@kzfk52/cf-access-jwt
v1.1.0
Published
Tiny lib for verifying Cloudflare Access JWTs.
Downloads
3
Maintainers
kzfkReadme
cf-access-jwt
Tiny lib for decoding Cloudflare Access JWTs and verifying signatures, using native crypto APIs.
Currently supports alg:'RS256' only.
import { parseJwt } from '@kzfk52/cf-access-jwt';
const jwt = request.headers.get('Cf-Access-Jwt-Assertion');
// CloudFlare Zero Team id
const issuer = 'https://<your-team-name>.cloudflareaccess.com';
// CloudFlare Zero Access Application : Overview tab : Application Audience (AUD) Tag
const audience = 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';
const result = await parseJwt(jwt, issuer, audience);
if (!result.valid) {
console.log(result.reason); // Invalid issuer/audience, expired, etc
} else {
console.log(result.payload); // { iss, sub, aud, iat, exp, ...claims }
}Code shamelessly stolen from: https://github.com/cfworker/cfworker/