mTLS Auth Policy
This policy will authenticate users based on mTLS certificates that are
configured for your project. This policy is available only to enterprise
customers (contact sales@zuplo.com to request info). When a requests is
authenticated with an mTLS certificate, the certificate data will be set as the
user object of the request. The user.sub
property will be the value of the
certificates DN.
Enterprise Feature
This policy is only available as part of our enterprise plans. If you would like to use this in production reach out to us: sales@zuplo.com
Configuration
The configuration shows how to configure the policy in the 'policies.json' document.
{ "name": "my-mtls-auth-inbound-policy", "policyType": "mtls-auth-inbound", "handler": { "export": "MTLSAuthInboundPolicy", "module": "$import(@zuplo/runtime)", "options": { "allowExpiredCertificates": false, "allowRevokedCertificates": false, "allowUnauthenticatedRequests": false } } }json
Policy Configuration
name
<string>
- The name of your policy instance. This is used as a reference in your routes.policyType
<string>
- The identifier of the policy. This is used by the Zuplo UI. Value should bemtls-auth-inbound
.handler.export
<string>
- The name of the exported type. Value should beMTLSAuthInboundPolicy
.handler.module
<string>
- The module containing the policy. Value should be$import(@zuplo/runtime)
.handler.options
<object>
- The options for this policy. See Policy Options below.
Policy Options
The options for this policy are specified below. All properties are optional unless specifically marked as required.
allowUnauthenticatedRequests
<boolean>
- Indicates whether the request should continue if authentication fails. Default isfalse
which means unauthenticated users will automatically receive a 401 response. Defaults tofalse
.allowExpiredCertificates
<boolean>
- Indicates whether the request should continue if the certificate is expired. Defaults tofalse
.allowRevokedCertificates
<boolean>
- Indicates whether the request should continue if the certificate is revoked. Defaults tofalse
.
Using the Policy
Read more about how policies work