Make client certificates optional for tls mutual authentication
We have a set of services that need to be able to support both client certificate authentication and AAD JWT authentication.
The current behavior either makes the certificate mandatory which doesn't work for us as the same routes/apis need to support the AAD jwt token auth, or nothing at all.
Making the certificate mandatory per route is also not useful as the same route needs to support both.
Any update on this? this is a blocking issue