This is the Java support for CILogon's authorization extension to OA4MP. The major part of CILogon's authorization module (written in PHP) is at
The main documenation for how to use CILogon is at CILogon and covers a wide variety of topics.
A quick overview is that OA4MP is the underlying OAuth 2 implementation. It does not, however, have a concept of a user per se, and the authorization machinery is modular so that it may be replaced, in this case, with CILogon's PHP layer. This module contains stores for user management, IDPs and other information as well as a database service that allows PHP to communicate with OA4MP. The philosophy is that OA4MP manages stores for the entire service and the authorizatioin module accesses this via the database service. This is necessary since as a user logs in, some back and forth with OA4MP to manage the user (if new or being updated) create a transaction must occur as well as periodic updates of the transaction. After the initial leg of OAuth (at which point the user gets their authorization grant, if using the code flow or acknowledgement if using the device flow), OA4MP is solely used for all OAuth operations.