Managed OAuth for Cloudflare Access helps AI agents securely navigate internal applications. By adopting RFC 9728, agents can authenticate on behalf of users without using insecure service accounts.

Cloudflare's platform is a leading provider of internet security and performance solutions, offering insights into web security, content delivery, and DNS management. Through documentation, blog posts, and webinars, Cloudflare provides insights into protecting websites and applications from cyber threats and improving performance. Developers and IT professionals can learn about CDN (Content Delivery Network), DDoS mitigation, and firewall configurations to secure and accelerate web traffic.

Cloudflare

Cloudflare has launched Managed OAuth for Access in open beta, enabling AI agents to authenticate against internal apps protected by Cloudflare Access without service accounts or custom workarounds. By adopting RFC 9728, Access apps now expose an OAuth authorization server endpoint, allowing agents to dynamically register, send users through a PKCE flow, and receive a JWT scoped to the user's identity. This makes legacy internal apps agent-ready with a single click and no code changes. The post also argues against service account anti-patterns, advocates for RFC 9728 adoption in web fetch tools and REST APIs, and previews upcoming features like shared identity providers across Cloudflare accounts and tighter Workers/Access integration.

Managed OAuth for Access: make internal apps agent-ready in one click

Mass upgrading your internal apps to be agent-ready

It’s the user’s agent. No service accounts and tokens needed

Standards for the win: how agents can and should adopt RFC 9728 in their web fetch tools

Coming soon: share one identity provider (IdP) across many Cloudflare accounts

Enable Managed OAuth for your internal apps behind Cloudflare Access