EG 3.1+
open-ils.auth.authenticate.init attempts to determine if the provided identifier is a username or a barcode. But it always does this by matching the identifier against a hard-coded barcode pattern of '^\d'. This is plainly incorrect: some libraries use a different barcode format (as specified by the opac.barcode_regex setting), and any usernames beginning with a number will be wrongly treated as barcodes for authentication purposes (which is problematic if your username and barcode don't match).
One place where this causes problems is AuthProxy native login. Even if you enter a barcode in the login form, AuthProxy will look up the username of the associated account; it always passes a username to open-ils.auth.authenticate.init. But if your username starts with a number, the init method itself treats the username as a barcode!
One solution would be to add a context org parameter to open-ils.auth.authenticate.init, so that it can lookup the correct barcode format. But login requests don't always have a known context org, and valid barcodes may not conform to any pattern. Alternatively, we could deprecate open-ils.auth.authenticate.init. Note that both of these solutions would be problematic for any external clients currently using the init method.
I opened bug 1828456 for the AuthProxy issue, which can be fixed even if we don't fix the .init method.