From 9b1a42fb24934640c5fb26a33a7920fac712532a Mon Sep 17 00:00:00 2001
From: lrzhou25 <141781699+lrzhou25@users.noreply.github.com>
Date: Tue, 12 Mar 2024 13:40:06 -0700
Subject: [PATCH] Added mTLS authentication as an authentication method
 (#10382)

* Added mTLS authentication as an authentication method

* Added confidential applications

* Removed supported auth api endpoints
---
 articles/api/authentication/_introduction.md | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/articles/api/authentication/_introduction.md b/articles/api/authentication/_introduction.md
index 5b9b0d50d9..965d1370b6 100644
--- a/articles/api/authentication/_introduction.md
+++ b/articles/api/authentication/_introduction.md
@@ -14,11 +14,12 @@ The Authentication API is served over HTTPS. All URLs referenced in the document
 
 ## Authentication methods
 
-You have four options for authenticating with this API:
+You have five options for authenticating with this API:
 - OAuth2 <dfn data-key="access-token">Access Token</dfn>
 - Client ID and Client Assertion (confidential applications)
 - Client ID and Client Secret (confidential applications)
 - Client ID (public applications)
+- mTLS Authentication (confidential applications)
 
 ### OAuth2 Access Token
 
@@ -45,6 +46,18 @@ Send the Client ID. For public applications (applications that cannot hold crede
 
 An example is the [Implicit Grant](#implicit-grant).
 
+### mTLS Authentication
+
+Generate a certificate, either [self-signed](https://auth0.com/docs/get-started/applications/configure-mtls/configure-mtls-for-a-client#self-signed-certificates) or [certificate authority signed](https://auth0.com/docs/get-started/applications/configure-mtls/configure-mtls-for-a-client#certificate-authority-signed-certificates). Then, [set up the customer edge network](https://auth0.com/docs/get-started/applications/configure-mtls/set-up-the-customer-edge) that performs the mTLS handshake. 
+
+Once your edge network verifies the certificate, forward the request to the Auth0 edge network with the following headers:
+
+- The Custom Domain API key as the `cname-api-key` header.
+- The client certificate as the `client-certificate` header.
+- The client certificate CA verification status as the `client-certificate-ca-verified` header. For more information, see [Forward the Request](https://auth0.com/docs/get-started/applications/configure-mtls/set-up-the-customer-edge#forward-the-request-).
+
+To learn more, read [Authenticate with mTLS](https://auth0.com/docs/get-started/authentication-and-authorization-flow/authenticate-with-mtls). 
+
 ## Parameters
 
 For GET requests, any parameters not specified as a segment in the path can be passed as an HTTP query string parameter: