWT from a HTTP header and extracts the email claim in the JWT and signs the user in.

If a matching user doesn’t exist, one will be created with the default role set up for your WordPress install (usually the subscriber role).

The plugin is not Cloudflare Access specific (but that was the primary reason for writing the plugin) so by default it will look at the “standard” Authorization: bearer header, but this can be overridden to instead look for the Cf-Access-Jwt-Assertion header instead.

Finally this plugin won’t deny access for requests that don’t include a JWT, it just signs the user in if the request includes a JWT. After that it’s over to WordPress to handle cookies etc, so you could just protect the /wp-admin/ path for admin SSO and nothing else.

Constructive feedback is welcome.

1 Like

:exclamation:
This is freaking awesome. I am always super excited to see people who build things that make Cloudflare better. I have added this to my list of things to test (so uh… maybe in July?) and having tested some other plugins from (unnamed vendor) I am looking forward to seeing how much better yours is … because worse seems unpossible.

3 Likes