Advertising sustains the DA. Ads are hidden for members. Join today

On this page

Site Protection - OAuth & OIDC Login

Last updated on
4 December 2025

Site Protection

In the OAuth client module, the Site Protection ensures your Drupal site stays secure by allowing you to control how users access your site and its content. It helps safeguard sensitive areas, enforce authentication before entry, and maintain a safe browsing environment for authenticated users.

Prerequisite:

Watch this video or follow the document below to configure Site Protection.

Protect website against anonymous access

  • This feature protects your site from anonymous or unauthorized access by redirecting such users to the OAuth Server login page. You can select to restrict specific pages or exclude them from access as per your requirement.
  • To configure this feature, navigate to the Module Settings tab under the Settings.
  • Expand the Site Protection section, and check the box for Protect website against anonymous access.
  • Now, select the application from the Select a default Application for redirections dropdown.

    Drupal-OAuth-Client-Protect-Website-agianst-anonumous-access-select-default-application

  • In the Page Restriction section​​​​​, select either Pages to exclude from restriction or Pages to be restricted.
  • Users can enter multiple URLs in a separate line in a text box.
    • Enter the relative URLs in the text box that you want to restrict/allow access. For example, if the URL is https://www.xyz.com/yyy, the relative URL would be /yyy.
    • To restrict or allow access to a specific route like /abc/pqr/xyz, enter that exact path.
    • Users can also use ‘*’ wildcard to manage multiple URLs. For example, if the users have multiple URLs like abc/xyz/cba, abc/xyz/mnp, abc/xyz/jks then users can enter the URL only once by using ‘*’ like abc/xyz/*.

      Drupal-OAuth-Client-Page-Restriction-Select-Pages-To-Exclude-OR-Restricted-Enter-URL-Save-Configuration

  • Click on the Save Configure button.

Replace Drupal login form with Identity Provider(OAuth Server) Login

  • This feature replaces the default Drupal login page with oauth provider login page. Once this feature is enabled, any user accessing the Drupal login page will be automatically redirected to the configured OAuth Server login page.
  • To configure this feature, navigate to the Module Settings tab under the Settings.
  • Expand the Site Protection section, and check the box for Replace Drupal login form with Identity Provider (OAuth Server) Login.

  • That’s it, after that scroll down and click the Save Configuration  button.

    Drupal-OAuth-Client-Replace-Drupal-Login-From-With-OAuth-Server

Enable page access

  • This feature allows the user to access any page, even if the redirection settings to the OAuth server are enabled. It is enabled by default.
  • Add the given Page Access Parameter in the page URL.
  • Then, scroll down and click on the Save Configuration button.

    Enable page access

Enable backdoor login

  • If you have replaced Drupal’s login with an OAuth provider and it fails or you’re locked out from the provider, this feature redirects you to Drupal’s login page so you can sign in with your Drupal credentials. This is checked by default.
  • User can find the backdoor URL in the module.

    Drupal-OAuth-Client-Enable-Backdoor-Login

Contact our 24*7 support team

Feel free to reach out to our Drupal experts if you need any sort of assistance in setting up OAuth2 Client SSO Login on your Drupal site.

 Get In Touch With Us Join Our Slack Channel

Help improve this page

Page status: No known problems

You can: