# Login with Cloudflare Securely provide your Cloudflare API keys to trusted applications through OAuth 2.0. ## For Users **Get Started:** 1. [Login with GitHub](/authorize) to get started 2. Add your Cloudflare API keys 3. Grant access to trusted applications ## For Developers Integrate "Login with Cloudflare" into your application using standard OAuth 2.0 flow: ### Step 1: Authorization Request Redirect users to the authorization endpoint: ``` https://login.flaredream.com/authorize?client_id=yourdomain.com&redirect_uri=https://yourdomain.com/callback&response_type=code&state=random-state-string&message=We need access to deploy your site to Cloudflare ``` **Parameters:** - `client_id`: Your domain (e.g., `yourdomain.com`) - `redirect_uri`: Where to redirect after authorization (must be HTTPS and on same domain) - `response_type`: Must be `code` - `state`: Random string to prevent CSRF attacks - `message`: (Optional) Custom message to show users explaining why you need access ### Step 2: Handle Authorization Code After user grants access, they'll be redirected to your `redirect_uri` with: - `code`: Authorization code to exchange for access token - `state`: The same state parameter you sent ### Step 3: Exchange Code for Token Make a POST request to exchange the authorization code: ```bash curl -X POST https://login.flaredream.com/token \ -H "Content-Type: application/x-www-form-urlencoded" \ -d "grant_type=authorization_code&code=AUTH_CODE&client_id=yourdomain.com&redirect_uri=https://yourdomain.com/callback" ``` **Response:** ```json { "access_token": "bearer-token-here", "token_type": "bearer", "scope": "user:email", "cloudflare_account_id": "account123", "cloudflare_api_key": "token456", "cloudflare_key_name": "My API Key", "message": "We need access to deploy your site to Cloudflare" } ``` ### Step 4: Use Cloudflare API Use the provided credentials to access Cloudflare APIs: ```bash curl -X GET https://api.cloudflare.com/client/v4/zones \ -H "Authorization: Bearer token456" \ -H "Content-Type: application/json" ``` ## Implementation Examples ### JavaScript/Node.js ```javascript // Redirect to authorization with custom message const authUrl = new URL('https://login.flaredream.com/authorize'); authUrl.searchParams.set('client_id', 'yourdomain.com'); authUrl.searchParams.set('redirect_uri', 'https://yourdomain.com/callback'); authUrl.searchParams.set('response_type', 'code'); authUrl.searchParams.set('state', generateRandomState()); authUrl.searchParams.set('message', 'We need access to deploy your site to Cloudflare'); window.location.href = authUrl.toString(); // Handle callback app.get('/callback', async (req, res) => { const { code, state } = req.query; const response = await fetch('https://login.flaredream.com/token', { method: 'POST', headers: { 'Content-Type': 'application/x-www-form-urlencoded' }, body: new URLSearchParams({ grant_type: 'authorization_code', code, client_id: 'yourdomain.com', redirect_uri: 'https://yourdomain.com/callback' }) }); const data = await response.json(); // Use data.cloudflare_api_key and data.cloudflare_account_id // The original message is available in data.message }); ``` ### Python ```python import requests import urllib.parse # Redirect to authorization with custom message auth_url = 'https://login.flaredream.com/authorize' params = { 'client_id': 'yourdomain.com', 'redirect_uri': 'https://yourdomain.com/callback', 'response_type': 'code', 'state': generate_random_state(), 'message': 'We need access to deploy your site to Cloudflare' } redirect_url = f"{auth_url}?{urllib.parse.urlencode(params)}" # Exchange code for token response = requests.post('https://login.flaredream.com/token', data={ 'grant_type': 'authorization_code', 'code': auth_code, 'client_id': 'yourdomain.com', 'redirect_uri': 'https://yourdomain.com/callback' }) token_data = response.json() api_key = token_data['cloudflare_api_key'] account_id = token_data['cloudflare_account_id'] original_message = token_data.get('message') # Optional field # Use Cloudflare API cf_response = requests.get( 'https://api.cloudflare.com/client/v4/zones', headers={ 'Authorization': f'Bearer {api_key}', 'Content-Type': 'application/json' } ) ``` ## Custom Messages The `message` parameter allows you to provide context to users about why your application needs access to their Cloudflare account. This improves user trust and understanding. **Guidelines for messages:** - Keep it concise (max 500 characters) - Explain the specific use case - No HTML, URLs, or script content allowed - Be honest and transparent **Good examples:** - "We need access to deploy your site to Cloudflare" - "Required to manage DNS records for your domain" - "Needed to configure SSL certificates for your website" **Bad examples:** - "Give us access" (too vague) - "Visit https://example.com for more info" (contains URL) - Messages with HTML or script content ## Security Considerations ⚠️ **Important**: This service provides users' actual Cloudflare API keys to your application. Only use this for applications you completely trust. **Best practices:** - Create dedicated API tokens with minimal required permissions - Use separate keys for different applications - Regularly rotate API keys - Monitor key usage through the management interface - Use meaningful messages to build user trust ## OAuth 2.0 Discovery This service supports OAuth 2.0 discovery endpoints: - Authorization Server Metadata: `https://login.flaredream.com/.well-known/oauth-authorization-server` - Protected Resource Metadata: `https://login.flaredream.com/.well-known/oauth-protected-resource` ## Support - GitHub: [Report issues](https://github.com/your-repo/issues) - Documentation: [Full API reference](https://your-docs.com) --- *Powered by Cloudflare Workers and Durable Objects*