OA4MP (OAuth for Many People)

Welcome to OAuth for Many People Server. This page servers as an index to several often detailed introductions to various topics that are useful for OA4MP.

First steps

Getting Started

OA4MP version change log

Frequently asked questions.

Sample of how to install both a client and server locally

Configuring the server

Configuration File Use and Syntax

Configuration File Reference Manual

The discovery endpoint for the service.

Configuring Server Side Email Notifications

REMOTE_USER Authentication

Server scripting hooks

Inheritance of clients

Information about a user and their tokens, given a single valid token to identify them

Using self-signed certs for the client and server

Everything you wanted to know about token lifetimes.

Using a proxy for authorization

Monitoring last accessed times.

Removing unused store objects


Command line tools for managing storage.

Testing OA4MP using the command line client.

Testing OA4MP OIDC using curl calls.

Setting up monitoring for an OA4MP server.

Migrating a FileStore to an SQL store.

Extending the server

Extended attributes for the policies.

How to replace the authorize endpoint with a custom module.

Deprecated features

These are still available, but will probably be removed soon. If you are using them, consider other options.

Writing a Java extension for a custom scopes handler (deprecated).

Writing Java extensions to the server.(deprecated)

Username transformations (deprecated)

Client management

Administrative Clients

Dynamic client registration

Ersatz clients

Service clients

Manually approving clients deprecated. Use command line tools instead

Reference materials

OA4MP Server Javadocs

About issuers.

About scopes.

About signing OIDC requests and generating keys for the server.