Setting up JWT validation for Cloudflare Access


I have set up caddy as an origin server behind Cloudflare.Users have to authenticate with their Google Account via Cloudflare’s Access module. This works fine so far. Now I’d like to enable JWT token validation as suggested by Cloudflare.

Could somebody give me a hint on how to set this up using the jwt plugin?

Thanks a lot,

Hi @Jan_Werner,

The JWT plugin needs two things: access to the presented JWT token, and access to the secret or public key used to create the token.

Head to https://<Your Authentication Domain>/cdn-cgi/access/certs and retrieve the public key Cloudflare uses to construct your JWT tokens. You will need to set the environmental variable JWT_PUBLIC_KEY on your Caddy host.

You’ll need to make sure the JWT token is presented in one of the ways the JWT plugin is designed to identify. The Github page has more detail.

caddy-jwt/ at master · BTBurke/caddy-jwt · GitHub

1 Like

Thanks @Whitestrake for your hints. I’ll see if I can get it working.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.