search

square / rails-auth

Modular resource-based authentication and authorization for Rails/Rack
Apache License 2.0
291 stars 26 forks source link

Extensions support in X509 matching #52

Closed MikaelSmith closed 5 years ago

MikaelSmith commented 6 years ago

This is great, kind of like https://github.com/puppetlabs/trapperkeeper-authorization for Rack.

A feature I'd like to see added is extracting extensions - such as subjectAltName - from the certificate in Rails::Auth::X509::Certificate so we can match against them in an ACL.

nerdrew commented 5 years ago

You should be able to access the raw OpenSSL::X509::Certificate via #certificate. You can read extensions, etc. from that.

MikaelSmith commented 5 years ago

Ok, thanks for the pointer.