@glenstack/cf-workers-access v1.0.8

Cloudflare Workers Access

Authenticate with Cloudflare Access from within a Cloudflare Worker.

Installation

npm install --save @glenstack/cf-workers-access

Usage

import { createAuthenticator } from "@glenstack/cf-workers-access";

const AUTHENTICATION_DOMAIN = "glenstack.cloudflareaccess.com";
const POLICY_AUD =
  "f8612530c08484786e83e00ff7b549bc3763747beae55ec909cc28a6a56b81d1";

const handleRequest = async (request: Request) => {
  const authenticator = await createAuthenticator(AUTHENTICATION_DOMAIN, {
    aud: POLICY_AUD,
  });

  const jwt = await authenticator(request);

  if (jwt) {
    return new Response(`Hello, ${jwt.email}!`);
  }

  return new Response("Unauthorized", { status: 401 });
};

addEventListener("fetch", (event) => {
  event.respondWith(handleRequest(event.request));
});

createAuthenticator takes two parameters:

1. The "Login Page Domain" of your Cloudflare Access account e.g. glenstack.cloudflareaccess.com.

2. Optionally, an object with the optional parameters:

   • aud: The "Audience Tag" of your Access Policy.
   • iss: Automatically set to the "Login Page Domain", but optionally overridable.
   • tolerance: Number of seconds of leeway for validating exp and nbf claims. Defaults to 0.

It returns a Promise of a function which, in turn, takes a Request and returns a Promise of either:

• false if the Request failed authentication, or
• the JWT payload.