Hey Serhat, The right way to support OAUTH2 or any similar idea would be using an ICAP service or ECAP module(to my knowledge). There might be a way to do it using an external_acl helper but I do not know how and if it would be possible. To my understanding OAUTH2 will use some redirection when a cookie is not present and if present and valid then it will let you pass. Also it will has a special token "portal" api which the OAUTH2 will redirect towards in or order to get the cookie from the origin service. In the backend when the request from the client to the api with the key will be done the client token will be revalidated in the background against the facebook or google or another OAUTH2 provider using the developer API key. Eliezer ---- http://ngtech.co.il/lmgtfy/ Linux System Administrator Mobile: +972-5-28704261 Email: eliezer@xxxxxxxxxxxx From: Serhat Koroglu [mailto:serhatkoroglu@xxxxxxxxxxx] Sent: Monday, March 20, 2017 8:49 AM To: Eliezer Croitoru <eliezer@xxxxxxxxxxxx>; squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: Re: Squid Authentication with HTTP REST API Sorry for late reply. I have find a suitable solution for validation through a http web service. Here tells developing custom helper even using php: http://freesoftwaremagazine.com/articles/authentication_with_squid/ Tha t's nice. Then I know there is authentication with oauth2 for squid-server. But you may be know, in oauth2 authentication, you must authorize the app using user's credentials e.g. facebook username and password. When this oauth2 method is used, your app must redirect to the oauth2 service to authorize your app. You may had used many web sites like that with facebook login. So my question is how may squid server do this redirect and authorization process using a third party oauth2 service? Squid asks username and password with web browser popup. Is there any example to this? Regards, Serhat. ________________________________________ From: Eliezer Croitoru <mailto:eliezer@xxxxxxxxxxxx> Sent: Wednesday, March 15, 2017 12:01:15 PM To: 'Serhat Koroglu' Cc: mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: RE: Squid Authentication with HTTP REST API Hey Serhat,(first name right?) >From what I understand you have a specific case. Today the squid project doesn't have an example on how to implement such a solution. I am willing to write an example for such a use case. If you are willing to give me some of the details privately I would be able to put up together an ICAP server as an example. Eliezer ---- Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: mailto:eliezer@xxxxxxxxxxxx -----Original Message----- From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Amos Jeffries Sent: Wednesday, March 15, 2017 4:04 AM To: mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: Re: Squid Authentication with HTTP REST API On 14/03/2017 8:15 p.m., Serhat Koroglu wrote: > Hello, > > Is there any possibilty implementing an authentication through a custom XML Web Service or HTTP REST API? What should I check? > Squid supports the HTTP authentication framework (RFC 7235 <https://tools.ietf.org/html/rfc7235>). Squid is intentionally designed not to touch the message payloads. If the API uses custom headers then you can possibly do it with an external_acl_type helper that takes those headers and returns credentials to Squid. But, if the API uses message payloads you will likely need something like an ICAP service or eCAP module to do the payload processing. Amos _______________________________________________ squid-users mailing list mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
