Using other cert attributes

By default, this middleware uses email field for authentication. You'll probably want to use other fields, like id or username. Then just extend this class and implement your own logic by overriding the getUserFromCert method.

Example

Generating certificate

openssl req -new -utf8 -nameopt multiline,utf8 -newkey rsa:2048 -nodes -keyout client.key -out client.csr -subj '/pseudonym=test'

Actually, you can use any attribute (even your own).

Creating custom middleware

The static getUserFromCert function accepts the Request object and must return the Authenticatable object (like App\User).

// app/Http/Middleware/X509UsernameAuth.php

use Ingria\LaravelX509Auth\Middleware\AuthenticateWithClientCertificate;
use Illuminate\Http\Request;
use App\User;

final class X509UsernameAuth extends AuthenticateWithClientCertificate
{
    /**
     * @param  Request $request
     * @return User
     */
    protected static function getUserFromCert(Request $request)
    {
        $subject = $request->server('SSL_CLIENT_S_DN');

        // In this example we're using the pseudonym attribute described in RFC.
        preg_match('/pseudonym=(\w+)/i', $subject, $match);

        if (empty($match) || count($match) < 2) {
            return abort(400, 'Missing or invalid pseudonym attribute');
        }

        return User::where('username', '=', $match[1])->firstOrFail();
    }
}

Then, simply register the newly created class in your middleware stack.

// app/Http/Kernel.php

...
protected $routeMiddleware = [
    // a whole bunch of middlewares...
    'auth.x509' => \App\Http\Middleware\X509UsernameAuth::class,
];