How do you do GRPC authentication in an istio mTLS setup?

I have bunch of GRPC microservices and they are using self signed certs. I add authentication info to the GRPC channel which is then used to identify endpoints and provide right services.

Now I want migrate to Istio mTLS.

In phase one, I got Istio to BYPASS all GRPC connections and my services works as it is now.

In Phase two, I want to hand off TLS to Istio, but I am stuck on how to pass the authentication information to GRPC?

How do you handle auth in Istio mTLS setup?

GRPC can support other authentication mechanisms Has anyone used this to inject Istio auth info to GRPC? any other suggestions on how you implemented this in your setup

It does not seem right to inject the Istio certificate to your gRPC application code. The more common way is to just enable the STRICT mTLS in Istio and then you do not need any TLS setting in your gRPC code. All requests to your service will be protected by the Istio mTLS automatically, you do not need TLS-in-mTLS unless you have any special reasons.