Cloudflare Adds Granular OAuth Consent and Easy Revocation

Cloudflare has introduced significant improvements to its OAuth authorization process, giving users more control and transparency when connecting third-party applications to their accounts.

What’s New?

• Account-by-Account Selection: When authorizing an OAuth application, you can now choose exactly which Cloudflare accounts the app can access, rather than granting access to all accounts by default. The "All accounts" option remains for trusted tools.
• Detailed Consent Screen: The updated OAuth consent screen now clearly displays:
  • The specific permissions the application is requesting
  • The application's owner and contact information
  • Checkboxes to select which accounts to authorize
• Manage and Revoke Access: From your Cloudflare profile, you can now:
  • View all connected OAuth applications
  • Review each application's permissions and account access
  • Instantly revoke access with a single click

Why This Matters

These changes provide:

• Granular Control: Authorize apps per-account, not all-or-nothing
• Transparency: See exactly what you’re consenting to
• Security: Limit access to only the necessary accounts, reducing risk
• Easy Cleanup: Quickly revoke access when apps are no longer needed

To manage your OAuth applications, go to Profile → Access Management → Connected Applications in your Cloudflare dashboard.

For more details, check out Cloudflare’s blog post on improving the OAuth consent experience.