I am planning to set up a CloudFlare proxy in front of my web service and use mTLS for authentication (see https://community.cloudflare.com/t/mtls-user-propagation/371991). Ths mTLS terminations is done by CloudFlare. What will arrive at my web server is an HTTP header called Cf-Access-Jwt-Assertion, containing a JSON Web Token (example can be found in above link as well) with claims.
Is there a way to configure Apache2 to verify this JSON Web Token for me so that my application does not have to?
This module would need to download through a given URL the public key of the JWT for verification, and would need to be configurable to verify certain claims in the JWT, e.g. the aud field or others.
Note: I am aware that a solution for HA Proxy exists, but I am explicitly looking for one for Apache2.