I've read the WireGuard specification, and it looks like WireGuard doesn't natively support any kind of user authentication (e.g. LDAP or something like that). Any client which has the server's public key, and whose IP address is whitelisted in the server configuration, can connect.
Does anyone know about any WireGuard extension or implementation which provides user authentication?
Best Answer
Each side of the tunnel has its own generated key and derived public key (defined as "peer" on the other side of the connection). To act as you are writing, you would need to share the private key between the "clients", which is the worst you can do (technically you can, but I hope nobody would even think about that).
Let's think about "client vs. server" roles:
server
client
We can say that the client is authenticated using one factor authentication and the authentication is realized using the public key of the client.
If I correctly understood your question this "feature" is present in WireGuard out of the box without any needs of extensions.