More and more websites, communities, and online projects are choosing to delegate authentication to external providers instead of managing user accounts and passwords themselves.

For this reason, SimosNap IRC Network provides an authentication system based on OAuth 2.0 and OpenID Connect, allowing developers to integrate SimosNap Login into their applications.

In this guide, we’ll explain how the integration works and how to get started quickly.

Why Use OAuth?

Managing a login system requires time, maintenance, and ongoing security considerations.

By using OAuth, you can:

  • avoid handling user passwords
  • eliminate password recovery management
  • reduce authentication-related security risks
  • leverage the existing SimosNap identity ecosystem

Users authenticate directly through SimosNap, and your application only receives the information they explicitly authorize.

Registering an Application

To use the OAuth system, you must register an application through your SimosNap account.

During registration, you will receive:

  • Client ID
  • Client Secret
  • Authorized Redirect URIs
  • Allowed Scopes

Example:

Client ID:
my_application_123456789

Client Secret:
xxxxxxxxxxxxxxxxxxxxxxxx

Redirect URI:
https://example.org/oauth/callback.php

Available Endpoints

Authorization Endpoint

https://www.simosnap.org/rest/service.php/oauth/authorize

Token Endpoint

https://www.simosnap.org/rest/service.php/oauth/token

UserInfo Endpoint

https://www.simosnap.org/rest/service.php/oauth/userinfo

Step 1: Redirect the User

When a user clicks the “Login with SimosNap” button, redirect them to the authorization endpoint.

PHP example:

<?php

$clientId = 'my_application_123456789';
$redirectUri = 'https://example.org/oauth/callback.php';

$state = bin2hex(random_bytes(16));

$_SESSION['oauth_state'] = $state;

$params = [
    'response_type' => 'code',
    'client_id' => $clientId,
    'redirect_uri' => $redirectUri,
    'scope' => 'openid profile irc',
    'state' => $state
];

header(
    'Location: https://www.simosnap.org/rest/service.php/oauth/authorize?' .
    http_build_query($params)
);

exit;

Step 2: Receive the Authorization Code

After login and user consent, SimosNap redirects the browser back to your callback URL.

Example:

https://example.org/oauth/callback.php?code=abc123&state=xyz456

Always validate the state parameter before proceeding.

<?php

if ($_GET['state'] !== $_SESSION['oauth_state']) {
    die('Invalid state');
}

Step 3: Exchange the Code for an Access Token

The authorization code must be exchanged for an access token.

<?php

$ch = curl_init();

curl_setopt_array($ch, [
    CURLOPT_URL => 'https://www.simosnap.org/rest/service.php/oauth/token',
    CURLOPT_POST => true,
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_POSTFIELDS => http_build_query([
        'grant_type' => 'authorization_code',
        'client_id' => $clientId,
        'client_secret' => $clientSecret,
        'redirect_uri' => $redirectUri,
        'code' => $_GET['code']
    ])
]);

$response = curl_exec($ch);

curl_close($ch);

$data = json_decode($response, true);

Typical response:

{
  "access_token": "xxxxxxxx",
  "token_type": "Bearer",
  "expires_in": 3600
}

Step 4: Retrieve User Information

Once you have an access token, you can query the UserInfo endpoint.

<?php

$ch = curl_init();

curl_setopt_array($ch, [
    CURLOPT_URL => 'https://www.simosnap.org/rest/service.php/oauth/userinfo',
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_HTTPHEADER => [
        'Authorization: Bearer ' . $data['access_token']
    ]
]);

$userInfo = curl_exec($ch);

curl_close($ch);

$user = json_decode($userInfo, true);

Available User Information

The UserInfo endpoint currently returns data such as:

{
  "sub": "12345",
  "nickname": "SimosNap",
  "preferred_username": "SimosNap",
  "profile_url": "https://www.simosnap.org/user/stats:SimosNap/profile",
  "irc_account": "SimosNap",
  "is_oper": false
}

Main fields:

Field

Description

sub

Unique user identifier

nickname

Display nickname

preferred_username

Preferred username

profile_url

Public profile URL

irc_account

Associated IRC account

is_oper

IRC operator status

Creating a Local Session

Once you’ve retrieved the user information, you can create a normal application session.

Example:

<?php

$_SESSION['user_id'] = $user['sub'];
$_SESSION['nickname'] = $user['nickname'];
$_SESSION['irc_account'] = $user['irc_account'];
$_SESSION['profile_url'] = $user['profile_url'];

At this point, the user is authenticated within your application.

Security Best Practices

For a secure implementation, always remember to:

  • use HTTPS
  • validate the state parameter
  • securely store your Client Secret
  • validate redirect URIs
  • never store SimosNap passwords
  • use secure sessions

A Real-World Example: ChatItaly

ChatItaly already uses SimosNap OAuth for:

  • user authentication
  • Community Feed interactions
  • voting
  • comments
  • social features

The application does not manage passwords or maintain a separate user database.

Identity remains centralized on SimosNap, allowing the website to focus entirely on its own features and community experience.

Want to Integrate Your Website?

If you run a community, forum, open source project, or a service connected to the IRC ecosystem, you can request an OAuth client and start using SimosNap Login in your application.

The goal is to build an ecosystem of interoperable services that share the same digital identity while giving users full control over their data and authorizations.

Happy coding!