This repository was archived by the owner on Nov 30, 2024. It is now read-only.
Mutual TLS (mTLS)Β #3
Description
Proposal
I would like to propose that the CG pursue standardization of Mutual TLS authentication in the fetch API.
This is a feature that is not likely to be implemented by browser runtimes but is in my opinion missing in non-browser runtimes where fetch is the only interoperable HTTP client.
The use-case I have in mind is implementation of OAuth mTLS Client Authentication and Client Certificate-Bound Access Tokens.
Prior Art
Node.js - https module has the option to provide the cert, key, crl, passphrase, pfx, and ca options.
Deno - using deno --unstable there's Deno.createHttpClient, the result of which can be passed as a client property to fetch's init argument. This method accepts certChain, privateKey, and caCerts options.