From 0551908e515ae22a0d79bbc9517ddb003a692b94 Mon Sep 17 00:00:00 2001 From: Matt Provost Date: Wed, 25 Mar 2026 16:19:06 +0000 Subject: [PATCH] feat: add AccessContext types Signed-off-by: Matt Provost --- src/workerd/api/global-scope.h | 4 ++++ types/defines/access.d.ts | 23 +++++++++++++++++++ .../experimental/index.d.ts | 22 ++++++++++++++++++ .../generated-snapshot/experimental/index.ts | 22 ++++++++++++++++++ types/generated-snapshot/latest/index.d.ts | 22 ++++++++++++++++++ types/generated-snapshot/latest/index.ts | 22 ++++++++++++++++++ 6 files changed, 115 insertions(+) create mode 100644 types/defines/access.d.ts diff --git a/src/workerd/api/global-scope.h b/src/workerd/api/global-scope.h index e8769a4e2c7..6c7ec553701 100644 --- a/src/workerd/api/global-scope.h +++ b/src/workerd/api/global-scope.h @@ -276,11 +276,13 @@ class ExecutionContext: public jsg::Object { readonly key?: string; readonly override?: string; }; + readonly access?: AccessContext; }); } else { JSG_TS_OVERRIDE( { readonly props: Props; readonly exports: Cloudflare.Exports; + readonly access?: AccessContext; }); } } else { @@ -293,10 +295,12 @@ class ExecutionContext: public jsg::Object { readonly key?: string; readonly override?: string; }; + readonly access?: AccessContext; }); } else { JSG_TS_OVERRIDE( { readonly props: Props; + readonly access?: AccessContext; }); } } diff --git a/types/defines/access.d.ts b/types/defines/access.d.ts new file mode 100644 index 00000000000..818d9541baa --- /dev/null +++ b/types/defines/access.d.ts @@ -0,0 +1,23 @@ +/** + * Represents the identity of a user authenticated via Cloudflare Access. + * This matches the result of calling /cdn-cgi/access/get-identity. + */ +type Identity = object; + +/** + * Cloudflare Access authentication information for the current request. + */ +interface AccessContext { + /** + * The audience claim from the Access JWT. This identifies which Access + * application the request matched. + */ + readonly aud: string; + + /** + * Fetches the full identity information for the authenticated user. + * + * @returns The subject's identity, if one exists + */ + getIdentity(): Promise; +} diff --git a/types/generated-snapshot/experimental/index.d.ts b/types/generated-snapshot/experimental/index.d.ts index 7f0efa943d8..d058d4b01b8 100755 --- a/types/generated-snapshot/experimental/index.d.ts +++ b/types/generated-snapshot/experimental/index.d.ts @@ -501,6 +501,7 @@ interface ExecutionContext { readonly override?: string; }; abort(reason?: any): void; + readonly access?: AccessContext; } type ExportedHandlerFetchHandler< Env = unknown, @@ -4601,6 +4602,27 @@ interface EventCounts { ): void; [Symbol.iterator](): IterableIterator; } +/** + * Represents the identity of a user authenticated via Cloudflare Access. + * This matches the result of calling /cdn-cgi/access/get-identity. + */ +type Identity = object; +/** + * Cloudflare Access authentication information for the current request. + */ +interface AccessContext { + /** + * The audience claim from the Access JWT. This identifies which Access + * application the request matched. + */ + readonly aud: string; + /** + * Fetches the full identity information for the authenticated user. + * + * @returns The subject's identity, if one exists + */ + getIdentity(): Promise; +} // AI Search V2 API Error Interfaces interface AiSearchInternalError extends Error {} interface AiSearchNotFoundError extends Error {} diff --git a/types/generated-snapshot/experimental/index.ts b/types/generated-snapshot/experimental/index.ts index b8c0bd5c81a..a60e04f6036 100755 --- a/types/generated-snapshot/experimental/index.ts +++ b/types/generated-snapshot/experimental/index.ts @@ -503,6 +503,7 @@ export interface ExecutionContext { readonly override?: string; }; abort(reason?: any): void; + readonly access?: AccessContext; } export type ExportedHandlerFetchHandler< Env = unknown, @@ -4607,6 +4608,27 @@ export interface EventCounts { ): void; [Symbol.iterator](): IterableIterator; } +/** + * Represents the identity of a user authenticated via Cloudflare Access. + * This matches the result of calling /cdn-cgi/access/get-identity. + */ +export type Identity = object; +/** + * Cloudflare Access authentication information for the current request. + */ +export interface AccessContext { + /** + * The audience claim from the Access JWT. This identifies which Access + * application the request matched. + */ + readonly aud: string; + /** + * Fetches the full identity information for the authenticated user. + * + * @returns The subject's identity, if one exists + */ + getIdentity(): Promise; +} // AI Search V2 API Error Interfaces export interface AiSearchInternalError extends Error {} export interface AiSearchNotFoundError extends Error {} diff --git a/types/generated-snapshot/latest/index.d.ts b/types/generated-snapshot/latest/index.d.ts index 6ce4088b87d..06580dd65e8 100755 --- a/types/generated-snapshot/latest/index.d.ts +++ b/types/generated-snapshot/latest/index.d.ts @@ -479,6 +479,7 @@ interface ExecutionContext { passThroughOnException(): void; readonly exports: Cloudflare.Exports; readonly props: Props; + readonly access?: AccessContext; } type ExportedHandlerFetchHandler< Env = unknown, @@ -3939,6 +3940,27 @@ declare abstract class Performance { */ toJSON(): object; } +/** + * Represents the identity of a user authenticated via Cloudflare Access. + * This matches the result of calling /cdn-cgi/access/get-identity. + */ +type Identity = object; +/** + * Cloudflare Access authentication information for the current request. + */ +interface AccessContext { + /** + * The audience claim from the Access JWT. This identifies which Access + * application the request matched. + */ + readonly aud: string; + /** + * Fetches the full identity information for the authenticated user. + * + * @returns The subject's identity, if one exists + */ + getIdentity(): Promise; +} // AI Search V2 API Error Interfaces interface AiSearchInternalError extends Error {} interface AiSearchNotFoundError extends Error {} diff --git a/types/generated-snapshot/latest/index.ts b/types/generated-snapshot/latest/index.ts index de964e9f83e..2eee6f5d9fd 100755 --- a/types/generated-snapshot/latest/index.ts +++ b/types/generated-snapshot/latest/index.ts @@ -481,6 +481,7 @@ export interface ExecutionContext { passThroughOnException(): void; readonly exports: Cloudflare.Exports; readonly props: Props; + readonly access?: AccessContext; } export type ExportedHandlerFetchHandler< Env = unknown, @@ -3945,6 +3946,27 @@ export declare abstract class Performance { */ toJSON(): object; } +/** + * Represents the identity of a user authenticated via Cloudflare Access. + * This matches the result of calling /cdn-cgi/access/get-identity. + */ +export type Identity = object; +/** + * Cloudflare Access authentication information for the current request. + */ +export interface AccessContext { + /** + * The audience claim from the Access JWT. This identifies which Access + * application the request matched. + */ + readonly aud: string; + /** + * Fetches the full identity information for the authenticated user. + * + * @returns The subject's identity, if one exists + */ + getIdentity(): Promise; +} // AI Search V2 API Error Interfaces export interface AiSearchInternalError extends Error {} export interface AiSearchNotFoundError extends Error {}