News
What happened
With the introduction of self-managed OAuth, you can now create and manage your own OAuth clients on Cloudflare, enhancing your API integrations. This change is crucial for improving security and user control in your self-hosted applications.
Cloudflare has rolled out self-managed OAuth to all developers, allowing you to create and manage OAuth clients for delegated access to the Cloudflare API. Previously, OAuth was limited to a select few integrations, making it difficult for you to manage API access effectively. The upgrade to the OAuth engine was executed with zero downtime, ensuring that your existing applications remain functional during the transition. This new capability not only streamlines the integration process but also enhances security features like consent and revocation management.
Release at a glance
Key facts from the announcement.
Version
Self-managed OAuth
Platform
Cloudflare
Migration
Zero-downtime upgrade to OAuth engine
PRIVACY STACK
Extend Privacy Beyond DNS
Controlling your DNS queries is one layer of network privacy. Your email metadata — who you talk to, when, how often — is equally exposed with standard providers. Proton Mail applies end-to-end encryption to the layer most people ignore.
Try Proton Mail →This is an affiliate link. If you purchase, I earn a commission at no extra cost to you.
Changes at a glance
What's new
You can now manage your own OAuth clients on Cloudflare, which simplifies the process of granting and revoking access to your applications. This feature enhances the security model of your integrations and provides clearer consent management for users.
Breaking changes
No breaking changes were reported in the source material.
Analysis
In detail
Self-managed OAuth is now available for all developers on Cloudflare, enabling you to create OAuth clients for better API access management. This feature is particularly beneficial for building SaaS integrations and internal developer platforms, as it allows users to grant scoped access directly to applications.
The upgrade to the OAuth engine involved a two-step process, starting with an upgrade to the latest 1.X release, followed by a transition to the 2.X version. This careful planning was necessary to avoid user disruption and ensure data stability. The upgrade included improvements to the consent experience, making it clearer which applications are requesting access, and added revocation features to enhance user control.
Cloudflare utilized a blue-green deployment strategy for the upgrade, allowing for minimal downtime. They implemented a queue system to manage revocation events during the transition, ensuring that no user actions were lost. This meticulous approach means you can now enjoy a more robust and secure OAuth experience without worrying about interruptions to your services.
Key takeaways
The most important facts from this update.
Why it matters
This update is significant for your self-hosted setup as it allows for better management of API access, enhancing both security and usability. With self-managed OAuth, you can streamline integrations and improve user control over permissions.
Homelab impact
The introduction of self-managed OAuth means you can now build more complex and secure integrations within your homelab. This capability allows you to manage API access more effectively, reducing reliance on less secure API tokens.
As you upgrade your applications to utilize self-managed OAuth, you can expect a smoother experience when granting and revoking access. This will not only improve security but also enhance the overall user experience in your self-hosted environment.
What to do next
Practical steps for operators running self-hosted stacks.
This brief covers what you need from Cloudflare Blog's reporting. Visit the original post for release notes, changelogs, and full technical documentation.
