Wordpress plug-in to integrate with Cloudflare Access

It’s only early days but I thought I’d share with the community that I’ve released a WordPress plugin on WordPress.org to integrate with Cloudflare Access.

The plugin is located here: AH JWT Auth

The plugin validates an incoming JWT from a HTTP header and extracts the email claim in the JWT and signs the user in.

If a matching user doesn’t exist, one will be created with the default role set up for your WordPress install (usually the subscriber role).

The plugin is not Cloudflare Access specific (but that was the primary reason for writing the plugin) so by default it will look at the “standard” Authorization: bearer header, but this can be overridden to instead look for the Cf-Access-Jwt-Assertion header instead.

Finally this plugin won’t deny access for requests that don’t include a JWT, it just signs the user in if the request includes a JWT. After that it’s over to WordPress to handle cookies etc, so you could just protect the /wp-admin/ path for admin SSO and nothing else.

Constructive feedback is welcome.

1 Like

:exclamation:
This is freaking awesome. I am always super excited to see people who build things that make Cloudflare better. I have added this to my list of things to test (so uh… maybe in July?) and having tested some other plugins from (unnamed vendor) I am looking forward to seeing how much better yours is … because worse seems unpossible.

3 Likes

Thanks for sharing this plugin! It’s home is Andrew Heberle / AH JWT Auth · GitLab

I just fixes it (some polish) and enable in my api endpoint. Issues regarding fixes that is needed I will creat on gitlab and encourage other people to do the same.
Can I use as a boilerplate for Prestashop? We will be happy to add this as well.