# OAuth Clients ## Introduction GLPI 11 introduces a major OAuth 2.0 authentication feature that revolutionizes how third-party applications access your GLPI data. This new functionality enables secure and modern integration with your organization's ecosystem. OAuth 2.0 is a modern authorization protocol that allows third-party applications to access your GLPI resources without sharing your passwords. ## Why Use It? * **Enhanced Security**: No password sharing * **Granular Control**: Specific permissions per application * **Modern Integrations**: Compatible with mobile and web applications * **Centralized Management**: Instant access revocation * **Traceability**: Access and usage tracking ## Prerequisites * **Administrator** profile or rights on **OAuth Clients** * Access to the **Configuration** menu ## Creating an OAuth Client Step 1: Navigating the Interface * In the main menu, click **Configuration** * Select **OAuth Clients** from the submenu * On the OAuth Clients page, click **Add**

### Basic Information * **Name**: Descriptive name for the client * **Comment**: Description of the client (optional) ### Selecting Grants Choose the authentication type according to your application

**Authorization Code:** The most secure interactive authentication for applications with users. The user is redirected to GLPI to authenticate, then sent back to the application with a temporary code that is exchanged for a token. **Password Grant:** Direct authentication with username and password. The application directly requests user credentials and sends them to GLPI to obtain a token. **Client Credentials:** Machine-to-machine authentication without a human user. The application authenticates solely with its own credentials (client ID/secret), with no specific user involved. ### Defining Scopes (Permissions)

* **api**: General access to the GLPI API * **user**: Information of the logged-in user * **email**: User's email address * **inventory**: Submission of inventories * **status**: System status * **graphql**: GraphQL interface ### **Save** * Click **Add** at the bottom of the form * The OAuth client is created with unique identifiers (ClientID and Client Secret)

## Configuring the OAuth Client ### Redirect URI * Edit your OAuth client * **"Authorized redirect URIs"** section * Add your application's URLs

### IP Restrictions * **"IP Restrictions"** section * Add authorized IP addresses

## Using the OAuth Client with the Agent ### Enabling Inventory * In the main menu, click **Administration** * Select **Inventory** from the submenu * Check the "**Enable inventory**" checkbox

### Agent Authorization Once inventory is enabled, the field for **"Agent authentication"** becomes relevant. In the corresponding **dropdown list**, select **"OAuth – Client credentials"** to use an **OAuth client** as the authentication source.

Enable OAuth authentication for GLPI Agents

### Creating the OAuth Client Create an **OAuth client** that will be used by the agent. In the **"Scopes"** section, select **`Inventory`** to authorize access to inventory functionalities. {% hint style="warning" %} **Warning:** Remember to **copy the client secret immediately**, as it will only be displayed once and cannot be retrieved later. {% endhint %} Once the client is created, carefully keep the following information: * **Client ID** * **Client Secret** These values will be necessary for configuring the agent in the next step.

### Connecting to the Agent To finalize the configuration, add the **`oauth-client-id`** and **`oauth-client-secret`** parameters in the agent's configuration. This information will allow the agent to authenticate correctly with the OAuth server. * **`oauth-client-id`**: copy/paste the **Client ID** of the OAuth client created previously. * **`oauth-client-secret`**: copy/paste the **Client Secret** associated with this same OAuth client. Once these parameters are entered, **save the agent's configuration**. The agent will then automatically use these credentials to obtain an **access token** and communicate securely with the server. Configure my GLPI agents