THREAT OPS › Threat News › Managed OAuth for Access: make internal apps agent-ready in one click
Managed OAuth for Access: make internal apps agent-ready in one click
<p>We have thousands of internal apps at Cloudflare. Some are things we’ve built ourselves, others are self-hosted instances of software built by others. They range from business-critical apps nearly every person uses, to side projects and prototypes.</p><p>All of these apps are protected by <a href="https://developers.cloudflare.com/cloudflare-one/access-controls/policies/"><u>Cloudflare Access</
MITRE ATT&CK techniques
Indicators of compromise
- 8ec5ea3c25dbd6620a8644d231893732md5
- 5f0fd06ce9e127c06474263a529ec284md5
- 221ba9ab7757c40d9fbc1e2746a9e56dmd5
- 3d2b1a861b9342842bd6297e1869aed4md5
- 793559a5f18a04e807939b9560118ccbmd5
- 701089e8ea256804890d45af08ef04camd5
- https://opencode.ai/docs/tools/#webfetchurl
- https://<your-app-domain>/.well-known/oauth-authorization-serverurl
- https://modelcontextprotocol.io/specification/url
- https://modelcontextprotocol.io/specification/2025-11-25/basic/authorizationurl
- https://platform.claude.com/docs/en/agents-and-tools/tool-use/web-fetch-toolurl
- https://developer.mozilla.org/en-US/docs/Web/API/Fetch_APIurl
Original source: https://blog.cloudflare.com/managed-oauth-for-access/