Utilising 'whois' to authenticate users

Hey! We’re really loving Tailscale so far!

I’ve noticed the recent introduction of the ‘Whois’ in the Tailscale API. At the moment, we have two authentication steps (two the network and two applications within) and I’d love to see that dropped to one with a second-factor authentication for the application access.

My thought is to set up or IAP to perform a whois on application access to authenticate users. Is this too far tangential from this feature’s intended use? I also appreciate that this may be completely against the ‘zero-trust’ ideology.


You’re referring to tailscale/tsnet at main · tailscale/tailscale · GitHub ?

That pretty much is the intended use, sure. It is early days for that library and subject to change, but experimenting and trying out services is what it is for.