OpenID Connect OAuth2

EGroupware 19.1+ comes with an OpenID Connect / OAuth2 server integrated

This page describes how to authenticate and (optionally) integrate other applications using it.

Supported endpoints

• Authorization: https://example.org/egroupware/openid/endpoint.php/authorize
• Token: https://example.org/egroupware/openid/endpoint.php/access_token
• Token Introspection: https://example.org/egroupware/openid/endpoint.php/introspect
• User information: https://example.org/egroupware/openid/endpoint.php/userinfo
• Public key: https://example.org/egroupware/openid/endpoint.php/jwks

Replace example.org with the full qualified domain-name your EGroupware server uses.

Supported Grants:

• Authorization Code: user authorized access and get auth-code, server requests access-token via backchannel
• Refresh Token: token to refresh access-token after it's expired
• Client Credentials: server requests access-token without further authorization
• Implicit: user authorized access and get access-token and auth-code, server requests own access-token via backchannel
• Password Credential: other server checks username/password of EGroupware user (not recommended any more, as other server gets the password!)

Client configuration in EGroupware

Go to: Admin > Applications > OpenID / OAuth2 server > Clients

Configuration of tested clients

• Rocket.Chat
• Moodle
• Wordpress
• Piwigo-Gallery

Troubleshooting

• Enable request log under: Admin > Applications > OpenID / OAuth2 server > Request log

While the log does not record passwords, it contains the issued token and should not left running!

• Free support via EGroupware Forum where users help other users and EGroupware GmbH supporters also help to a certain extend
• EGroupware GmbH offers payed support including our OpenID Connect and OAuth2 server