All NewsSecurity

Unlocking the Cloudflare app ecosystem with OAuth for all

You can now create and manage OAuth clients on Cloudflare, enhancing API access control in your homelab.

06 / 24 / 2026Source: Security
Unlocking the Cloudflare app ecosystem with OAuth for all
Feature image

News

What happened

With the introduction of self-managed OAuth, you can now create and manage your own OAuth clients on Cloudflare, enhancing your API integrations. This change is crucial for improving security and user control in your self-hosted applications.

Cloudflare has rolled out self-managed OAuth to all developers, allowing you to create and manage OAuth clients for delegated access to the Cloudflare API. Previously, OAuth was limited to a select few integrations, making it difficult for you to manage API access effectively. The upgrade to the OAuth engine was executed with zero downtime, ensuring that your existing applications remain functional during the transition. This new capability not only streamlines the integration process but also enhances security features like consent and revocation management.

Release at a glance

Key facts from the announcement.

Version

Self-managed OAuth

Platform

Cloudflare

Migration

Zero-downtime upgrade to OAuth engine

PRIVACY STACK

Extend Privacy Beyond DNS

Controlling your DNS queries is one layer of network privacy. Your email metadata — who you talk to, when, how often — is equally exposed with standard providers. Proton Mail applies end-to-end encryption to the layer most people ignore.

Try Proton Mail

This is an affiliate link. If you purchase, I earn a commission at no extra cost to you.

Changes at a glance

What's new

You can now manage your own OAuth clients on Cloudflare, which simplifies the process of granting and revoking access to your applications. This feature enhances the security model of your integrations and provides clearer consent management for users.

Breaking changes

No breaking changes were reported in the source material.

Analysis

In detail

Self-managed OAuth is now available for all developers on Cloudflare, enabling you to create OAuth clients for better API access management. This feature is particularly beneficial for building SaaS integrations and internal developer platforms, as it allows users to grant scoped access directly to applications.

The upgrade to the OAuth engine involved a two-step process, starting with an upgrade to the latest 1.X release, followed by a transition to the 2.X version. This careful planning was necessary to avoid user disruption and ensure data stability. The upgrade included improvements to the consent experience, making it clearer which applications are requesting access, and added revocation features to enhance user control.

Cloudflare utilized a blue-green deployment strategy for the upgrade, allowing for minimal downtime. They implemented a queue system to manage revocation events during the transition, ensuring that no user actions were lost. This meticulous approach means you can now enjoy a more robust and secure OAuth experience without worrying about interruptions to your services.

Key takeaways

The most important facts from this update.

You can now create self-managed OAuth clients for your applications.
OAuth access is no longer limited to a few integrations, allowing for broader use.
The upgrade to the OAuth engine was executed with zero downtime.
Improved consent experience makes it clearer which applications request access.
Revocation features are now available directly in the dashboard.

Why it matters

This update is significant for your self-hosted setup as it allows for better management of API access, enhancing both security and usability. With self-managed OAuth, you can streamline integrations and improve user control over permissions.

Homelab impact

The introduction of self-managed OAuth means you can now build more complex and secure integrations within your homelab. This capability allows you to manage API access more effectively, reducing reliance on less secure API tokens.

As you upgrade your applications to utilize self-managed OAuth, you can expect a smoother experience when granting and revoking access. This will not only improve security but also enhance the overall user experience in your self-hosted environment.

What to do next

Practical steps for operators running self-hosted stacks.

Review the new self-managed OAuth documentation on Cloudflare.
Update your existing integrations to utilize self-managed OAuth.
Test the new consent and revocation features in a staging environment.
Monitor your applications for any issues during the transition.
Consider implementing a queue system for managing revocations during upgrades.

This brief covers what you need from Cloudflare Blog's reporting. Visit the original post for release notes, changelogs, and full technical documentation.

Self HostingSecurityNetworking