[squid-users] Squid Authentication with HTTP REST API

Amos Jeffries squid3 at treenet.co.nz
Wed Mar 22 02:09:21 UTC 2017


On 20/03/2017 9:27 p.m., Eliezer  Croitoru wrote:
> Hey Serhat,
> 
> The right way to support OAUTH2 or any similar idea would be using an ICAP
> service or ECAP module(to my knowledge).

Sigh. Another perfect example of how giving us incorrect information
results in bad answers.

OAuth2 is an actual standard authentication scheme with defined HTTP
features, not "a custom XML Web Service or HTTP REST API" which Serhat
was asking for earlier.

The proper way to implement OAuth2 is with the Bearer authentication
scheme. I did that implementation years ago right after Oauth2 Bearer
was standardized, but it did not get merged because nobody was using it
with proxies at the time and the final polish was going to be hard.

The patch (for an early 3.5) can be found at
<http://www.squid-cache.org/mail-archive/squid-dev/201407/0147.html> and
<http://wiki.squid-cache.org/Features/BearerAuthentication> the
documentation for using it in a patched squid. If you want to sponsor
the work Serhat I would be happy to update it to current releases.

HTH
Amos



More information about the squid-users mailing list