https://github.com/encode/uvicorn/issues/745
Many applications in finance/banking require two way certificate verification. Currently the way we have handled this is by proxying the request and extracting out the client information at nginx or traefik and stuffing it into the headers.
From the request we cannot get the transport information and unable to getgetpeercert preventing application-level validation of client certificates.
A possible solution is to pass the transport in the request scope.
In the protocol h11_impl.py we could simply add
"transport":self.transport
after
uvicorn/uvicorn/protocols/http/h11_impl.py
Line 203 in 0efd383
Then at a route level or fastapi middleware we could pull the client certificates to check against an authorization service.
@app.get("/admin")
async def getAdminPage(request:Request):
client_cert = request.scope['transport'].get_extra_info("ssl_object").getpeercert()
#Verify user common name is an admin
All
Pay now to fund the work behind this issue.
Get updates on progress being made.
Maintainer is rewarded once the issue is completed.
You're funding impactful open source efforts
You want to contribute to this effort
You want to get funding like this too