Skip to content

Commit a0c0c7a

Browse files
authored
cf1: use TypeScriptExample for JWT ex (cloudflare#26930)
1 parent 50504a5 commit a0c0c7a

1 file changed

Lines changed: 30 additions & 16 deletions

File tree

src/content/docs/cloudflare-one/access-controls/applications/http-apps/authorization-cookie/validating-json.mdx

Lines changed: 30 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ sidebar:
55
order: 1
66
---
77

8-
import { GlossaryTooltip } from "~/components";
8+
import { GlossaryTooltip, TypeScriptExample } from "~/components";
99

1010
When Cloudflare sends a request to your origin, the request will include an [application token](/cloudflare-one/access-controls/applications/http-apps/authorization-cookie/application-token/) as a `Cf-Access-Jwt-Assertion` request header. Requests made through a browser will also pass the token as a `CF_Authorization` cookie.
1111

@@ -108,33 +108,42 @@ When Cloudflare Access is in front of your [Worker](/workers), your Worker still
108108

109109
The following code will validate the JWT using the [jose NPM package](https://www.npmjs.com/package/jose):
110110

111-
```javascript
112-
import { jwtVerify, createRemoteJWKSet } from 'jose';
111+
<TypeScriptExample>
112+
113+
```ts
114+
import { jwtVerify, createRemoteJWKSet } from "jose";
115+
116+
interface Env {
117+
POLICY_AUD: string;
118+
TEAM_DOMAIN: string;
119+
}
113120

114121
export default {
115-
async fetch(request, env, ctx) {
122+
async fetch(request: Request, env: Env, ctx: ExecutionContext): Promise<Response> {
116123
// Verify the POLICY_AUD environment variable is set
117124
if (!env.POLICY_AUD) {
118-
return new Response('Missing required audience', {
125+
return new Response("Missing required audience", {
119126
status: 403,
120-
headers: { 'Content-Type': 'text/plain' }
127+
headers: { "Content-Type": "text/plain" },
121128
});
122129
}
123130

124131
// Get the JWT from the request headers
125-
const token = request.headers.get('cf-access-jwt-assertion');
132+
const token = request.headers.get("cf-access-jwt-assertion");
126133

127134
// Check if token exists
128135
if (!token) {
129-
return new Response('Missing required CF Access JWT', {
136+
return new Response("Missing required CF Access JWT", {
130137
status: 403,
131-
headers: { 'Content-Type': 'text/plain' }
138+
headers: { "Content-Type": "text/plain" },
132139
});
133140
}
134141

135142
try {
136143
// Create JWKS from your team domain
137-
const JWKS = createRemoteJWKSet(new URL(`${env.TEAM_DOMAIN}/cdn-cgi/access/certs`));
144+
const JWKS = createRemoteJWKSet(
145+
new URL(`${env.TEAM_DOMAIN}/cdn-cgi/access/certs`)
146+
);
138147

139148
// Verify the JWT
140149
const { payload } = await jwtVerify(token, JWKS, {
@@ -143,21 +152,26 @@ export default {
143152
});
144153

145154
// Token is valid, proceed with your application logic
146-
return new Response(`Hello ${payload.email || 'authenticated user'}!`, {
147-
headers: { 'Content-Type': 'text/plain' }
148-
});
149-
155+
return new Response(
156+
`Hello ${payload.email || "authenticated user"}!`,
157+
{
158+
headers: { "Content-Type": "text/plain" },
159+
}
160+
);
150161
} catch (error) {
151162
// Token verification failed
152-
return new Response(`Invalid token: ${error.message}`, {
163+
const message = error instanceof Error ? error.message : "Unknown error";
164+
return new Response(`Invalid token: ${message}`, {
153165
status: 403,
154-
headers: { 'Content-Type': 'text/plain' }
166+
headers: { "Content-Type": "text/plain" },
155167
});
156168
}
157169
},
158170
};
159171
```
160172

173+
</TypeScriptExample>
174+
161175
#### Required environment variables
162176

163177
Add these [environment variables](/workers/configuration/environment-variables/) to your Worker:

0 commit comments

Comments
 (0)