Tailscale LocalAPI | Dorian Monnier
The goal was to reproduce the behavior in the golink application. When users come from the Tailscale network, the application should authenticate them and give them access to the application based on roles defined in Tailscale ACL.
It can be used for many things. In my case, I needed to authenticate a user coming from Tailnet. I used it to get information about a Tailscale user by calling the whois endpoint.
We have enough information to authenticate the user, and we can even map some roles in Tailscale ACL thanks to the Grants section.
This API is equivalent to the tailscale whois command, but it can be used from any language without running the tailscale binary.
Unfortunately, LocalAPI is not documented yet. A Go SDK exists to interact with it: Tailscale LocalClient. When using another language we have to check API calls in the source code to reproduce them:
