Slim Authentication using client certificate

Hi all,

I am currently thinking about a client certificate authentication implementation additional to username+password combination (Bearer Token JwtAuthentication).

Has someone already done this? Is there a middleware available?
How to handle different User Roles, which value in a cert field?

I appreciate any answer.

Best Regards