Joomla OAuth Server For Joomla Extension

** SSO (OAuth 2.0) – OAuth Server/ Provider Single Sign-On – The plugin allows users to log in to your client apps using their joomla account credentials. It enables you to utilize Joomla as an OAuth Server/Provider and provide OAuth APIs for resource access. This OAuth server/OAuth Provider plugin's main objective is to allow users to perform a single sign-on using their Joomla credentials into the various applications which support the OAuth / OAuth 2.0 protocol.

FEATURES

* It allows you to use Joomla as your OAuth Server and access OAuth APIs.
* Supports Multiple OAuth Clients.
* Supports All Grant Types- Authorization, Implicit, Client credential, Resource, and Refresh token grants.
* It contains all of the characteristics of an OAuth2.0 server, including an integrated OpenID connect, a built-in resource server, the ability to create client credentials and link them to a specific user using application passwords, and so on.
* Easy to configure
* JWT Authorization supports. OAuth 2.0 JSON web token support.
* Supports PKCE OAuth 2.0.
* Attribute Mapping and Role Mapping allow you to obscure the names of the attributes used to store data in Joomla. The attributes and roles can be simply mapped and sent as a response.
* User Analytics
*Token Length – It allows you to change the length of the token length
*Token Lifetime – It allows you to decide the token expiry time.
*Enforce state parameter – According to your configuration you can enable or disable the state parameter.
*Protect/Customize Admin Login Page URL

WE SUPPORT FOLLOWING GRANTS:-

* Authorization code grant -This code grant is used when there is a need to access the protected resources on behalf of another third-party application.
* Implicit grant -This grant relies on the resource owner and registration of redirect URI. In an authorization code grant, a user needs to ask for authorization and an access token each time, but here access token is granted for a particular redirect URI provided by the client using a particular browser.
* Refresh token grant - Access tokens obtained in the OAuth flow eventually expire. In this grant type client can refresh his or her access token.
* Resource owner password credentials grant: -This type of grant is used where the resource owner has a trust relationship with the client. Just by using a username and password, provided by the resource owner authorization and authentication can be achieved.
* Client credentials grant - This grant type heads towards specific clients, where the access token is obtained by the client by only providing client credentials. This grant type is quite confidential.

SUPPORT:-

* Can easily be configured with any custom mobile or desktop application.
*Easily configured with any software or web platform which supports OAuth 2.0.
* Supports all the IOS and Android applications which support OAuth 2.0.
* Protect/Customize Admin Login Page URL

STEP BY STEP GUIDES TO CONFIGURE PLUGIN

Please visit [website](https://plugins.miniorange.com/guide-to-configure-joomla-oauth-server) to see the step-by-step configuration guides for various providers.

OAuth Server Single Sign-On – The SSO plugin functions only as an OAuth Provider, not like an OAuth Client. We also provide a separate plugin that enables Joomla to act as an OAuth Client.
[Click here](https://extensions.joomla.org/extension/miniorange-oauth-client) to know more about OAuth Client. You can configure your Joomla site with any OAuth Provider with the help of this plugin.

Dependencies

- NONE

24/7 Support

If you require any Single Sign On (SSO) extensions or need any assistance with installing this plugin or if you have any questions, please feel free to reach out to us on our 24*7 support at .

Please feel free to reach out to us on our 24*7 support at [joomlasupport@xecurify.com](mailto:joomlasupport@xecurify.com) or [Contact us](https://www.miniorange.com/contact).

HOW REST API IS PROTECTED BY OAUTH SERVER

Rest API is very much open to interaction. Creating posts, getting information about users, and much more are readily available. If the API is protected by an OAuth Server plugin, secure access to APIs can be achieved. The token obtained in authentication can be intercepted and used. Protection can be achieved by building custom endpoints and allowing custom authentication.

WEBSITE
You can [click here](https://plugins.miniorange.com/joomla) to visit our website for more security-related solutions. For more support or info email us at [joomlasupport@xecurify.com](mailto:joomlasupport@xecurify.com). You can also submit your query from the plugin’s configuration page.