CTFtime OAuth server implements part of OAuth 2.0 standard.
Supported Grant Types: Authorization Code
Available Scopes: "profile:read"(alias "profile"), "team:read"(alias "team")
Scope delimitter: " " (space)
Authorization server endpoint: https://oauth.ctftime.org/authorize
Access token endpoint: https://oauth.ctftime.org/token
API endpoint: https://oauth.ctftime.org/userIf you find a bug in OAuth implementation - please contact us.
Server API is compatible with CTFd.io.
An example CTFd configuration just to start:
The main thing here is
class Config(object): OAUTH_PROVIDER = "ctftime" ... OAUTH_CLIENT_ID = "31337" # Your Event ID OAUTH_CLIENT_SECRET = "blah" # You can get it in your event management interface OAUTH_CALLBACK_ENDPOINT = "https://your-ctfd-domain.com/redirect"
it also can be set with environment variable then configured with setup.
class Config(object): OAUTH_PROVIDER = "ctftime"