ForgeRock OpenAM supports a number of Authentication Modules that can be used to verify the identity of a user attempting to login to the applications protected by OpenAM. One of the biggest strengths of OpenAM is the flexibility that it gives to plug in a Custom Authentication Module in the event the Out of The Box modules do not meet the requirements. Some details around the same can be found here.
In the following video that has a running time of approximately nine minutes, you’ll see an OpenAM instance being configured to contact Google for identifying a user by using OAuth2. Google’s literature about their support for OAuth2 is here in case if you are interested to read.