Skip to content
Erlang Oauth2 implementation
Erlang Makefile
Find file
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


This library is designed to simplify the implementation of the server side of OAuth2 ( It provides no support for developing clients.


Check out the examples



A token is a (randomly generated) string provided to the client by the server in response to some form of authorization request. There are several types of tokens:

  • Access Token: An access token identifies the origin of a request for a privileged resource.
  • Refresh Token: A refresh token can be used to replace an expired access token.


Access tokens can (optionally) be set to expire after a certain amount of time. An expired token cannot be used to gain access to resources.


A token is associated with an identity -- a value that uniquely identifies a user, client or agent within your system. Typically, this is a user identifier.


If you have many diverse clients connecting to your service -- for instance, a web client and an iPhone app -- it's desirable to be able to distinguish them from one another and to be able to grant or revoke privileges based on the type the client issuing a request. As described in the OAuth2 specification, clients come in two flavors:

  • Confidential clients, which can be expected to keep their credentials from being disclosed. For instance, a web site owned and operated by you could be regarded as confidential.
  • Public clients, whose credentials are assumed to be compromised the moment the client software is released to the public.

Clients are distinguished by their identifiers, and can (optionally) be authenticated using a secret key shared between the client and server.


This library is built using rebar wrapped with make. It has been developed and tested under Erlang R15B01; nothing's stopping you from trying it with another version, but your mileage may vary.

Build with:

$ make

If you want to run the EUnit test cases, you can do so with:

$ make test

To generate documentation, run:

$ make doc


The library makes no assumptions as to how you want to implement authentication and persistence of users, clients and tokens. Instead, it provides a proxy module (oauth2_backend) for directing calls to a backend plugin supplied by you. To direct calls to a different backend module, simply set {backend, your_backend_module} in the oauth2 section of your app.config.

A complete list of functions that your backend must provide is available by looking at oauth2_backend.erl, which contains documentation and function specifications.


The KIVRA oauth2 library uses an MIT license. So go ahead and do what you want!

Something went wrong with that request. Please try again.