OAuth / OpenID Connect SSO Integration with Drupal as an Identity Provider (IdP)
The Drupal OAuth Server SSO integration allows you to log in to any OAuth 2.0 or OpenID Connect (OIDC) compliant client applications using Drupal credentials. This SSO integration is achieved by the miniOrange OAuth server module. It supports multiple grant types, including Password grant, Client Credentials grant, Implicit grant, and Authorization grant type.
The module is compatible with all OAuth/OIDC clients such as Salesforce, Slack, AWS Cognito, Jira, Joomla, WordPress, Magento, Bitbucket, Azure AD B2C, Confluence, OSTicket, Grafana, Qlik Cloud, and is available for Drupal 7, Drupal 8, Drupal 9, and Drupal 10.
In this document we go through the steps to configure the module with an OAuth Client application-
Installation Steps:
- Download the module:
composer require 'drupal/oauth_server_sso'
- Go to Extend menu on your Drupal admin console and enable the module by enabling the checkbox and click on Install button.
- Configure the module at:
{BaseURL}/admin/config/people/oauth_server_sso/config_client
- Install the module:
drush en oauth_server_sso
- Clear the cache:
drush cr
- Configure the module at:
{BaseURL}/admin/config/people/oauth_server_sso/config_client
- Navigate to Extend menu on your Drupal admin console and click on Install new module.
- Install the Drupal OAuth / OIDC Provider - Single Sign On (SSO) module either by downloading the zip or from the URL of the package (tar/zip).
- Click on Enable newly added modules.
- Enable this module by checking the checkbox and click on Install button.
- Configure the module at
{BaseURL}/admin/config/people/oauth_server_sso/config_client
Configure Drupal as an OAuth server:
- Once the module is installed, navigate to the Configuration tab of the Drupal site and select the miniOrange OAuth server configuration.
- Click on the Add Client button.
- Enter the Application Name under the Application Name text field.
- Enter the Callback/Redirect URL. (It is a URL of the Client Application where the users will be redirected from the Drupal site after authentication.)
- You can add multiple Callback URLs by clicking on the Add More button next to the Callback/Redirect URL text field.
- Click on the Save button.
- Now the Client ID and Secret will be displayed. Please copy this and keep it handy. This will be required while configuring the Client application.
Please configure the Scope and Endpoints as specified in the table below in the Client application. (You can also get the same from the Scope & Endpoints section of the Drupal site -> Configuration -> miniOrange OAuth server configuration -> OAuth Client):
Scope profile openid email Authorize Endpoint {base_url_of_the_drupal_site}/mo/oauth2/authorize Access Token Endpoint {base_url_of_the_drupal_site}/mo/oauth2/token Get User Info Endpoint {base_url_of_the_drupal_site}/mo/oauth2/userinfo
Need Assistance?
If you face any issues during the configuration or if you want some additional features, please contact us at drupalsupport@xecurify.com.
Additional Features:
- Add multiple Callback/Redirect URL
- Add custom user attributes to be sent in response
- Use enable asymmetric signing algorithm
- Enable single logout
Need Help? We are right here!
