Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?


Failed to load latest commit information.
Latest commit message
Commit time
April 1, 2012 12:21
December 12, 2019 13:43
February 17, 2016 20:31
July 1, 2021 09:04
October 13, 2020 08:11
February 17, 2016 20:31


Build Status

Google OAuth 2.0 ServerAuthModule is a ServerAuthModule (SAM), JSR-196 (JASPIC) Spec, implementation of Google OAuth 2.0: It optionally supports the LoginModule Bridge Profile.


Copy google-oauth-2_0-sam-0.1.x.jar into the class path of the application server. See Installation for application server specific instructions.


Before you can authenticate with Google OAuth, you will need to create a Client ID for your web application at Client ID API Console.

Next, the GoogleOAuthServerAuthModule needs added to the application server. See Configuration for application server specific instructions.


The following attributes can be used to configure

oauth.clientid (REQUIRED)

oauth.clientid must be set to a "Client ID" from Client ID API Console.

oauth.clientsecret (REQUIRED)

oauth.clientsecret must be set to the "Client Secret" from Client ID API Console of the "Client ID" specified in oauth.clientid.

oauth.endpoint (optional)


oauth.endpoint is the URI that will be connect to for the OAuth authentication (Google).

oauth.callback_uri (optional)

default: /j_oauth_callback

oauth.callback_uri is the URI that Google will redirect to after the user responds to the request. This should correspond to "Redirect URIs" value defined in the Client ID API Console. (optional)

default: ""

With LoginModule Bridge Profile, is where you define the name of the LoginContext to use.

ignore_missing_login_context (optional)

default: "false"

GoogleOAuthServerAuthModule is configured by default to support the LoginModule Bridge Profile. If you set ignore_missing_login_context to true (in the case when you don't want to use any LoginModules), there will be no error when a LoginContext isn't found.

add_domain_as_group (optional)

default: "false"

If add_domain_as_group is true, then the domain of the email address of the authenticated user will be added as a group. IE: "" will be a principal added as a group for the user "".

default_groups (optional)

default: ""

default_groups is a comma (",") separated list of groups that will be given to the principal upon successful authentication.


The configured GoogleOAuthServerAuthModule needs specified in the application server specific configuration for each application. See Usage for application server specific instructions.

Common Problems

See Common Problems.