How To Integrate OpenID Cloudron with Cloudflare Access?

IniBudi

I’m trying to add OpenID in Cloudflare Access, and the information required includes the Auth URL and Token URL.

However, I couldn’t find any documentation regarding the Certificate URL.

I tried entering the details and testing the setup, but it didn’t work. Does anyone know how to fix this?

Has anyone successfully integrated Cloudron with Cloudflare Gateway before?

Any help would be greatly appreciated. Thank you!

joseph

@inibudi Certificate URL is the jwks/keys URL. See https://docs.cloudron.io/user-directory/#endpoints

IniBudi

@joseph Yes, I am trying to follow the documentation but its still error

girish

@inibudi there is a bug in Cloudflare Access that it does not understand OKP keys. I have added a workaround for this. Should be fixed in the next update. There is now a cloudflare special Keys URL (it's in the docs) . With that , Cloudflare Access works.

cc @tronical

IniBudi

@girish Thank you, girish for the update!

andreasdueren

@girish Unfortunately setting https://my.cloudron.example/openid/jwks_rsaonly isn't working either and testing auth returns:

Failed to get your identity
Looks like something went wrong. Here are the details.
Failed to verify oidc token with fresh keys
undefined

PKCE is disabled, Email claim is set to email and OIDC Scopes are set to openid,email and profile.

I can see the login attempt as authenticated in the logs for some reason though.

Edit: https://my.cloudron.example/openid/jwks_rsaonly for my cloudron returns only {"keys":[]}. Was there a regression? I'm running 9.1.3. The regular jwks endpoint is returning proper values..