On 16/07/22 08:46, Sood, Ritu wrote:
Hi
Currently Squid Bearer Authentication assumes that there is enough
information in the HTTP CONNECT request headers to validate the user.
But, in case, if there is no valid JWT, in our use case we want to
initiate OAuth2 authorization flow from Squid and redirect the user to
go to an IDP for getting authorization grant and then get access token.
How can this be supported in Squid?
(I assume you are using the Bearer auth PR branch we have for Squid.)
The Bearer auth helper you design can send Squid a set of key=value
which get used in %note{key} macro in a deny_info URL and/or
reply_header_add directive to set header strings.
<http://www.squid-cache.org/Doc/config/deny_info/>
<http://www.squid-cache.org/Doc/config/reply_header_add/>
The catch comes in with CONNECT method responses other than
accept/deny/re-auth being ignored by most Browsers.
Cheers
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
