How oxd works.

In three simple steps oxd empowers you to implement strong security in your web apps.

Step 1: A user requests access to a protected resource in your application

Step 2: Your app calls oxd APIs to send the user to your preferred OpenID Connect Provider (OP) for authentication.

Step 3: After authentication, oxd returns the user with claims to your app to make an enrollment and access decision.

Why oxd?

Better Security

oxd supports the OpenID Connect Hybrid Flow which adds extra security to protect the authorization code.

Easier Maintenance

Automate security updates and version upgrades using Linux package management like yum and apt.

High Performance

In-memory or Redis caching of data improves throughput for your OpenID Connect & UMA clients.

Simple API

Simple APIs and native libraries make it easy to implement OpenID Connect and UMA in your server-side web applications.


Quickly integrate popular open source apps like Drupal and WordPress with your central authentication system.

End-to-end support

Use the Gluu Server as your OpenID Provider (OP) to offer a comprehensive single sign-on (SSO) and strong authentication service.

Multi-language Support

oxd APIs and native libraries for Php, Java, Python, Node, Ruby C#, .Net and more make it easy to implement strong security across heterogeneous application environments.

CommandClient client = null;
try {
  client = new CommandClient(host, port);

  final RegisterSiteResponse site = RegisterSiteTest.registerSite(client, opHost, redirectUrl);
  final GetTokensByCodeResponse tokens = requestTokens(client, site, userId, userSecret);

  GetUserInfoParams params = new GetUserInfoParams();

  final GetUserInfoResponse resp = client.send(new Command(CommandType.GET_USER_INFO).setParamsObject(params)).dataAsResponse(GetUserInfoResponse.class);
} finally {
require_once '../Get_user_info.php';

echo 'Get_user_info';
$get_user_info = new Get_user_info();

user = oxc.get_user_info(tokens.access_token)

# The claims can be accessed using the dot notation.
print user.username

print user._fields  # to print all the fields

# to check for a particular field and get the information
if 'website' in user._fields:
def login
  if (params[:code].present?)
    @access_token = @oxd_command.get_tokens_by_code( params[:code] )
    session.delete('oxd_access_token') if(session[:oxd_access_token].present?)
    session[:oxd_access_token] = @access_token
    session[:state] = params[:state]
    session[:session_state] = params[:session_state]
  @user = @oxd_command.get_user_info(session[:oxd_access_token])
public GetUserInfoResponse GetUserInfo(string host, int port, string accessToken)
      CommandClient client = new CommandClient(host, port);

      GetUserInfoParams param = new GetUserInfoParams();

      Command cmd = new Command(CommandType.get_user_info);

      string response = client.send(cmd);
      GetUserInfoResponse res = new GetUserInfoResponse(JsonConvert.DeserializeObject(response).data);
      return res;
    catch (Exception ex)
      return null;
          try {
  var oxd = require("oxd-node");
  oxd.Request.oxd_id = "your site id"; //REQUIRED
  oxd.Request.access_token = "access_token from OP redirect url"; //REQUIRED
} catch (err) {
  console.log("error:" + err);

Take control of your identity system

Use the Gluu Server and oxd to deliver a comprehensive single sign-on (SSO), strong authentication, and access management service for all your web applications.

oxd Simplifies Application Security

oxd is continually updated to implement the latest OAuth 2.0 security improvements
so you stay one step ahead of hackers and vulnerabilities.

Plugins for Popular Web Applications

Leverage oxd plugins, modules, and extensions to quickly secure open source
and commercial applications with your OpenID Provider (OP)

Simple & Affordable Pricing!


$0.33 per day

per app that uses your oxd server

  • No setup or per user fees
  • Pay only for what you use
  • All new accounts include a $50 credit for the first 60 days after account creation
Get Started

If you can't pay with a credit card, or don't want to pay per application, Gluu offers site licenses for oxd.

Unlimited applications Volume discounts
Dedicated Support Annual billing
Schedule a Call

Frequently Asked Questions

What is oxd?
oxd is a mediator: it provides API’s that can be called by a web application that are easier than directly calling the API’s of an OpenID Connect Provider (OP) or an UMA Authorization Server (AS).
What kind of apps can leverage my oxd server?
oxd can be used to integrate server-side web applications with your OP. If you need to integrate native apps, single page apps (SPAs), or SaaS apps with your Gluu Server, review supported strategies in the SSO integration guide.
How do applications connect to my oxd service?
Applications can either connect to your oxd server via localhost or over the web using https. If you want applications to connect to oxd over the web via https, you will need to enable the oxd-https-extension.
Which programming languages and frameworks does oxd have libraries for?
There are native oxd libraries for many popular programming languages and frameworks, including php, Java, Python, Ruby, C#, Node.js, and more! Learn more in the oxd documentation..
How do I get SSO across several web apps?
You’ll need two things: (1) a central OpenID Connect Provider that holds the passwords and user information; (2) apps that use the OpenID Connect protocol to authenticate users. An easy way to accomplish the first is to install and configure the free open source Gluu Server or user Google as your OP for login. The second can be accomplished by leveraging oxd to send users from your web apps to the OP for login. Once a user has an active session in the OP, they will have SSO to other apps that rely on the OP for login.
How can I get support for oxd?
Gluu provides free community support for oxd on the Gluu support portal. Simply register and open a ticket. We do our best to resolve issues as quickly as possible. If you need private support, guaranteed responses, and priority access to Gluu’s support and development team, we offer a range of VIP support plans.
How is oxd licensed?
oxd is commercially licensed software. To start the oxd server you will need a valid license, which you can obtain for free. For each application that leverages your oxd service, you will be charged USD $0.33 per day. So for example, if you have 10 applications leveraging your oxd server, you will be charged USD $3.30 per day. Usage fees are accumulated daily and billed at the end of each month. If you need a site license for oxd, schedule a call.
Where should I deploy my oxd server?
oxd can be deployed on the same servers or VMs as the applications you want to secure, or oxd can be installed on a dedicated server or VM that apps can call over the web via https. You can deploy oxd on any physical server or VM from a cloud hosting provider such as AWS, Digital Ocean, and GCE.
How do I enable social login?
oxd makes it easy to send users from server-side web apps to an OpenID Provider, like the Gluu Server, for login. Social login needs to be configured at your OP. If you are using the Gluu Server, follow the docs to configure and support social login.
Can I use Google or Microsoft Azure Active Directory as my OpenID Connect Provider?
oxd works well with Google, and in general, any standard OpenID Connect Provider (OP) implementation. Due to Microsoft's non-standard implementation of OpenID Connect, oxd would need to be tweaked to work with Microsoft Azure Active Directory.
How do I enable two-factor authentication (2FA)?
Similar to social login, strong authentication needs to be implemented at your OP. If your OP supports strong authentication, and makes the supported mechanisms available via an OpenID Connect “acr_value”, you can specify in oxd the preferred type of authentication at the OP. If you are using the Gluu Server, review the authentication guide to learn more about configuring strong authentication.