diff --git a/modules/oauth/config-template/module_oauth.php b/modules/oauth/config-template/module_oauth.php
new file mode 100644
index 0000000000000000000000000000000000000000..a1a9c10b822a9ff01fed957a3aed13f1497404d7
--- /dev/null
+++ b/modules/oauth/config-template/module_oauth.php
@@ -0,0 +1,16 @@
+<?php
+/* 
+ * Configuration for the OAuth module.
+ * 
+ * $Id$
+ */
+
+$config = array (
+
+	/* Enable the getUserInfo endpoint. Do not enable unless you know what you do.
+	 * It may give external parties access to userInfo unless properly secured.
+	 */
+	'getUserInfo.enable' => FALSE,
+
+);
+
diff --git a/modules/oauth/www/getUserInfo.php b/modules/oauth/www/getUserInfo.php
index 4045288d5c8e731893202692b99424f6eece081b..dde46e1e8c923fef5e81bdecfc01df9446f03cb5 100644
--- a/modules/oauth/www/getUserInfo.php
+++ b/modules/oauth/www/getUserInfo.php
@@ -2,6 +2,12 @@
 
 require_once(dirname(dirname(__FILE__)) . '/libextinc/OAuth.php');
 
+$oauthconfig = SimpleSAML_Configuration::getConfig('module_oauth.php');
+
+if (!$oauthconfig->getBoolean('getUserInfo.enable', FALSE)) {
+	throw new Exception('Get user info endpoint is disabled. This endpoint can be enabled in the module_oauth.php configuration file.');
+}
+
 $store = new sspmod_oauth_OAuthStore();
 $server = new sspmod_oauth_OAuthServer($store);