How to inform the backend HTTP server of a client certificate

We frequently use client certificates as part of our application security. We would like to offload the TLS authentication to Traefik. From what I understand Traefik supports this (mTLS).

The challenge with this migration is that we still need specific details from the client certificate. That is we want Traefik to handle the Authentication, but the application still needs to handle Auteorization and so needs to know identity verified by Authentication.

If this were Apache2 there would be a simple mechanism to add the client certificate in a HTTP header. But I can't find any similar feature in the Traefik documentation.

Maybe I missed something?

Seems Traefik has a PassTLSClientCert middleware for that, but for http/s routers. (Makes sense because with plain TCP/IP you can’t pass headers.)