Skip to content
This repository has been archived by the owner on Apr 12, 2021. It is now read-only.


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

SimpleSAMLphp OAuth2 module

What is new?

From versions 1.2.x and 2.2.x this modules supports diferents AuthSources by client, instead one for all. If you come from versions <1.2 and <2.2 you must update the schema. Please, see the "Create or update the schema" section.


This package add support for the OAuth2 protocol through a SimpleSAMLphp module installable through Composer. Installation can be as easy as executing:

composer.phar require sgomez/simplesamlphp-module-oauth2 1.0.0 # for SSP < 1.14
composer.phar require sgomez/simplesamlphp-module-oauth2 ~1.0 # for SSP >= 1.14
composer.phar require sgomez/simplesamlphp-module-oauth2 ~2.0 # for SSP >= 2.0|master


This module requires sgomez/simplesamlphp-module-dbal module configured. It's installed as a dependency but you need to read the module info and configure it.

Create or update the schema

You need to run this to create the schema using the DBAL store module:

bash$ vendor/bin/dbalschema

Configure the module

Copy the template file to the config directory:

cp modules/oauth2/config-template/module_oauth2.php config/

and edit it. The options are self explained.

Create oauth2 clients

To add and remove Oauth2 clients, you need to logon on simplesaml with an admin account. Open the Federation tab and you will see the OAuth2 Client Registry option.

You can specify as many redirect address as you want.

Using the module

This module is based on Oauth2 Server from the PHP League and supports implicit and explicit tokens.

Create the oauth2 keys:

The oauth2 library used generates Json Web Tokens to create the Access Tokens, so you need to create a public and private cert keys:

To generate the private key run this command on the terminal:

openssl genrsa -out cert/oauth2_module.pem 1024

If you want to provide a passphrase for your private key run this command instead:

openssl genrsa -passout pass:_passphrase_ -out cert/oauth2_module.pem 1024

then extract the public key from the private key:

openssl rsa -in cert/oauth2_module.pem -pubout -out cert/oauth2_module.crt

or use your passphrase if provided on private key generation:

openssl rsa -in cert/oauth2_module.pem -passin pass:_passphrase_ -pubout -out cert/oauth2_module.crt

If you use a passphrase remember to configure it in the module_oauth2.php config file.

Explicit Token

To ask an explicit token see the Authorization Code Grant help page to know the parameters than you need to send (see Part One).

The address to the authorization server is: {{baseurlpath}}/module.php/oauth2/authorize.php

Now you need to ask for an access token. See the Part Two.

The address to the access token server is: {{baseurlpath}}/module.php/oauth2/access_token.php

Implicit Token

To ask an implicit token see the Implicit Grant help page to know the parameters than you need to send.

The address to the authorization server is: {{baseurlpath}}/module.php/oauth2/authorize.php

Take the attributes

To recover the user attributes you need to send and Authorization header with the Access Token as a Bearer Token to the userinfo page: {{baseurlpath}}/module.php/oauth2/userinfo.php


curl --request GET \
  --url \
  --header 'authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1Ni...'


A SimpleSAMLphp module adding support for the OAuth2 protocol






No packages published