0.0.1 • Published 1 year ago
@nivoventures/payload-cloudflare-jwt-auth v0.0.1
Payload Cloudflare JWT Auth
A Payload CMS authentication strategy that integrates with Cloudflare Access JWT authentication. This strategy allows you to authenticate users based on Cloudflare Access JWT tokens, automatically creating user records for authenticated users.
Installation
npm install @nivoventures/payload-cloudflare-jwt-authUsage
import { createCloudflareJwtAuth } from '@nivoventures/payload-cloudflare-jwt-auth';
// In your Payload config
export default buildConfig({
// ... other config
auth: {
// This will disable the built-in auth pages of
payload, but tell it to keep the database columns.
// If you're not going to ever use password auth (eg,
you have some other solution for production),
// then this can simply be `disableLocalStrategy:
true`. You'll need to add in an email field
// though, like
// export const Users: CollectionConfig = {
// ...
// fields: [
// {
// name: 'email',
// type: 'text',
// required: true
// }
// ]
// ...
// }
disableLocalStrategy: {
enableFields: true
},
strategies: [
createCloudflareJwtAuth({
teamName: 'your-team-name', // Your Cloudflare team name
policyAud: 'your-policy-audience' // The audience value from your Cloudflare Access policy
})
]
}
});Features
- Automatic user creation for authenticated Cloudflare Access users
- JWT verification using Cloudflare's JWKS endpoint
- TypeScript support
- Seamless integration with Payload CMS authentication system
How it Works
- The strategy looks for the
cf-access-jwt-assertionheader in incoming requests - If present, it verifies the JWT token against Cloudflare's JWKS endpoint
- Extracts the user's email from the verified token
- Creates a new user record if one doesn't exist for the email
- Returns the authenticated user to Payload
Requirements
- A Cloudflare Access setup with JWT authentication enabled
- Payload CMS v3.39.1 or above
- A configured Cloudflare Access policy with the correct audience value
License
MIT
0.0.1
1 year ago