mTLS auth as an alternative to API Key auth

[deepakprabhakara]

Is your proposal related to a problem?

We should support mTLS as an auth mechanism for API calls.

Additional context

mTLS ensures that the parties at each end of a network connection are who they claim to be by verifying that they both have the correct private key. The information within their respective TLS certificates provides additional verification.

Further details

We currently use API keys to authenticate protected requests. We need to offer mTLS as an alternative auth mechanism, this will allow our customers to set up internal communication between their services and Jackson.

If possible both auth mechanisms should work (shouldn't be a choice between mTLS or API Keys).

[shevalda]

Hi, is there any elaboration and detail about this enhancement? I am interested to help with this. Thank you in advance!

[deepakprabhakara]

That's great @shevalda, here's a Cloudflare article with more details - https://www.cloudflare.com/en-gb/learning/access-management/what-is-mutual-tls/. We want to support mTLS auth in addition to the API key based auth we currently support.

[deepakprabhakara]

@gitstart-boxyhq One more issue is ready, many thanks

[sp6370]

Hi @deepakprabhakara!

I would like to pick this up. Could you assign me the issue?