One of the services I’m trying to connect to from my worker requires additional authentication. Either a JWT, or a client certificate.
It’s pretty straight forward to run a server behind an Argo tunnel to provide the JWT, but I’m, so far, able to accomplish the design goals without having to build / host / maintain our own server. I’d prefer to accomplish this connection entirely from within the Worker.
With that being said, I can still use JWT, however, I’m having trouble finding a race-free way of caching the token (KV store), detecting pending expiration, and re-issuing the token.
So, until I nail-down a race-free, decentralized way of managing the JWT, I was hoping I could have my worker use the client certificate (mTLS) authentication for the outgoing connection.
Has anyone successfully done this? I imagine I just need to assign the key/certificate during the
fetch() call, but my google-fu seems to be lacking…