Joomla Single Sign-On
OAuth Server

The miniOrange Joomla OAuth Server extension allows your Joomla website to act as an OAuth 2.0 Provider or OpenID Connect (OIDC) Identity Provider (IdP). This enables external client applications (such as WordPress, Shopify, mobile apps, or custom SaaS tools) to securely authenticate users using their existing Joomla login credentials, eliminating the need for separate user databases and providing a unified Single Sign-On (SSO) experience across your network.

A Joomla OAuth Client allows users to log into your Joomla site using credentials from external networks (like Google, Facebook, or Okta). On the other hand, a Joomla OAuth Server turns your Joomla site into the source of identity, allowing you to use your Joomla user database to log into external applications and services.

To ensure seamless integration with a wide variety of client applications, the miniOrange Joomla OAuth Server supports all major industry-standard grant types: Authorization Code Grant, Implicit Grant, Resource Owner Password Credentials (Password Grant), Client Credentials Grant, Refresh Token, and Proof Key for Code Exchange (PKCE) flow for enhanced mobile app and Single Page Application (SPA) security.

Yes. The extension features advanced Attribute and Group/Role Mapping. You can securely transmit user profile data (such as name, email, phone number) and user groups from your Joomla database to the destination client application, enabling you to manage and enforce Role-Based Access Control (RBAC) in your external apps based on a user's Joomla group.

To guarantee data integrity and security, the Joomla OAuth Server extension allows you to sign JSON Web Tokens (JWT) according to your client applications' compliance requirements. You can configure either symmetric HMAC-based (HS256/HSA) or asymmetric RSA-based (RS256/RSA) signing algorithms using secure certificates.

Yes, the Premium version of the extension allows you to establish Multiple Client Configurations simultaneously. You can add and manage multiple separate client applications, each with its own unique Client ID, Client Secret, specific Redirect URLs, and tailored grant types.

Yes. The miniOrange Joomla OAuth Server extension is fully compatible with Joomla 3, 4, 5, and the latest Joomla 6 releases. The plugin receives regular core compatibility updates, ensuring that upgrading your Joomla core will not disrupt your Single Sign-On ecosystem.

Absolutely. By generating standard OAuth 2.0 access tokens, this plugin can be used to authenticate, authorize, and protect external REST API endpoints. This makes it an ideal choice for securing headless Joomla architectures, mobile apps, and third-party backend integrations.