[squid-users] Squid Authentication with HTTP REST API

Mon Mar 20 08:27:39 UTC 2017

Hey Serhat,

The right way to support OAUTH2 or any similar idea would be using an ICAP
service or ECAP module(to my knowledge).
There might be a way to do it using an external_acl helper but I do not know
how and if it would be possible.

To my understanding OAUTH2 will use some redirection when a cookie is not
present and if present and valid then it will let you pass.
Also it will has a special token "portal" api which the OAUTH2 will redirect
towards in or order to get the cookie from the origin service.
In the backend when the request from the client to the api with the key will
be done the client token will be revalidated in the background
against the facebook or google or another OAUTH2 provider using the
developer API key.

Eliezer

----
http://ngtech.co.il/lmgtfy/
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il

From: Serhat Koroglu [mailto:serhatkoroglu at outlook.com] 
Sent: Monday, March 20, 2017 8:49 AM
To: Eliezer Croitoru <eliezer at ngtech.co.il>;
squid-users at lists.squid-cache.org
Subject: Re: [squid-users] Squid Authentication with HTTP REST API

Sorry for late reply.
I have find a suitable solution for validation through a http web service.
Here tells developing custom helper even using
php: http://freesoftwaremagazine.com/articles/authentication_with_squid/ Tha
t's nice. 

Then I know there is  authentication with oauth2 for squid-server. But you
may be know, in oauth2 authentication, you must authorize the app using
user's credentials e.g. facebook username and password. When this oauth2
method is used, your app must redirect to the oauth2 service to authorize
your app. 

You may had used many web sites like that with facebook login. So my
question is how may squid server do this redirect  and authorization process
using a third party oauth2 service? Squid asks username and password with
web browser popup. Is there any example to this? 

Regards,
Serhat.
________________________________________
From: Eliezer Croitoru <mailto:eliezer at ngtech.co.il>
Sent: Wednesday, March 15, 2017 12:01:15 PM
To: 'Serhat Koroglu'
Cc: mailto:squid-users at lists.squid-cache.org
Subject: RE: [squid-users] Squid Authentication with HTTP REST API 

Hey Serhat,(first name right?)

>From what I understand you have a specific case.
Today the squid project doesn't have an example on how to implement such a
solution.
I am willing to write an example for such a use case.
If you are willing to give me some of the details privately I would be able
to put up together an ICAP server as an example.

Eliezer

----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: mailto:eliezer at ngtech.co.il

-----Original Message-----
From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On
Behalf Of Amos Jeffries
Sent: Wednesday, March 15, 2017 4:04 AM
To: mailto:squid-users at lists.squid-cache.org
Subject: Re: [squid-users] Squid Authentication with HTTP REST API

On 14/03/2017 8:15 p.m., Serhat Koroglu wrote:
> Hello,
> 
> Is there any possibilty implementing an authentication through a custom
XML Web Service or HTTP REST API? What should I check?
> 

Squid supports the HTTP authentication framework (RFC 7235
<https://tools.ietf.org/html/rfc7235>). Squid is intentionally designed
not to touch the message payloads.

If the API uses custom headers then you can possibly do it with an
external_acl_type helper that takes those headers and returns
credentials to Squid.

But, if the API uses message payloads you will likely need something
like an ICAP service or eCAP module to do the payload processing.

Amos

_______________________________________________
squid-users mailing list
mailto:squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users