Akka HTTP

Version 10.6.2

extractClientCertificate

Signature

def extractClientCertificate: Directive1[X509Certificate]

Description

This directive extracts the client certificate for the client mTLS connection where the request was made.

If there is no client trusted certificate present (can only happen with setWantClientAuth(true)) the request is rejected with a TlsClientUnverifiedRejectionTlsClientUnverifiedRejection.

Note

Using this directive requires tls-session info parsing to be enabled: akka.http.server.parsing.tls-session-info-header = on and that the server ConnectionContext SSLEngine was set up with either setWantClientAuth(true) or setNeedClientAuth(true)

Example

Scala
sourcepath("client-cert") {
  extractClientCertificate { clientCert =>
    complete(clientCert.getSubjectX500Principal.getName)
  }
Java
sourcefinal Route route = extractClientCertificate(certificate ->
        complete(certificate.getSubjectX500Principal().getName())
);
TlsDirectives
extractSslSession
Found an error in this documentation? The source code for this page can be found here. Please feel free to edit and contribute a pull request.