Note that if works only if your Phoenix server is the TLS endpoint. Otherwise, if the TLS endpoint is a proxy, the typical approach is to send the certificate information from the proxy to the backend in HTTP headers (but the proxy has to strip them before processing the request, otherwise anyone can inject any value in these headers).
Also I’ve implemented mTLS from RFC8705 here: APIacAuthMTLS.