Is it possible to implement OAuth 2.0 or 1.0 using an Apache HTTPd server module?
I am choosing this route because each and every request will first reach the HTTPd module, so from there I have to authenticate.
If it is possible, please share a related link for that.
I'm going to add to Eugenio's answer by saying that mod_auth_openidc supports two modes of operation:
it can function as an OpenID Connect Relying Party authenticating users by consuming and verifying ID tokens, access tokens and refresh tokens as issued by an OpenID Connect Provider; it will relay information about the authenticated user (and possibly the tokens themselves) to the protected application that runs on or behind the Apache server
it can function as an OAuth 2.0 Resource Server, controlling access from OAuth 2.0 clients by consuming and verifying access tokens that have been issued by an OAuth 2.0 Authorization Server; it can pass on information associated with the access token to the protected application that runs on or behind the Apache server
For both cases, Apache's Require logic can be used to enforce access based on certain claims that are present in the ID token resp. access token.
Update April 12, 2019:
There's now a dedicated module to handle the OAuth 2.0 Resource Server functionality: https://github.com/zmartzone/mod_oauth2
Yes, this is possible. In fact mod_auth_openidc does exactly that for Apache (and for OpenId Connect, which is a protocol built on OAuth2).
More on the scenario here: https://auth0.com/blog/sso-for-legacy-apps-with-auth0-openid-connect-and-apache/
