Issue Review: cloudflare/workers-sdk#11081

Summary

VPN users get blocked by Cloudflare bot challenges during wrangler login OAuth flow, preventing authentication.

Findings

• Created: 2025-10-24
• Updated: 2025-11-24
• Version: Not specified (macOS 26.0.1, Apple M4 Max)
• Component: Wrangler OAuth/Login
• Labels: bug, internal, awaiting Cloudflare response
• Comments: 5

Key Evidence

• Not a wrangler code bug: This is a Cloudflare platform issue where bot management blocks OAuth requests from VPN IP addresses
• Internal ticket exists: IAMSEC-7142 created on 2025-11-24, currently in "Backlog" status with P4 Normal priority
• Linked issue: BUGS-1847 "Re: wrangler login flow blocked by Bot Management" in "Needs Triage" status
• Workaround available: Use CLOUDFLARE_API_TOKEN environment variable instead of OAuth login
• Maintainer response: Pete Bacon Darwin acknowledged the issue and provided the workaround

Internal Jira Status

Ticket	Status	Priority	Last Updated
IAMSEC-7142	Backlog	P4 Normal	2025-12-19
BUGS-1847	Needs Triage	-	-

Recommendation

Status: KEEP OPEN

Reasoning: This is a legitimate platform-level issue that affects multiple users (confirmed by another user in comments). The issue is correctly labeled as internal and awaiting Cloudflare response since it requires changes to Cloudflare's bot management system, not wrangler code. The internal Jira ticket exists but is in backlog, so keeping this GitHub issue open maintains visibility for affected users.

Action: No action needed on this issue. The internal tracking (IAMSEC-7142) should continue. The issue serves as a public reference for affected users to find the API token workaround.