70bf21e064
Handle Changesets / Handle Changesets (push) Waiting to run
Semgrep OSS scan / semgrep-oss (push) Waiting to run
Deploy (to testing) and Test Playground Preview Worker / Deploy Playground Preview Worker (testing) (push) Has been skipped
Deploy Workers Shared Staging / Deploy Workers Shared Staging (push) Failing after 0s
Prerelease / build (push) Has been skipped
1.3 KiB
1.3 KiB
@cloudflare/workers-auth
Internal OAuth 2.0 + PKCE flow for Cloudflare CLIs (wrangler and friends).
Not intended for external use. APIs may change without notice. This package is consumed only by other packages inside this monorepo.
What's in this package
- OAuth 2.0 Authorization Code flow with PKCE (RFC 6749 + RFC 7636)
- Cloudflare-flavored OAuth endpoints (
dash.cloudflare.com/ staging /WRANGLER_*overrides) - Cloudflare Access detection + service-token /
cloudflaredintegration for staging auth domains - Persistent auth state stored as TOML in
<globalWranglerConfigPath>/config/<env>.toml login,logout,loginOrRefreshIfRequired,getOauthToken,getOAuthTokenFromLocalState
What's not here (lives in wrangler):
- yargs
login/logout/whoami/auth tokencommands - Environment-based credential resolution (
CLOUDFLARE_API_TOKEN, etc.) - Cloudflare account selection (
requireAuth,getOrSelectAccountId) - The scope catalog (passed in as
string[]) whoami/ account fetching
Attribution
Portions of this package are derived from
BitySA/oauth2-auth-code-pkce,
licensed under the Apache License 2.0. See the individual file headers for
the attribution and LICENSE for the full text.
The rest of the package is MIT-licensed.