This project is not covered by Drupal’s security advisory policy.

OAuth2 JWT Single Sign On Module configures Drupal to use remote and centralized authentication service. This module works with any SSO provider which uses OAuth2 as the authentication framework, and JWT as the Bearer token. Therefore, this module works with Drupal's own OAuth 2.0.


  • Unlike the legacy SSO solutions like Bakery Single Sign-On System, OAuth2 JWT SSO does not have the limitation only working within sub-domains
  • The authentication provider server can be developed on any technology
  • SSO works for both human users and web services

Use Cases:

  • Let your Drupal site to use external authentication provider developed with Node.js
  • Configure your swam of Drupal microservicecs to use one centralized authentication
  • Use OAuth 2.0 to provide a SSO solution to other technologies like Java. (In this use case, you do not need this module.)

Supported Authentication Workflow:

  • Password Grant: configure your Drupal login form to use remote authentication server
  • Authorization Code Grant: redirect your user to login on the authentication server
  • Use JWT token to authenticate your web services on resource server

Dependencies, and Installation:

  • "league/oauth2-client": "2.2.*"
  • "lcobucci/jwt": "^3.2"

To install this module with Composer,

Use composer update drupal/oauth2_jwt_sso --with-dependencies to update OAuth2 JWT SSO to a new release.

See Using Composer in a Drupal project for more information.

Apply the patches below (hopefully, we can get them committed soon!)

How does this work?

Patches in progress:

Supporting organizations: 

Project information