Skip to content

feat: add AccessContext types #6413

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
BSFishy wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat: add AccessContext types #6413

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions src/workerd/api/global-scope.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -276,11 +276,13 @@ class ExecutionContext: public jsg::Object {
readonly key?: string;
readonly override?: string;
};
readonly access?: AccessContext;
});
} else {
JSG_TS_OVERRIDE(<Props = unknown> {
readonly props: Props;
readonly exports: Cloudflare.Exports;
readonly access?: AccessContext;
});
}
} else {
Expand All @@ -293,10 +295,12 @@ class ExecutionContext: public jsg::Object {
readonly key?: string;
readonly override?: string;
};
readonly access?: AccessContext;
});
} else {
JSG_TS_OVERRIDE(<Props = unknown> {
readonly props: Props;
readonly access?: AccessContext;
});
}
}
Expand Down
23 changes: 23 additions & 0 deletions types/defines/access.d.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
/**
* Represents the identity of a user authenticated via Cloudflare Access.
* This matches the result of calling /cdn-cgi/access/get-identity.
*/
type Identity = object;
Copy link
Copy Markdown
Author

@BSFishy BSFishy Mar 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would like to get the team's thoughts on this name. I am unfamiliar with how these types get injected into user's projects (afaiu, Env gets added globally automatically), so maybe a more descriptive name works better than Identity? Perhaps something like CfAccessIdentity?


/**
* Cloudflare Access authentication information for the current request.
*/
interface AccessContext {
/**
* The audience claim from the Access JWT. This identifies which Access
* application the request matched.
*/
readonly aud: string;

/**
* Fetches the full identity information for the authenticated user.
*
* @returns The subject's identity, if one exists
*/
getIdentity(): Promise<Identity | undefined>;
}
22 changes: 22 additions & 0 deletions types/generated-snapshot/experimental/index.d.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -501,6 +501,7 @@ interface ExecutionContext<Props = unknown> {
readonly override?: string;
};
abort(reason?: any): void;
readonly access?: AccessContext;
}
type ExportedHandlerFetchHandler<
Env = unknown,
Expand Down Expand Up @@ -4601,6 +4602,27 @@ interface EventCounts {
): void;
[Symbol.iterator](): IterableIterator<string[]>;
}
/**
* Represents the identity of a user authenticated via Cloudflare Access.
* This matches the result of calling /cdn-cgi/access/get-identity.
*/
type Identity = object;
/**
* Cloudflare Access authentication information for the current request.
*/
interface AccessContext {
/**
* The audience claim from the Access JWT. This identifies which Access
* application the request matched.
*/
readonly aud: string;
/**
* Fetches the full identity information for the authenticated user.
*
* @returns The subject's identity, if one exists
*/
getIdentity(): Promise<Identity | undefined>;
}
// AI Search V2 API Error Interfaces
interface AiSearchInternalError extends Error {}
interface AiSearchNotFoundError extends Error {}
Expand Down
22 changes: 22 additions & 0 deletions types/generated-snapshot/experimental/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -503,6 +503,7 @@ export interface ExecutionContext<Props = unknown> {
readonly override?: string;
};
abort(reason?: any): void;
readonly access?: AccessContext;
}
export type ExportedHandlerFetchHandler<
Env = unknown,
Expand Down Expand Up @@ -4607,6 +4608,27 @@ export interface EventCounts {
): void;
[Symbol.iterator](): IterableIterator<string[]>;
}
/**
* Represents the identity of a user authenticated via Cloudflare Access.
* This matches the result of calling /cdn-cgi/access/get-identity.
*/
export type Identity = object;
/**
* Cloudflare Access authentication information for the current request.
*/
export interface AccessContext {
/**
* The audience claim from the Access JWT. This identifies which Access
* application the request matched.
*/
readonly aud: string;
/**
* Fetches the full identity information for the authenticated user.
*
* @returns The subject's identity, if one exists
*/
getIdentity(): Promise<Identity | undefined>;
}
// AI Search V2 API Error Interfaces
export interface AiSearchInternalError extends Error {}
export interface AiSearchNotFoundError extends Error {}
Expand Down
22 changes: 22 additions & 0 deletions types/generated-snapshot/latest/index.d.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -479,6 +479,7 @@ interface ExecutionContext<Props = unknown> {
passThroughOnException(): void;
readonly exports: Cloudflare.Exports;
readonly props: Props;
readonly access?: AccessContext;
}
type ExportedHandlerFetchHandler<
Env = unknown,
Expand Down Expand Up @@ -3939,6 +3940,27 @@ declare abstract class Performance {
*/
toJSON(): object;
}
/**
* Represents the identity of a user authenticated via Cloudflare Access.
* This matches the result of calling /cdn-cgi/access/get-identity.
*/
type Identity = object;
/**
* Cloudflare Access authentication information for the current request.
*/
interface AccessContext {
/**
* The audience claim from the Access JWT. This identifies which Access
* application the request matched.
*/
readonly aud: string;
/**
* Fetches the full identity information for the authenticated user.
*
* @returns The subject's identity, if one exists
*/
getIdentity(): Promise<Identity | undefined>;
}
// AI Search V2 API Error Interfaces
interface AiSearchInternalError extends Error {}
interface AiSearchNotFoundError extends Error {}
Expand Down
22 changes: 22 additions & 0 deletions types/generated-snapshot/latest/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -481,6 +481,7 @@ export interface ExecutionContext<Props = unknown> {
passThroughOnException(): void;
readonly exports: Cloudflare.Exports;
readonly props: Props;
readonly access?: AccessContext;
}
export type ExportedHandlerFetchHandler<
Env = unknown,
Expand Down Expand Up @@ -3945,6 +3946,27 @@ export declare abstract class Performance {
*/
toJSON(): object;
}
/**
* Represents the identity of a user authenticated via Cloudflare Access.
* This matches the result of calling /cdn-cgi/access/get-identity.
*/
export type Identity = object;
/**
* Cloudflare Access authentication information for the current request.
*/
export interface AccessContext {
/**
* The audience claim from the Access JWT. This identifies which Access
* application the request matched.
*/
readonly aud: string;
/**
* Fetches the full identity information for the authenticated user.
*
* @returns The subject's identity, if one exists
*/
getIdentity(): Promise<Identity | undefined>;
}
// AI Search V2 API Error Interfaces
export interface AiSearchInternalError extends Error {}
export interface AiSearchNotFoundError extends Error {}
Expand Down