Cloudflare Introduces Managed OAuth for Access: Simplifying Agent Access to Internal Apps

Cloudflare has announced the open beta of managed OAuth for Cloudflare Access, a feature that enables secure, one-click access to internal apps for agents. This major update addresses a long-standing challenge for developers, where agents were unable to access internal apps protected by Cloudflare Access. With managed OAuth, agents can now discover how to authenticate and receive an authorization token, allowing them to make authenticated requests on behalf of the user.

Key Technical Details:

• Managed OAuth enables agents to dynamically register themselves as clients and send the user through a PKCE authorization flow.
• Cloudflare Access acts as the authorization server, returning the www-authenticate header to unauthorized agents.
• Agents can follow OAuth standards to obtain an authorization token, which can be used to make authenticated requests.

Practical Implications for Developers:

• Developers can now easily enable managed OAuth for their internal apps, making them agent-ready with just one click.
• This feature simplifies the process of upgrading internal apps to work with agents, reducing the need for complex API integrations and CLI configurations.
• Managed OAuth also enables agents to access web pages, web apps, and REST APIs, in addition to MCP servers that require authorization.

Timeline and Availability:

• Managed OAuth is currently in open beta and available for all Cloudflare Access applications.
• Cloudflare Access has a generous free tier, and building off the newly-introduced Organizations beta, users will soon be able to bridge identity providers across Cloudflare accounts.