ACCORDING to Cloudflare, Managed OAuth for Access is now available in open beta to all customers, enabling one-click enablement for any internal app behind Cloudflare Access. Cloudflare explains that the new flow lets agents speaking OAuth 2.0 discover how to authenticate, be guided through the auth flow, and receive back an authorization token, mirroring the JWT used in their earlier workaround.
Since 14 April 2026, the adoption relies on RFC 9728, which enables dynamic client registration, PKCE, and standard OAuth flows for agents to access protected web pages, REST APIs and MCP servers. The provider notes that managed OAuth integrates with existing MCP server portals and aims to remove the need for static credentials or service accounts, improving attribution and audit logs.
It is highlighted as a global capability in open beta with a free tier, and comes alongside plans to share a single IdP across many Cloudflare accounts within organisations. The post also covers future enhancements for tighter integration between Cloudflare Access, Workers, and additional agent tooling as Agents Week progresses.