Support for Client certificates for downstream routes · ThreeMammals/Ocelot#1690

(10 comments) (0 reactions) (1 assignee)C# (8,137 stars) (1,617 forks)batch import

MVPfeaturehelp wantedlarge effortmedium effort

Description

New Feature

Extend the definition of downstream routs to support specifying a client certificate that is the used to call the service.

Motivation for New Feature

We are looking at using Ocelot as the API gateway for a new project. The problem is that the downstream services require that the usage of client certificates to authenticate (they contain PII). This feature would enable this setup.

Contributor guide

Tech stack: csharp
Domain: backendapiauthentication
Issue type: feature
Difficulty: 3
Estimated time: 1-2 days
Activity status: blocked
Clarity: clear
Prerequisites: C#.NETASP.NET CoreOcelot basics
Newbie friendliness: 45
Research direction: The issue requests adding client certificate support to downstream route configuration. To implement, look at how existing downstream route options are defined (e.g., in Ocelot's configuration model and HTTP client factory). The authentication handler for client certificates likely needs to be integrated in the HttpClient creation pipeline. Refer to the existing code in `Ocelot.Requester` and `Ocelot.HttpClient` namespaces. The assigned developer has not provided any PR yet, so consider checking if there is a pending design discussion in the comments.