Broken oauth2 workflow


  • Used Zammad version: 5.2.3
  • Used Zammad installation type: package
  • Operating system: CentOS 7.9
  • Browser + version: Google Chrome Version 106.0.5249.119

Expected behavior:

  • When the user is logged out and the client requests the oauth workflow via the /oauth/authorize url he should be presented with a login screen, after successfull login he should be redirected to the original redirect_uri.

Actual behavior:

Steps to reproduce the behavior:

  • Clean Zammad Installation

Additional Information

Am i doing something wrong here i remember someone in this forum mentioned it is “by design”? when i use other provider like facebook to access certain pages the workflow is as follows:

  • i click on “Login with Facebook”
  • a popup opens where i can login with my credentials
  • a consent screen is beeing displayed
  • i accept and then i get redirected to the original url from where i started the oauth workflow

If there are any additional information you need don´t hesitate to reply :slight_smile:

Does nobody have an idea? Are there any other ways to cleanly connect Zammad as an IDP? Or should one rather use SAML?