Zammad as oauth identity provider


I read about the possibility to use Zammad as an identity provider: (API - Add allowed origin on self-hosted Zammad Server - #7 by thorsteneckel)

And found the option to add applications in the configurations /#system/api

But I couldn’t find any doc elaborating on this further (e.g. how to set App-ID and secret, which endpoints exactly to call to receive a token etc.)

Does anyone have any idea where I find information to get into it a bit further?

(Use case: I would like to use an authentication in a little external webapp which has no data-backend, i.e. without having to set up an extra user database/identitiy provider… In the future I want to implement various ways to interact via the zammad api from there but for a start I want to realize the user administration with zammad).

Thanks a lot

Best Valentin

1 Like

Hi Valentin, same situation and issue here. I’d love to have more detailed documentation but cannot find any except the ones you linked.

I found a couple more information by simply clicking through Zammad.

You can register an application at
Settings > API > Applications (OAuth Authentication)

I don’t understand why but you can find/change ClientID and Secret by clicking the view column after registering an application.

You can find the URLs for oauth at the bottom of the page.

I was able to successfully authorize my application with a users Zammad account using
/oauth/authorize?client_id={app-id in Zammad}&client_secret={secret in zammad}&redirect_uri={my callback url}

Unfortunately the /oauth/tokens endpoint does not seem to exist in my case as well as there is no documentation on how to exchange the code for an access token.