Authorization via client certificates
rcrowley opened this issue · comments
Whether a part of the core or not, there should be a handler that can verify client certificates and possibly make authorization decisions on a per-route basis.
What is the status on that?
There isn't anything pre-baked in TigerTonic, but since it operates on http.Handler
's you can wire your own in fairly easily. I will tell you that we do this, and it was very fragile. for example, wrapping the ResponseWriter
reference the way a lot of the tt handlers do causes the http.Request.TLS
to not get populated because net/http
rely on an internal implementation to be present. I haven't had the time to check if this is still the case in 1.3, but basically I would hesitate to release a pre-baked solution for this due to the fragility and documentation burden involved.
Hi mihasya, thank you for your response.