We now have 1000’s of inside apps at Cloudflare. Some are issues we’ve constructed ourselves, others are self-hosted situations of software program constructed by others. They vary from business-critical apps practically each particular person makes use of, to facet tasks and prototypes.
All of those apps are protected by Cloudflare Entry. However once we began utilizing and constructing brokers — significantly for makes use of past writing code — we hit a wall. Individuals may entry apps behind Entry, however their brokers couldn’t.
Entry sits in entrance of inside apps. You outline a coverage, after which Entry will ship unauthenticated customers to a login web page to decide on methods to authenticate.
Instance of a Cloudflare Entry login web page
This stream labored nice for people. However all brokers may see was a redirect to a login web page that they couldn’t act on.
Offering brokers with entry to inside app knowledge is so very important that we instantly carried out a stopgap for our personal inside use. We modified OpenCode’s net fetch device such that for particular domains, it triggered the cloudflared CLI to open an authorization stream to fetch a JWT (JSON Internet Token). By appending this token to requests, we enabled safe, speedy entry to our inside ecosystem.
Whereas this resolution was a short lived reply to our personal dilemma, at present we’re retiring this workaround and fixing this downside for everybody. Now in open beta, each Entry utility helps managed OAuth. One click on to allow it for an Entry app, and brokers that talk OAuth 2.0 can simply uncover methods to authenticate (RFC 9728), ship the person by way of the auth stream, and obtain again an authorization token (the identical JWT from our preliminary resolution).
Now, the stream works easily for each people and brokers. Cloudflare Entry has a beneficiant free tier. And constructing off our newly-introduced Organizations beta, you’ll quickly be capable to bridge id suppliers throughout Cloudflare accounts too.
For a given inside app protected by Cloudflare Entry, you allow managed OAuth in a single click on:
As soon as managed OAuth is enabled, Cloudflare Entry acts because the authorization server. It returns the www-authenticate header, telling unauthorized brokers the place to lookup data on methods to get an authorization token. They discover this at https://. Geared up with that path, brokers can simply comply with OAuth requirements:
The agent dynamically registers itself as a shopper (a course of often called Dynamic Shopper Registration — RFC 7591),
The agent sends the human by way of a PKCE (Proof Key for Code Change) authorization stream (RFC 7636)
The human authorizes entry, which grants a token to the agent that it could actually use to make authenticated requests on behalf of the person
Right here’s what the authorization stream seems like:
If this authorization stream seems acquainted, that’s as a result of it’s what the Mannequin Context Protocol (MCP) makes use of. We initially constructed assist for this into our MCP server portals product, which proxies and controls entry to many MCP servers, to permit the portal to behave because the OAuth server. Now, we’re bringing this to all Entry apps so brokers can entry not solely MCP servers that require authorization, but in addition net pages, net apps, and REST APIs.
Mass upgrading your inside apps to be agent-ready
Upgrading the lengthy tail of inside software program to work with brokers is a frightening activity. In precept, with the intention to be agent-ready, each inside and exterior app would ideally have discoverable APIs, a CLI, a well-crafted MCP server, and have adopted the various rising agent requirements.
AI adoption will not be one thing that may look ahead to all the pieces to be retrofitted. Most organizations have a big backlog of apps constructed over a few years. And lots of inside “apps” work nice when handled by brokers as easy web sites. For one thing like an inside wiki, all you actually need is to allow Markdown for Brokers, activate managed OAuth, and brokers have what they should learn protected content material.
To make the fundamentals work throughout the widest set of inside purposes, we use Managed OAuth. By placing Entry in entrance of your legacy inside apps, you make them agent-ready immediately. No code adjustments, no retrofitting. As an alternative, simply speedy compatibility.
It’s the person’s agent. No service accounts and tokens wanted
Brokers have to act on behalf of customers inside organizations. One of many greatest anti-patterns we’ve seen is folks provisioning service accounts for his or her brokers and MCP servers, authenticated utilizing static credentials. These have their place in easy use instances and fast prototypes, and Cloudflare Entry helps service tokens for this function.
However the service account method shortly reveals its limits when fine-grained entry controls and audit logs are required. We consider that each motion an agent performs should be simply attributable to the human who initiated it, and that an agent should solely be capable to carry out actions that its human operator is likewise approved to do. Service accounts and static credentials develop into factors at which attribution is misplaced. Brokers that launder all of their actions by way of a service account are inclined to confused deputy issues and end in audit logs that seem to originate from the agent itself.
For safety and accountability, brokers should use safety primitives able to expressing this person–agent relationship. OAuth is the business commonplace protocol for requesting and delegating entry to 3rd events. It offers brokers a approach to discuss to your APIs on behalf of the person, with a token scoped to the person’s id, in order that entry controls accurately apply and audit logs accurately attribute actions to the top person.
RFC 9728 is the OAuth commonplace that makes it potential for brokers to find the place and methods to authenticate. It standardizes the place this data lives and the way it’s structured. This RFC grew to become official in April 2025 and was shortly adopted by the Mannequin Context Protocol (MCP), which now requires that each MCP servers and purchasers assist it.
However outdoors of MCP, brokers ought to undertake RFC 9728 for an much more important use case: making requests to net pages which can be protected behind OAuth and making requests to plain outdated REST APIs.
Most brokers have a device for making fundamental HTTP requests to net pages. That is generally known as the “web fetch” device. It’s just like utilizing the fetch() API in JavaScript, usually with some further post-processing on the response. It’s what permits you to paste a URL into your agent and have your agent go lookup the content material.
As we speak, most brokers’ net fetch instruments gained’t do something with the www-authenticate header {that a} URL returns. The underlying mannequin would possibly select to introspect the response headers and determine this out by itself, however the device itself doesn’t comply with www-authenticate, lookup /.well-known/oauth-authorization-server, and act because the shopper within the OAuth stream. However it can, and we strongly consider it ought to! Brokers already do that to behave as distant MCP purchasers.
To show this, we’ve put up a draft pull request that adapts the online fetch device in Opencode to indicate this in motion. Earlier than making a request, the tailored device first checks whether or not it already has credentials ; if it does, it makes use of them to make the preliminary request. If the device will get again a 401 or a 403 with a www-authenticate header, it asks the person for consent to be despatched by way of the server’s OAuth stream.
Right here’s how that OAuth stream works. When you give the agent a URL that’s protected by OAuth and complies with RFC 9728, the agent prompts the human for consent to open the authorization stream:
…sending the human to the login web page:
…after which to a consent dialog that prompts the human to grant entry to the agent:
As soon as the human grants entry to the agent, the agent makes use of the token it has acquired to make an authenticated request:
Any agent from Codex to Claude Code to Goose and past can implement this, and there’s nothing bespoke to Cloudflare. It’s all constructed utilizing OAuth requirements.
We predict this stream is highly effective, and that supporting RFC 9728 can assist brokers with extra than simply making fundamental net fetch requests. If a REST API helps RFC 9728 (and the agent does too), the agent has all the pieces it wants to begin making authenticated requests in opposition to that API. If the REST API helps RFC 9727, then the shopper can uncover a catalog of REST API endpoints by itself, and do much more with out further documentation, agent abilities, MCP servers or CLIs.
Every of those play vital roles with brokers — Cloudflare itself supplies an MCP server for the Cloudflare API (constructed utilizing Code Mode), Wrangler CLI, and Agent Expertise, and a Plugin. However supporting RFC 9728 helps be certain that even when none of those are preinstalled, brokers have a transparent path ahead. If the agent has a sandbox to execute untrusted code, it could actually simply write and execute code that calls the API that the human has granted it entry to. We’re engaged on supporting this for Cloudflare’s personal APIs, to assist your brokers perceive methods to use Cloudflare.
Coming quickly: share one id supplier (IdP) throughout many Cloudflare accounts
At Cloudflare our personal inside apps are deployed to dozens of various Cloudflare accounts, that are all a part of an Group — a newly launched approach for directors to handle customers, configurations, and think about analytics throughout many Cloudflare accounts. We now have had the identical problem as lots of our clients: every Cloudflare account has to individually configure an IdP, so Cloudflare Entry makes use of our id supplier. It’s crucial that that is constant throughout a corporation — you don’t need one Cloudflare account to inadvertently permit folks to sign up simply with a one-time PIN, moderately than requiring that they authenticate through single-sign on (SSO).
To unravel this, we’re at the moment engaged on making it potential to share an id supplier throughout Cloudflare accounts, giving organizations a approach to designate a single major IdP to be used throughout each account of their group.
As new Cloudflare accounts are created inside a corporation, directors will be capable to configure a bridge to the first IdP with a single click on, so Entry purposes throughout accounts may be protected by one id supplier. This removes the necessity to manually configure IdPs account by account, which is a course of that doesn’t scale for organizations with many groups and people every working their very own accounts.
Throughout firms, folks in each position and enterprise operate are actually utilizing brokers to construct inside apps, and count on their brokers to have the ability to entry context from inside apps. We’re responding to this step operate development in inside software program improvement by making the Employees Platform and Cloudflare One work higher collectively — in order that it’s simpler to construct and safe inside apps on Cloudflare.
Anticipate extra to return quickly, together with:
Extra direct integration between Cloudflare Entry and Cloudflare Employees, with out the necessity to validate JWTs or bear in mind which of many routes a selected Employee is uncovered on.
wrangler dev –tunnel — a simple approach to expose your native improvement server to others once you’re constructing one thing new, and wish to share it with others earlier than deploying
A CLI interface for Cloudflare Entry and the whole Cloudflare API
Extra bulletins to return throughout Brokers Week 2026
Allow Managed OAuth in your inside apps behind Cloudflare Entry
Managed OAuth is now accessible, in open beta, to all Cloudflare clients. Head over to the Cloudflare dashboard to allow it in your Entry purposes. You need to use it for any inside app, whether or not it’s one constructed on Cloudflare Employees, or hosted elsewhere. And in the event you haven’t constructed inside apps on the Employees Platform but — it’s the quickest approach in your crew to go from zero to deployed (and guarded) in manufacturing.
