diff --git a/app/controllers/auth.js b/app/controllers/auth.js
index a032ec2..9bc78f2 100644
--- a/app/controllers/auth.js
+++ b/app/controllers/auth.js
@@ -31,34 +31,51 @@ class AuthController extends SiteController {
 
     const authRequired = this.dtp.services.session.authCheckMiddleware({ requireLogin: true });
 
-    router.post('/otp/enable',
+    router.post(
+      '/otp/enable',
       limiterService.create(limiterService.config.auth.postOtpEnable),
       this.postOtpEnable.bind(this),
     );
-    router.post('/otp/auth',
+    router.post(
+      '/otp/auth',
       limiterService.create(limiterService.config.auth.postOtpAuthenticate),
       this.postOtpAuthenticate.bind(this),
     );
 
-    router.post('/login',
+    router.post(
+      '/login',
       limiterService.create(limiterService.config.auth.postLogin),
       upload.none(),
       this.postLogin.bind(this),
     );
 
-    router.get('/api-token/personal',
+    router.get(
+      '/api-token/personal',
       authRequired,
       limiterService.create(limiterService.config.auth.getPersonalApiToken),
       this.getPersonalApiToken.bind(this),
     );
 
-    router.get('/socket-token',
+    router.get(
+      '/socket-token',
       authRequired,
       limiterService.create(limiterService.config.auth.getSocketToken),
       this.getSocketToken.bind(this),
     );
 
-    router.get('/logout',
+    router.get(
+      '/core',
+      passport.authenticate('oauth2'),
+    );
+
+    router.get(
+      '/core/callback',
+      passport.authenticate('oauth2', { failureRedirect: '/' }),
+      this.getCoreCallback.bind(this),
+    );
+
+    router.get(
+      '/logout',
       authRequired,
       limiterService.create(limiterService.config.auth.getLogout),
       this.getLogout.bind(this),
@@ -173,6 +190,16 @@ class AuthController extends SiteController {
     }
   }
 
+  async getCoreCallback (req, res) {
+    // req.login(user, (error) => {
+    //   if (error) {
+    //     return next(error);
+    //   }
+    //   return res.redirect('/');
+    // });
+    return res.redirect('/');
+  }
+
   async getLogout (req, res, next) {
     if (!req.user) {
       return next(new SiteError(403, 'You are not signed in'));
diff --git a/app/services/oauth2.js b/app/services/oauth2.js
index 2f56fc4..c6605b9 100644
--- a/app/services/oauth2.js
+++ b/app/services/oauth2.js
@@ -97,14 +97,14 @@ class OAuth2Service extends SiteService {
     const requireLogin = sessionService.authCheckMiddleware({ requireLogin: true });
 
     app.get(
-      '/dialog/authorize',
+      '/oauth2/authorize',
       requireLogin,
       this.server.authorize(this.processAuthorize.bind(this)),
       this.renderAuthorizeDialog.bind(this),
     );
 
     app.post(
-      '/dialog/authorize/decision',
+      '/oauth2/authorize/decision',
       requireLogin,
       this.server.decision(),
     );
diff --git a/app/services/user.js b/app/services/user.js
index d19e477..bfa0093 100644
--- a/app/services/user.js
+++ b/app/services/user.js
@@ -13,6 +13,7 @@ const UserBlock = mongoose.model('UserBlock');
 
 const passport = require('passport');
 const PassportLocal = require('passport-local');
+const OAuth2Strategy = require('passport-oauth2');
 
 const striptags = require('striptags');
 const uuidv4 = require('uuid').v4;
@@ -39,7 +40,10 @@ class UserService {
 
   async start ( ) {
     this.log.info(`starting ${module.exports.name} service`);
+
     this.registerPassportLocal();
+    this.registerPassportOAuth2();
+
     if (process.env.DTP_ADMIN === 'enabled') {
       this.registerPassportAdmin();
     }
@@ -336,6 +340,25 @@ class UserService {
     }
   }
 
+  registerPassportOAuth2 ( ) {
+    const AUTH_HOST = process.env.DTP_CORE_AUTH_HOST || 'localhost';
+    const oauthOptions = {
+      authorizationURL: `http://${AUTH_HOST}/oauth2/authorize`,
+      tokenURL: `http://${AUTH_HOST}/oauth2/token`,
+      clientID: process.env.DTP_CORE_CLIENT_ID,
+      clientSecret: process.env.DTP_CORE_CLIENT_SECRET,
+      callbackURL: `http://${process.env.DTP_SITE_DOMAIN}/auth/example/callback`,
+    };
+    passport.use(new OAuth2Strategy(oauthOptions, this.handleOAuth2Login.bind(this)));
+  }
+
+  async handleOAuth2Login (accessToken, refreshToken, profile, cb) {
+    this.log.info('OAuth2 login', { accessToken, refreshToken, profile });
+    User.findOrCreate({ exampleId: profile.id }, function (err, user) {
+      return cb(err, user);
+    });
+  }
+
   registerPassportAdmin ( ) {
     const options = {
       usernameField: 'username',
diff --git a/lib/site-platform.js b/lib/site-platform.js
index 569814d..0b7ec1b 100644
--- a/lib/site-platform.js
+++ b/lib/site-platform.js
@@ -345,6 +345,7 @@ module.exports.startWebServer = async (dtp) => {
    * System Init
    */
   try {
+    dtp.services.oauth2.attachRoutes(module.app);
     await module.loadControllers(dtp);
   } catch (error) {
     module.log.error('failed to initialize application controller', { error });
diff --git a/yarn.lock b/yarn.lock
index 39f9d1c..c3179c6 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -6080,6 +6080,11 @@ oauth2orize@^1.11.1:
     uid2 "0.0.x"
     utils-merge "1.x.x"
 
+oauth@0.9.x:
+  version "0.9.15"
+  resolved "https://registry.yarnpkg.com/oauth/-/oauth-0.9.15.tgz#bd1fefaf686c96b75475aed5196412ff60cfb9c1"
+  integrity sha512-a5ERWK1kh38ExDEfoO6qUHJb32rd7aYmPHuyCu3Fta/cnICvYmgd2uhuKXvPD+PXB+gCEYYEaQdIRAjCOwAKNA==
+
 object-assign@^4, object-assign@^4.0.1, object-assign@^4.1.0, object-assign@^4.1.1:
   version "4.1.1"
   resolved "https://registry.yarnpkg.com/object-assign/-/object-assign-4.1.1.tgz#2109adc7965887cfc05cbbd442cac8bfbb360863"