Cloudflare Opens OAuth to All Developers with Zero-Downtime Migration

Cloudflare · 24 Jun 2026 · 2 min read

#cloudflare

Cloudflare has announced that Self-Managed OAuth is now available to all developers on its platform, unlocking the full potential of the Cloudflare app ecosystem. Previously restricted to select partners, this feature allows any developer to integrate OAuth-based authentication into their applications, enabling secure, delegated access to Cloudflare resources without sharing credentials.

  • The new OAuth 2.0 implementation supports the Authorization Code Grant flow with optional PKCE for public clients, and includes support for refresh tokens and scoped access tokens.
  • Developers can now register OAuth apps via the Cloudflare dashboard under "My Profile" > "API Tokens" > "OAuth Apps", using the cloudflare oauth CLI command, or through the Cloudflare API endpoints such as POST /client/v4/apps.
  • The migration of the backend OAuth engine was executed with zero downtime. Cloudflare used a dual-write strategy during the transition, writing to both old and new systems simultaneously, then validating consistency before switching reads to the new engine.
  • Key technical details: The new engine is built on Cloudflare Workers and Durable Objects, ensuring high availability and low latency globally. Token generation now uses Ed25519 cryptographic signatures for improved security and performance.
  • As part of the launch, Cloudflare provides a reference implementation for Node.js and Python, available on GitHub, along with a Postman collection for testing.

For developers, this means they can now build apps that integrate with Cloudflare's ecosystem — such as managing DNS, accessing analytics, or deploying Workers — with robust authentication out of the box. The zero-downtime migration also sets a precedent for how large-scale infrastructure changes can be rolled out transparently, minimizing disruption to existing users.

Source: https://blog.cloudflare.com/oauth-for-all/

Related

auto-curated · source linked above ← all news