Reference alexa skill cloudflare access bypass

When linking an Alexa skill to Home Assistant behind Cloudflare Access, Amazon's OAuth server cannot pass the CF Access challenge. The symptom is: user sees what looks like an HA login page (actually CF Access auth), credentials appear to submit, but HA logs zero requests and the Alexa app returns 'unable to link' immediately after sign-in.

The URL pattern that reveals this: cdn-cgi/access/authorized in the address bar during the link flow. That is CF Access, not HA.

Fix: Create Cloudflare Access bypass rules for the HA application on these paths: - /auth/* (covers /auth/authorize and /auth/token) - /api/alexa

This was applied to homeassistant.justinsforge.com on 2026-05-20 to unblock the Forge Alexa skill.

Why: Amazon's OAuth redirect server (pitangui.amazon.com, layla.amazon.com) cannot authenticate with Cloudflare Access, so any HA service behind CF Access needs path-level bypass for Alexa account linking.

How to apply: Any future Alexa skill pointing at a CF Access-protected HA instance needs these bypass rules before account linking will succeed. Check the URL bar on the linking page for cdn-cgi/access if linking fails silently.

[auto-memory session 17941bc1-d82e-4781-a129-fee53cb899c4, confidence 0.85, mode direct]