diff --git a/auth/oauth2/index.php b/auth/oauth2/index.php
new file mode 100644
index 0000000000000000000000000000000000000000..9dc4277afb870e40f4213f24b4af8f05f23c85d8
--- /dev/null
+++ b/auth/oauth2/index.php
@@ -0,0 +1,53 @@
+<?php
+
+include '../../include/init.php';
+startSession();
+global $dao;
+
+if (!isset($_REQUEST['client_id'])) {
+    http_response_code(400);
+    die("Client id is required");
+}
+
+if (!isset($_REQUEST['redirect_uri'])) {
+    http_response_code(400);
+    die("Redirect URI is required");
+}
+
+$clientId = $_REQUEST['client_id'];
+$redirectUrl = $_REQUEST['redirect_uri'];
+
+$client = $dao->getOAuth2ClientByClientId($clientId);
+if ($client === null) {
+    http_response_code(400);
+    die("Invalid client id: " . $clientId);
+}
+if ($client->redirectUrl !== $redirectUrl) {
+    http_response_code(400);
+    die("Invalid client redirect URI: " . $redirectUrl);
+}
+
+$alg;
+if (isset($_REQUEST['alg'])) {
+    $alg = $_REQUEST['alg'];
+} else {
+    $alg = "RS256";
+}
+
+if (isset($_GET['code'])) {
+    
+} else {
+    if (!isset($_REQUEST['state'])) {
+        http_response_code(400);
+        die("State is required");
+    }
+}
+
+$oauth2Data = new \RAP\OAuth2Data();
+$oauth2Data->clientName = $client->name;
+$oauth2Data->clientIcon = $client->icon;
+$oauth2Data->clientId = $client->id;
+$oauth2Data->redirectUrl = $client->redirectUrl;
+
+global $session;
+$session->setOAuth2Data($oauth2Data);
\ No newline at end of file
diff --git a/classes/DAO.php b/classes/DAO.php
index d72d3b9b9156cb45fc3f62553cd3ea04aa80b675..2f0f68922461b8b84d93aeca19d8359fc494e5ca 100644
--- a/classes/DAO.php
+++ b/classes/DAO.php
@@ -124,12 +124,21 @@ interface DAO {
      * @param type $token join token
      */
     function deleteJoinRequest($token);
-    
+
     /**
      * CRUD methods for OAuth2Clients (used by admin interface).
      */
     function getOAuth2Clients();
-    function createOAuth2Client($client);    
+
+    function createOAuth2Client($client);
+
     function updateOAuth2Client($client);
+
     function deleteOAuth2Client($clientId);
+
+    /**
+     * Retrieve the client from the configured client id (the one associated to
+     * the secret, not the database id).
+     */
+    function getOAuth2ClientByClientId($clientId);
 }
diff --git a/classes/MySQLDAO.php b/classes/MySQLDAO.php
index 67511697b24fd8f3e28472897ef31c099bc3d1ce..13f0eb0399207259902a0397fcee23784c4fad67 100644
--- a/classes/MySQLDAO.php
+++ b/classes/MySQLDAO.php
@@ -478,4 +478,47 @@ class MySQLDAO implements DAO {
         }
     }
 
+    function getOAuth2ClientByClientId($clientId) {
+        $dbh = $this->getDBHandler();
+
+        // Load clients info
+        $queryClient = "SELECT id, name, icon, client, secret, redirect_url, scope FROM oauth2_client WHERE client = :client";
+        $stmtClient = $dbh->prepare($queryClient);
+        $stmtClient->bindParam(':client', $clientId);
+        $stmtClient->execute();
+
+        $result = $stmtClient->fetchAll();
+
+        if (count($result) === 0) {
+            return null;
+        }
+        if (count($result) > 1) {
+            throw new Exception("Found multiple clients associated to the same client id!");
+        }
+
+        $row = $result[0];
+
+        $client = new OAuth2Client();
+        $client->id = $row['id'];
+        $client->name = $row['name'];
+        $client->icon = $row['icon'];
+        $client->client = $row['client'];
+        $client->secret = $row['secret'];
+        $client->redirectUrl = $row['redirect_url'];
+        $client->scope = $row['scope'];
+
+        // Load authentication methods info
+        $queryAuthNMethods = "SELECT auth_method FROM oauth2_client_auth_methods WHERE client_id = :id";
+
+        $stmtAuthNMethods = $dbh->prepare($queryAuthNMethods);
+        $stmtAuthNMethods->bindParam(':id', $client->id);
+        $stmtAuthNMethods->execute();
+
+        foreach ($stmtAuthNMethods->fetchAll() as $row) {
+            array_push($client->authMethods, $row['auth_method']);
+        }
+
+        return $client;
+    }
+
 }
diff --git a/classes/OAuth2Data.php b/classes/OAuth2Data.php
new file mode 100644
index 0000000000000000000000000000000000000000..7bf507b7c76f58788317afeacf67299e100799fe
--- /dev/null
+++ b/classes/OAuth2Data.php
@@ -0,0 +1,12 @@
+<?php
+
+namespace RAP;
+
+class OAuth2Data {
+
+    public $clientName;
+    public $clientIcon;
+    public $clientId;
+    public $redirectUrl;
+
+}
diff --git a/classes/SessionData.php b/classes/SessionData.php
index ef5c8a8f410f45c46f79bfa2a8ca548081821c73..343a65ddfc53da4aad2ce14b5bfc826fd043199e 100644
--- a/classes/SessionData.php
+++ b/classes/SessionData.php
@@ -41,6 +41,7 @@ class SessionData {
     // session because we need to check the Terms of Use user consensus, so we
     // redirect to another page after retrieving user data.
     public $userToLogin;
+    public $oauth2Data;
 
     /**
      * @todo: move DAO away from here
@@ -123,4 +124,9 @@ class SessionData {
         }
     }
 
+    public function setOAuth2Data($oauth2Data) {
+        $this->oauth2Data = $oauth2Data;
+        $this->save();
+    }
+
 }
diff --git a/sql/setup-database.sql b/sql/setup-database.sql
index d9cd3f367c84a07eba5c83d669e7d029663c7bdc..e65cb2acec3220cb38917baa3f44cbb24035caf4 100644
--- a/sql/setup-database.sql
+++ b/sql/setup-database.sql
@@ -6,7 +6,8 @@ CREATE TABLE `oauth2_client` (
   `secret` varchar(255) NOT NULL,
   `redirect_url` text NOT NULL,
   `scope` varchar(255) NOT NULL,
-  PRIMARY KEY (`id`)
+  PRIMARY KEY (`id`),
+  UNIQUE(client)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 
 CREATE TABLE `oauth2_client_auth_methods` (