diff --git a/plugins/oauth_client/lib/oauth_client_plugin.rb b/plugins/oauth_client/lib/oauth_client_plugin.rb
index 664817d..056c66a 100644
--- a/plugins/oauth_client/lib/oauth_client_plugin.rb
+++ b/plugins/oauth_client/lib/oauth_client_plugin.rb
@@ -1,3 +1,5 @@
+require 'omniauth/strategies/noosfero_oauth2'
+
 class OauthClientPlugin < Noosfero::Plugin
 
   def self.plugin_name
@@ -39,6 +41,9 @@ class OauthClientPlugin < Noosfero::Plugin
     },
     :google_oauth2 => {
       :name => 'Google'
+    },
+    :noosfero_oauth2 => {
+      :name => 'Noosfero'
     }
   }
 
diff --git a/plugins/oauth_client/lib/omniauth/strategies/noosfero_oauth2.rb b/plugins/oauth_client/lib/omniauth/strategies/noosfero_oauth2.rb
new file mode 100644
index 0000000..1b2a135
--- /dev/null
+++ b/plugins/oauth_client/lib/omniauth/strategies/noosfero_oauth2.rb
@@ -0,0 +1,30 @@
+require 'omniauth/strategies/oauth2'
+
+module OmniAuth
+  module Strategies
+    class NoosferoOauth2 < OmniAuth::Strategies::OAuth2
+      option :name, :noosfero_oauth2
+
+      option :client_options, {
+        :site => "http://noosfero.com:3001",
+        :authorize_url => "/oauth/authorize"
+      }
+
+      uid { raw_info["id"] }
+
+      info do
+        {
+          :email => raw_info["email"]
+          # and anything else you want to return to your API consumers
+        }
+      end
+
+      def raw_info
+        #@raw_info ||= access_token.get('/api/v1/me.json').parsed
+        #FIXME
+        #raise access_token.inspect
+        User['vfcosta'].attributes
+      end
+    end
+  end
+end
diff --git a/plugins/oauth_client/views/auth/_noosfero_oauth2.html.erb b/plugins/oauth_client/views/auth/_noosfero_oauth2.html.erb
new file mode 100644
index 0000000..4632c1d
--- /dev/null
+++ b/plugins/oauth_client/views/auth/_noosfero_oauth2.html.erb
@@ -0,0 +1 @@
+<a class="noosfero_oauth2" href="/plugin/oauth_client/noosfero_oauth2"><%= _('Login with Noosfero') %></a>
diff --git a/plugins/oauth_provider/lib/oauth_provider_plugin.rb b/plugins/oauth_provider/lib/oauth_provider_plugin.rb
index 3fcb1ee..28f3900 100644
--- a/plugins/oauth_provider/lib/oauth_provider_plugin.rb
+++ b/plugins/oauth_provider/lib/oauth_provider_plugin.rb
@@ -13,17 +13,22 @@ class OauthProviderPlugin < Noosfero::Plugin
     # Currently supported options are :active_record, :mongoid2, :mongoid3, :mongo_mapper
     orm :active_record
 
-    domain = Domain.find_by_name(request.host)
-    environment = domain ? domain.environment : Environment.default
-
     # This block will be called to check whether the resource owner is authenticated or not.
     resource_owner_authenticator do
+      domain = Domain.find_by_name(request.host)
+      environment = domain ? domain.environment : Environment.default
       environment.users.find_by_id(session[:user]) || redirect_to('/account/login')
     end
 
     # If you want to restrict access to the web interface for adding oauth authorized applications, you need to declare the block below.
     admin_authenticator do
-      environment.users.find_by_id(session[:user]) || redirect_to('/account/login')
+      domain = Domain.find_by_name(request.host)
+      environment = domain ? domain.environment : Environment.default
+      user = environment.users.find_by_id(session[:user])
+      unless user && user.person.is_admin?(environment)
+        redirect_to('/account/login')
+      end
+      user
     end
 
     # Authorization Code expiration time (default 10 minutes).
--
libgit2 0.21.2