Submit Feedback
Legacy Knowledge Base
Published Jul. 2, 2025

Using Liferay Connector to OAuth 2.0 in Liferay DXP 7.1

Written By

Justin Choi

How To articles are not official guidelines or officially supporteddocumentation. They are community-contributed content and may not alwaysreflect the latest updates to Liferay DXP. We welcome your feedback toimprove How to articles!

While we make every effort to ensure this Knowledge Base is accurate, itmay not always reflect the most recent updates or official guidelines.We appreciate your understanding and encourage you to reach out with anyfeedback or concerns.

Legacy Article

You are viewing an article from our legacy "FastTrack"publication program, made available for informational purposes. Articlesin this program were published without a requirement for independentediting or verification and are provided "as is" withoutguarantee.

Before using any information from this article, independently verify itssuitability for your situation and project.

What is OAuth? It is a utility that authorizes third party applications to interact with the Liferay platform. The OAuth example from our official documentation is worth repeating here; users can make Twitter or Facebook available on Liferay Portal or DXP. Instead of entering your credentials again into Liferay, OAuth creates a handshake and the Liferay platform will redirect the users to the service provider. The service provider will grant Liferay limited access.

Liferay Digital Experience Platform 7.1 is integrated with the OAuth 2.0 Authorization Framework. OAuth 2.0 is included by default in Liferay DXP 7.1.

Resolution

Terminology

  • Resource Owner

    An entity capable of granting access to a protected resource. Section 1.1 Terminology.
    Example: Jane has uploaded her vacation photos on a web-based site like Flickr; she is the resource owner.

  • Credentials

    The client credentials (or other forms of client authentication) can be used as an authorization grant when the authorization scope is limited to the protected resources under the control of the client, or to protected resources previously arranged with the authorization server. Section 1.3.4 Client Credentials.

  • Token

    ...credentials used to access protected resources. An access token is a string representing an authorization issued to the client. The string is usually opaque to the client. Tokens represent specific scopes and durations of access, granted by the resource owner, and enforced by the resource server and authorization server. Section 1.4 Access Token.

FAQ

How can I implement OAuth in Liferay?

OAuth 2.0 comes bundled with Liferay DXP 7.1. Note: Unlike DXP 7.0, there is no downloadable app from Marketplace for this version.

How do I manage my OAuth connections?

Third party apps connected to Liferay DXP 7.1 are listed in the OAuth2 Connected Applications tab in the Control Panel. To access this, navigate to Control Panel → My Account → OAuth2 Connected Applications. All users regardless of role can view this tab. However, only administrators can add new apps.

oauth-7.1-02.png

To add a new app, navigate to Control Panel → Configuration → OAuth2 Administration.

oauth-7.1-03.png

After entering the name and URLs, click Save. It should look like this:

oauth-7.1-04.png

Please note that this is just an example. More detailed information about the different available features and functions can be found in our official documentation. Once the application has been created, it needs to be added to the System Settings > Security > Authorize Screens if the OAuth app sits on a web page, so that users can start using Liferay DXP to authenticate against third party apps.

Did this article resolve your issue ?
Legacy Knowledge Base
Did this article resolve your issue ?