[squid-users] Support for OAuth2 Authorization flow
Amos Jeffries
squid3 at treenet.co.nz
Fri Jul 15 21:14:06 UTC 2022
On 16/07/22 08:46, Sood, Ritu wrote:
> Hi
>
> Currently Squid Bearer Authentication assumes that there is enough
> information in the HTTP CONNECT request headers to validate the user.
> But, in case, if there is no valid JWT, in our use case we want to
> initiate OAuth2 authorization flow from Squid and redirect the user to
> go to an IDP for getting authorization grant and then get access token.
>
> How can this be supported in Squid?
>
(I assume you are using the Bearer auth PR branch we have for Squid.)
The Bearer auth helper you design can send Squid a set of key=value
which get used in %note{key} macro in a deny_info URL and/or
reply_header_add directive to set header strings.
<http://www.squid-cache.org/Doc/config/deny_info/>
<http://www.squid-cache.org/Doc/config/reply_header_add/>
The catch comes in with CONNECT method responses other than
accept/deny/re-auth being ignored by most Browsers.
Cheers
Amos
More information about the squid-users
mailing list