diff --git a/.gitmodules b/.gitmodules
index 7952d1f2..fcc955f2 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -202,3 +202,6 @@
 [submodule "gems/recaptcha/5.15/_src"]
 	path = gems/recaptcha/5.15/_src
 	url = https://github.com/ambethia/recaptcha.git
+[submodule "gems/rack-oauth2/2.2/_src"]
+	path = gems/rack-oauth2/2.2/_src
+	url = https://github.com/nov/rack-oauth2.git
diff --git a/gems/rack-oauth2/2.2/_scripts/test b/gems/rack-oauth2/2.2/_scripts/test
new file mode 100755
index 00000000..6649af35
--- /dev/null
+++ b/gems/rack-oauth2/2.2/_scripts/test
@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+
+# Exit command with non-zero status code, Output logs of every command executed, Treat unset variables as an error when substituting.
+set -eou pipefail
+# Internal Field Separator - Linux shell variable
+IFS=$'\n\t'
+# Print shell input lines
+set -v
+
+# Set RBS_DIR variable to change directory to execute type checks using `steep check`
+RBS_DIR=$(cd $(dirname $0)/..; pwd)
+# Set REPO_DIR variable to validate RBS files added to the corresponding folder
+REPO_DIR=$(cd $(dirname $0)/../../..; pwd)
+# Validate RBS files, using the bundler environment present
+bundle exec rbs --repo $REPO_DIR -r rack-oauth2:2.2 validate --silent
+
+cd ${RBS_DIR}/_test
+# Run type checks
+bundle exec steep check
+
+$(git rev-parse --show-toplevel)/bin/check-untyped-call.rb
diff --git a/gems/rack-oauth2/2.2/_src b/gems/rack-oauth2/2.2/_src
new file mode 160000
index 00000000..fbaab323
--- /dev/null
+++ b/gems/rack-oauth2/2.2/_src
@@ -0,0 +1 @@
+Subproject commit fbaab323f4e77e93b889fb1c31871205dbe49bd8
diff --git a/gems/rack-oauth2/2.2/_test/Steepfile b/gems/rack-oauth2/2.2/_test/Steepfile
new file mode 100644
index 00000000..6932d973
--- /dev/null
+++ b/gems/rack-oauth2/2.2/_test/Steepfile
@@ -0,0 +1,11 @@
+D = Steep::Diagnostic
+
+target :test do
+  check "."
+  signature "."
+
+  repo_path "../../../"
+  library "rack-oauth2"
+
+  configure_code_diagnostics(D::Ruby.all_error)
+end
diff --git a/gems/rack-oauth2/2.2/_test/test.rb b/gems/rack-oauth2/2.2/_test/test.rb
new file mode 100644
index 00000000..5d50b2a4
--- /dev/null
+++ b/gems/rack-oauth2/2.2/_test/test.rb
@@ -0,0 +1,61 @@
+# Write Ruby code to test the RBS.
+# It is type checked by `steep check` command.
+
+require "rack-oauth2"
+
+YOUR_CLIENT_ID = 'client_id'
+YOUR_CLIENT_SECRET = 'secret'
+YOUR_REDIRECT_URI = 'http://example.com'
+YOUR_USERNAME = 'username'
+YOUR_PASSWORD = 'password'
+YOUR_AUTHORIZATION_CODE = '1234'
+YOUR_REFRESH_TOKEN_FOR_USER = 'abcd'
+
+client = Rack::OAuth2::Client.new(
+  :identifier => YOUR_CLIENT_ID,
+  :secret => YOUR_CLIENT_SECRET,
+  :redirect_uri => YOUR_REDIRECT_URI, # only required for grant_type = :code
+  :host => 'rack-oauth2-sample.heroku.com'
+)
+
+request_type = :token
+
+puts "## request_type = :#{request_type}"
+
+authorization_uri = case request_type
+when :code
+  client.authorization_uri(:scope => :user_about_me)
+when :token
+  client.authorization_uri(:response_type => :token, :scope => :user_about_me)
+end
+
+puts authorization_uri
+
+
+client = Rack::OAuth2::Client.new(
+  :identifier => YOUR_CLIENT_ID,
+  :secret => YOUR_CLIENT_SECRET,
+  :redirect_uri => YOUR_REDIRECT_URI, # only required for grant_type = :code
+  :host => 'rack-oauth2-sample.heroku.com'
+)
+
+grant_type = :authorization_code
+
+puts "## grant_type = :#{grant_type}"
+
+case grant_type
+when :client_credentials
+  # Nothing to do
+when :password
+  client.resource_owner_credentials = YOUR_USERNAME, YOUR_PASSWORD
+when :authorization_code
+  client.authorization_code = YOUR_AUTHORIZATION_CODE
+when :refresh_token
+  client.refresh_token = YOUR_REFRESH_TOKEN_FOR_USER
+end
+
+begin
+  p client.access_token!
+rescue => e
+  p e
+end
diff --git a/gems/rack-oauth2/2.2/_test/test.rbs b/gems/rack-oauth2/2.2/_test/test.rbs
new file mode 100644
index 00000000..b5abf169
--- /dev/null
+++ b/gems/rack-oauth2/2.2/_test/test.rbs
@@ -0,0 +1,8 @@
+
+YOUR_CLIENT_ID: String
+YOUR_CLIENT_SECRET: String
+YOUR_REDIRECT_URI: String
+YOUR_USERNAME: String
+YOUR_PASSWORD: String
+YOUR_AUTHORIZATION_CODE: String
+YOUR_REFRESH_TOKEN_FOR_USER: String
diff --git a/gems/rack-oauth2/2.2/rack-oauth2.rbs b/gems/rack-oauth2/2.2/rack-oauth2.rbs
new file mode 100644
index 00000000..4027c151
--- /dev/null
+++ b/gems/rack-oauth2/2.2/rack-oauth2.rbs
@@ -0,0 +1,39 @@
+module Rack
+  module OAuth2
+    class AccessToken
+      class Bearer < AccessToken
+      end
+
+      attr_accessor access_token: untyped
+      attr_accessor token_type: untyped
+      attr_accessor refresh_token: untyped
+      attr_accessor expires_in: untyped
+      attr_accessor scope: untyped
+    end
+
+    class Client
+      class Error < StandardError
+        attr_accessor status: Integer
+        attr_accessor response: Hash[untyped, untyped]
+      end
+
+      class Grant
+        class AuthorizationCode < Grant
+        end
+
+        class Password < Grant
+        end
+
+        class RefreshToken < Grant
+        end
+      end
+
+      def initialize: (**untyped attributes) -> void
+      def authorization_uri: (**untyped params) -> String
+      def authorization_code=: (String code) -> Grant::AuthorizationCode
+      def resource_owner_credentials=: ([String, String] credentials) -> Grant::Password
+      def refresh_token=: (String token) -> Grant::RefreshToken
+      def access_token!: () -> AccessToken::Bearer
+    end
+  end
+end