Just a minor documentation request: could the auth0 team update the following API documentation page to include the list of permitted header names for custom_client_ip_header?
https://auth0.com/docs/api/management/v2/custom-domains/patch-custom-domains-by-id
Through trial and error I’ve found “cf-connecting-ip” and “true-client-ip” are permitted but others result in a 400 bad request error like the following when attempting to PATCH /api/v2/custom-domains/{id}:
{
"statusCode": 400,
"error": "Bad Request",
"message": "Payload validation error: 'Invalid value \"cu-connecting-ip\"' on property custom_client_ip_header (The HTTP header to fetch the client's IP address).",
"errorCode": "invalid_body"
}
You may also want to make it easier in the portal or in the documentation for folks to know how to access the id of their custom domain.
Separately, just want to share a tip for those following Configure Cloudflare as Reverse Proxy- an alternative to page rules + transform rules + an enterprise plan to enable the True-Client-IP header is to use a cloudflare worker to proxy the requests as follows:
export default {
async fetch(
{ url, method, headers, body },
{ AUTH0_ORIGIN_DOMAIN_NAME, AUTH0_CNAME_API_KEY }
) {
url = new URL(url);
url.hostname = AUTH0_ORIGIN_DOMAIN_NAME;
headers = new Headers(headers);
headers.set('host', AUTH0_ORIGIN_DOMAIN_NAME);
headers.set('cname-api-key', AUTH0_CNAME_API_KEY);
const ip = headers.get('cf-connecting-ip');
if (ip) {
headers.set('true-client-ip', ip);
}
return fetch(url, { method, headers, body, redirect: 'manual' });
}
};