Zammad as oauth identity provider

Hi,

I read about the possibility to use Zammad as an identity provider: (API - Add allowed origin on self-hosted Zammad Server - #7 by thorsteneckel)

And found the option to add applications in the configurations /#system/api

But I couldn’t find any doc elaborating on this further (e.g. how to set App-ID and secret, which endpoints exactly to call to receive a token etc.)

Does anyone have any idea where I find information to get into it a bit further?

(Use case: I would like to use an authentication in a little external webapp which has no data-backend, i.e. without having to set up an extra user database/identitiy provider… In the future I want to implement various ways to interact via the zammad api from there but for a start I want to realize the user administration with zammad).

Thanks a lot

Best Valentin

1 Like

Hi Valentin, same situation and issue here. I’d love to have more detailed documentation but cannot find any except the ones you linked.

I found a couple more information by simply clicking through Zammad.

You can register an application at
Settings > API > Applications (OAuth Authentication)

I don’t understand why but you can find/change ClientID and Secret by clicking the view column after registering an application.

You can find the URLs for oauth at the bottom of the page.

I was able to successfully authorize my application with a users Zammad account using
/oauth/authorize?client_id={app-id in Zammad}&client_secret={secret in zammad}&redirect_uri={my callback url}

Unfortunately the /oauth/tokens endpoint does not seem to exist in my case as well as there is no documentation on how to exchange the code for an access token.

This topic was automatically closed 360 days after the last reply. New replies are no longer allowed.