Authentication Error (403 forbidden) with Cloudflare Zero Trust Service Token for ArgoCD CI/CD Pipeline

[MedRhimi]

I am using Cloudflare Zero Trust to secure an ArgoCD service deployed on a Kubernetes cluster. My setup restricts access to the ArgoCD UI and API to authenticated users via WARP (Cloudflare’s Zero Trust client). For human users, this works as expected—WARP authentication allows access to the ArgoCD UI. However, for my CI/CD pipeline (AWS CodePipeline), which needs to interact with the ArgoCD API to sync applications, I’ve configured a service auth access policy in Cloudflare Zero Trust to allow authentication using a service token (Client ID and Client Secret). Despite this, I consistently receive an authentication error (HTTP 403 Forbidden) when the pipeline attempts to connect to the ArgoCD API.
Environment:
ArgoCD Version: [argocd chart version 6.7.3]
Cloudflare Zero Trust: Configured with WARP for user authentication and service tokens for CI/CD

argocd app list \
  --server argocd.example.com \
  --header "Cf-Access-Client-Id: xxxxx" \ 
  --header "Cf-Access-Client-Secret: xxxx" \
 --auth-token "xxxx" \
--loglevel debug \
  --insecure

ERROR: FATA[0000] rpc error: code = PermissionDenied desc = unexpected HTTP status code received from server: 403 (Forbidden )
Is there extra configuration that has to be added from the argocd side to accept this connection ?

[MedRhimi]

Hello, any chances someone ran into a similar thing?