Is it possible to configure the client for mTLS authentication?

devashishdxt / tonic-web-wasm-client

Other

104 stars 28 forks source link

Is it possible to configure the client for mTLS authentication? #28

Closed matze closed 1 year ago

matze commented 1 year ago

The client works reasonably well but we do use mTLS to authorize access to gRPC calls. Or is it a general limitation of grpc-web?

lukasztab commented 1 year ago

Hi. I bump the question. It would be great to have some customization options. I'm especially interested In adding ca_certificate and user_agent similar to tonic::transport::Channel:

Channel::builder(Uri::from_str(addr)?)
    .tls_config(
        ClientTlsConfig::new()
            .domain_name(host)
            .ca_certificate(cert),
    )
    .unwrap()
    .user_agent(user_agent)
    .unwrap()
    .connect()
    .await

devashishdxt commented 1 year ago

Hi. Thanks for creating the issue.

I'm not sure what exactly is your usecase. But, can you refer to this PR for TLS config: https://github.com/devashishdxt/tonic-web-wasm-client/pull/14/files

In a nutshell, you can setup everything on you server. But, it is not possible to provide custom configuration in client via code as we use fetch API on browsers. You'll have to manually add certificates in your browser.

devashishdxt commented 1 year ago

Closing this issue. Please reopen if you have any more questions.