Integrating SimosNap Login with OAuth 2.0 and OpenID Connect

More and more websites, communities, and online projects are choosing to delegate authentication to external providers instead of managing user accounts and passwords themselves.

For this reason, SimosNap IRC Network provides an authentication system based on OAuth 2.0 and OpenID Connect, allowing developers to integrate SimosNap Login into their applications.

In this guide, we’ll explain how the integration works and how to get started quickly.

Why Use OAuth?

Managing a login system requires time, maintenance, and ongoing security considerations.

By using OAuth, you can:

avoid handling user passwords
eliminate password recovery management
reduce authentication-related security risks
leverage the existing SimosNap identity ecosystem

Users authenticate directly through SimosNap, and your application only receives the information they explicitly authorize.

Registering an Application

To use the OAuth system, you must register an application through your SimosNap account.

During registration, you will receive:

Client ID
Client Secret
Authorized Redirect URIs
Allowed Scopes

Example:

Client ID:
my_application_123456789

Client Secret:
xxxxxxxxxxxxxxxxxxxxxxxx

Redirect URI:
https://example.org/oauth/callback.php

Available Endpoints

Authorization Endpoint

https://www.simosnap.org/rest/service.php/oauth/authorize

Token Endpoint

https://www.simosnap.org/rest/service.php/oauth/token

UserInfo Endpoint

https://www.simosnap.org/rest/service.php/oauth/userinfo

Step 1: Redirect the User

When a user clicks the “Login with SimosNap” button, redirect them to the authorization endpoint.

PHP example:

<?php

$clientId = 'my_application_123456789';
$redirectUri = 'https://example.org/oauth/callback.php';

$state = bin2hex(random_bytes(16));

$_SESSION['oauth_state'] = $state;

$params = [
    'response_type' => 'code',
    'client_id' => $clientId,
    'redirect_uri' => $redirectUri,
    'scope' => 'openid profile irc',
    'state' => $state
];

header(
    'Location: https://www.simosnap.org/rest/service.php/oauth/authorize?' .
    http_build_query($params)
);

exit;

Step 2: Receive the Authorization Code

After login and user consent, SimosNap redirects the browser back to your callback URL.

Example:

https://example.org/oauth/callback.php?code=abc123&state=xyz456

Always validate the state parameter before proceeding.

<?php

if ($_GET['state'] !== $_SESSION['oauth_state']) {
    die('Invalid state');
}

Step 3: Exchange the Code for an Access Token

The authorization code must be exchanged for an access token.

<?php

$ch = curl_init();

curl_setopt_array($ch, [
    CURLOPT_URL => 'https://www.simosnap.org/rest/service.php/oauth/token',
    CURLOPT_POST => true,
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_POSTFIELDS => http_build_query([
        'grant_type' => 'authorization_code',
        'client_id' => $clientId,
        'client_secret' => $clientSecret,
        'redirect_uri' => $redirectUri,
        'code' => $_GET['code']
    ])
]);

$response = curl_exec($ch);

curl_close($ch);

$data = json_decode($response, true);

Typical response:

{
  "access_token": "xxxxxxxx",
  "token_type": "Bearer",
  "expires_in": 3600
}

Step 4: Retrieve User Information

Once you have an access token, you can query the UserInfo endpoint.

<?php

$ch = curl_init();

curl_setopt_array($ch, [
    CURLOPT_URL => 'https://www.simosnap.org/rest/service.php/oauth/userinfo',
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_HTTPHEADER => [
        'Authorization: Bearer ' . $data['access_token']
    ]
]);

$userInfo = curl_exec($ch);

curl_close($ch);

$user = json_decode($userInfo, true);

Available User Information

The UserInfo endpoint currently returns data such as:

{
  "sub": "12345",
  "nickname": "SimosNap",
  "preferred_username": "SimosNap",
  "profile_url": "https://www.simosnap.org/user/stats:SimosNap/profile",
  "irc_account": "SimosNap",
  "is_oper": false
}

Main fields:

Field	Description
sub	Unique user identifier
nickname	Display nickname
preferred_username	Preferred username
profile_url	Public profile URL
irc_account	Associated IRC account
is_oper	IRC operator status

Creating a Local Session

Once you’ve retrieved the user information, you can create a normal application session.

Example:

<?php

$_SESSION['user_id'] = $user['sub'];
$_SESSION['nickname'] = $user['nickname'];
$_SESSION['irc_account'] = $user['irc_account'];
$_SESSION['profile_url'] = $user['profile_url'];

At this point, the user is authenticated within your application.

Security Best Practices

For a secure implementation, always remember to:

use HTTPS
validate the state parameter
securely store your Client Secret
validate redirect URIs
never store SimosNap passwords
use secure sessions

A Real-World Example: ChatItaly

ChatItaly already uses SimosNap OAuth for:

user authentication
Community Feed interactions
voting
comments
social features

The application does not manage passwords or maintain a separate user database.

Identity remains centralized on SimosNap, allowing the website to focus entirely on its own features and community experience.

Want to Integrate Your Website?

If you run a community, forum, open source project, or a service connected to the IRC ecosystem, you can request an OAuth client and start using SimosNap Login in your application.

The goal is to build an ecosystem of interoperable services that share the same digital identity while giving users full control over their data and authorizations.

Happy coding!