Gluu Blog

Follow us:
Back to Blog

Limiting OpenID Connect Community Client Support

Michael Schwartz October 6, 2016


The Gluu Server Community Edition is used by lots of organizations all over the globe. We do our best to provide free support to everyone who needs it. But support is not a substitute for reading the Gluu Server documentation, for reading the applicable technical specifications, and for researching on the Internet.

If the Gluu Server works other then the way its documented, if there is a feature that is not documented well enough, or if you need a work around for a bug, we want you to open a support issue. Community support is the canary in the coal mine. If something is wrong, the community helps us identify problems.

However, over the last few years, and with increasing frequency, we’ve noticed that some community support issues are being raised without end users doing sufficient research. This has become particularly prevalent with regard to OpenID Connect. To a certain extent, this is to be expected–OpenID Connect is a dense spec, built on top of another dense spec (OAuth 2.0).

You can use low-level web tools to call OpenID Connect API’s, but doing so successfully without reading at least the Basic Client Implementors Guide, or the Implicit Client Implementers Guide, will inevitably result in many questions. Gluu simply does not have the time to troubleshoot every issue associated with using OpenID Connect.

The good news is that there are several clients out there that make it easier to utilize a conformant OpenID Connect Provider, like the Gluu Server.

For community support we are going to limit the number of OpenID Connect clients that we support to the following:

  • oxd: Gluu’s OpenID Connect middleware product with libraries for Php, Python, Java, Ruby, Python, and C#
  • mod_auth_openidc: Excellent Apache httpd web server filter. See instructions for configuration on Gluu docs for Ubuntu and Centos
  • nginx plugin: Plugin by the author of mod_auth_openidc
  • AppAuth: Excellent mobile libraries for iOS and Android.
  • Javascript Implicit Flow Client: Read this blog by Nat Sakumura about how to easily write a client side javascript authentication


This list may grow over time. But the above list provides a pretty good swath of libraries and software that you can use to protect your applications with OpenID Connect without writing a client from scratch.

Be sure to subscibe to
our RSS Feed

Mike Schwartz

Mike has been an entrepreneur and identity specialist for more than two decades. He is the technical and business visionary behind Gluu. Mike is an application security expert and has been a featured speaker at RSA Conference, Gartner Catalyst, Cloud Identity Summity (now "Identiverse") and many other security conferences around the world.