CTFtime OAuth server implements part of OAuth 2.0 standard.

Supported Grant Types: Authorization Code

Available Scopes: "profile:read"(alias "profile"), "team:read"(alias "team")

Scope delimitter: " " (space)

Authorization server endpoint: https://oauth.ctftime.org/authorize

Access token endpoint: https://oauth.ctftime.org/token

API endpoint: https://oauth.ctftime.org/user

If you find a bug in OAuth implementation - please contact us.


Server API is compatible with CTFd.io.

There is a pull request adding CTFtime as one more OAuth provider to CTFd or you can use a fork.

An example CTFd configuration just to start:

class Config(object):
    OAUTH_PROVIDER = "ctftime"
    OAUTH_CLIENT_ID = "31337" # Your Event ID
    OAUTH_CLIENT_SECRET = "blah" # You can get it in your event management interface
    OAUTH_CALLBACK_ENDPOINT = "https://your-ctfd-domain.com/redirect"
The main thing here is

class Config(object):
    OAUTH_PROVIDER = "ctftime"
it also can be set with environment variable then configured with setup.