[squid-dev] Feature: Bearer Authentication - Status of deployment

Amos Jeffries squid3 at treenet.co.nz
Sat Dec 20 23:19:04 UTC 2025

Previous message (by thread): [squid-dev] Feature: Bearer Authentication - Status of deployment
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 19/12/2025 22:56, Markus Moeller wrote:
> May I ask which client would support this ?

All of these https://oauth.net/code/ at least.

As you may notice OAuth/Bearer is largely in the CDN/reverse-proxy space 
where it is the industry standard for web-based application and SAAS 
authentication.

>  It would be really useful 
> if Chrome and other Browser would support it as a proxy authentication 
> head not only www authentication.  With Microsofts AD changing to 
> EntraID  i.e. removal of kerberos/ntlm is there any other way to perform 
> forward proxy authentication ?

AFAIK, Basic and Kerberos still work fine with Microsoft AD. Digest 
should/may also work provided you are not using the LDAP interface to 
verify with the AD domain server.

The client situation is not very clear due to some obfuscation in 
marketing terms. One needs to look for any one of "Bearer", "OAuth", 
"OpenID", and "Identity API" support (at least, maybe others).

The popular Browser clients all seem to have "Identity API" extensions. 
Though I do not know myself whether those support forward-proxy logins, 
or just website/API login.

HTH
Amos

> 
> Thank you
> Markus
> 
> "Amos Jeffries"  wrote in message 
> news:5bd92956-360a-40d1-8393-8a6df9d3861c at treenet.co.nz...
> 
> On 23/01/24 23:15, Alexandru Durlea wrote:
>> Hi team, I have a question in regards to the Feature: _Bearer 
>> Authentication_ that is listed here: https://wiki.squid-cache.org/ 
>> Features/BearerAuthentication <https://wiki.squid-cache.org/Features/ 
>> BearerAuthentication>
>>
>> Can see that it is marked with:  “Status: nearly completed”
>>
>> Just checking in on asking if there any estimation of a date when this 
>> feature will be ready / complete ?
>>
> 
> The feature is/was complete and is used by several Squid installations
> of Squid-3.5.
> 
> Parts of it have already been merged separately in current Squid. Work
> is needed to rebase the branch on current Squid and re-test it. Nobody
> is working on that at present, so no ETA is available.
> 
> 
> HTH
> Amos
> _______________________________________________
> squid-dev mailing list
> squid-dev at lists.squid-cache.org
> https://lists.squid-cache.org/listinfo/squid-dev
> 
> _______________________________________________
> squid-dev mailing list
> squid-dev at lists.squid-cache.org
> https://lists.squid-cache.org/listinfo/squid-dev

Previous message (by thread): [squid-dev] Feature: Bearer Authentication - Status of deployment
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the squid-dev mailing list