client-certificate-auth

Appearance

client-certificate-auth API Reference

client-certificate-auth API Reference / fetch / extractClientCertificateFromRequest

Function: extractClientCertificateFromRequest()

extractClientCertificateFromRequest(request, options?): ExtractionResult

Defined in: fetch.js:48

Extract a client certificate from a Web standard Request (or any object with an iterable headers field that yields [name, value] tuples).

Normalizes header names to lowercase and delegates to the core extractClientCertificate. Header-only: Web Request has no TLS socket, so fallbackToSocket is stripped and has no effect.

Parameters

request

A Web Request or any object whose headers iterates [name, value] pairs.

headers

Iterable<[string, string]>

options?

ExtractorOptions = {}

Same options as extractClientCertificate. Header-extraction options only; socket options are ignored.

Returns

ExtractionResult

Examples

ts
// Hono
import { extractClientCertificateFromRequest } from 'client-certificate-auth/fetch';

app.get('/secure', async (c) => {
  const result = extractClientCertificateFromRequest(c.req.raw, {
    certificateSource: 'cloudflare-rfc9440',
  });
  if (!result.success) return c.text('Unauthorized', 401);
  return c.text(`Hello ${result.certificate.subject.CN}`);
});
ts
// Next.js Route Handler
export async function GET(request) {
  const result = extractClientCertificateFromRequest(request, {
    certificateSource: 'aws-alb',
  });
  if (!result.success) return new Response('Unauthorized', { status: 401 });
  return Response.json({ user: result.certificate.subject.CN });
}

Released under the MIT License.

Copyright © 2013-2026 Tony Gies