Cloudflare launched self-managed OAuth for all
terryds
89 points
25 comments
June 25, 2026
Related Discussions
Found 5 related stories in 113.4ms across 11,536 title embeddings via pgvector HNSW
- Agents can now create Cloudflare accounts, buy domains, and deploy rolph · 154 pts · May 06, 2026 · 51% similar
- Cloudflare Flagship tjek · 150 pts · May 26, 2026 · 49% similar
- Zero-Touch OAuth for MCP niyikiza · 165 pts · June 18, 2026 · 48% similar
- Dropping Cloudflare for Bunny.net shintoist · 378 pts · April 07, 2026 · 46% similar
- Cloudflare Email Service jilles · 432 pts · April 16, 2026 · 46% similar
Discussion Highlights (7 comments)
gnabgib
Title: Unlocking the Cloudflare app ecosystem with OAuth for all
asdf88990
Cloudflare turning into a Cloud platform is undoing what it was really doing well: making small clouds and diy hosting manageable in the hostile web environment. Once their revenue from Cloud services overtakes their core offering, bye bye Cloudflare free and so on.
sandeepkd
Not sure whats the play here, there is no world where this can turn out good. Cloudflare is more or less infrastructure provider, this idea of some user delegating permissions to their account to some third party client for infrastructure is ripe for abuses. If companies like AWS are not doing it then its for a good reason.
xyzzy_plugh
This is such a weird blog post. It's full of technical details, but I'm really not sure who they're for. There's nothing particularly novel or impressive. If anything the fact that it took them this long should be embarrassing. They pad it out with a table of stats that are just kind of meh? Congrats I guess for releasing something without burning the house down? As an on-and-off customer of theirs I tried to quickly skim for some of the details that would impact me, the theoretical end-user, but the vast majority of TFA is just about how they pulled off this apparent feat of engineering. I'm not trying to be pessimistic, and I don't fault the author (but I question the culture). I honestly don't get who this is for. For the record this is something they should have had... at least six or seven years ago?
system2
I hope Cloudflare does not turn into Google, with so many different things that they will eventually kill all of these services randomly because of the maintenance cost.
zaptheimpaler
Oauth and enterprise auth has to be the worst thing ever made, it might be the most confusing and frustrating part of dealing with the cloud. Even the AI tools took a year to just get basic Oauth working on headless systems without assuming you could open a browser. If they're going to go down the auth rabbit hole with RBAC/IAM/Workload identities?/service accounts and all the trash the big cloud providers have, I just hope to god they leave in the simple shit for personal use. I just want a damn API key, I keep it a secret and revoke if necessary and don't need 10000 layers of auth bullshit tangled up in every layer of every platform.
necovek
I thought I understood what Oauth was (a standardized protocol to provide per-client access keys), but this article confuses me. What's a "self-managed" Oauth here? What is access is being granted to, who are the clients, who are the partners...? Anyone care to elaborate?