# OAuth Clients

## Introduction

GLPI 11 introduces a major OAuth 2.0 authentication feature that revolutionizes how third-party applications access your GLPI data. This new functionality enables secure and modern integration with your organization's ecosystem. OAuth 2.0 is a modern authorization protocol that allows third-party applications to access your GLPI resources without sharing your passwords.

## Why Use It?

* **Enhanced Security**: No password sharing
* **Granular Control**: Specific permissions per application
* **Modern Integrations**: Compatible with mobile and web applications
* **Centralized Management**: Instant access revocation
* **Traceability**: Access and usage tracking

## Prerequisites

* **Administrator** profile or rights on **OAuth Clients**
* Access to the **Configuration** menu

## Creating an OAuth Client

Step 1: Navigating the Interface

* In the main menu, click **Configuration**
* Select **OAuth Clients** from the submenu
* On the OAuth Clients page, click **Add**

<div align="left"><figure><img src="/files/XhByKTbC86l3sbtYqSft" alt="" width="475"><figcaption><p>Add a nex client OAuth</p></figcaption></figure></div>

### Basic Information

* **Name**: Descriptive name for the client
* **Comment**: Description of the client (optional)

### Selecting Grants

Choose the authentication type according to your application

<div align="left"><figure><img src="/files/CpmuuwG2DFwnoKvczOab" alt=""><figcaption><p>Select identification's type</p></figcaption></figure></div>

**Authorization Code:** The most secure interactive authentication for applications with users. The user is redirected to GLPI to authenticate, then sent back to the application with a temporary code that is exchanged for a token.

**Password Grant:** Direct authentication with username and password. The application directly requests user credentials and sends them to GLPI to obtain a token.

**Client Credentials:** Machine-to-machine authentication without a human user. The application authenticates solely with its own credentials (client ID/secret), with no specific user involved.

### Defining Scopes (Permissions)

<div align="left"><figure><img src="/files/dObldUYukjbhvIMHZg3n" alt=""><figcaption><p>Define permissions</p></figcaption></figure></div>

* **api**: General access to the GLPI API
* **user**: Information of the logged-in user
* **email**: User's email address
* **inventory**: Submission of inventories
* **status**: System status
* **graphql**: GraphQL interface

### **Save**

* Click **Add** at the bottom of the form
* The OAuth client is created with unique identifiers (ClientID and Client Secret)

<figure><img src="/files/zbrIYKJBB902VpoYlQhY" alt=""><figcaption><p>SAve your new client OAuth</p></figcaption></figure>

## Configuring the OAuth Client

### Redirect URI

* Edit your OAuth client
* **"Authorized redirect URIs"** section
* Add your application's URLs

<figure><img src="/files/Q6wt67zuTNZuhXipcaGX" alt=""><figcaption></figcaption></figure>

### IP Restrictions

* **"IP Restrictions"** section
* Add authorized IP addresses

<div align="left"><figure><img src="/files/M12jHHROcUqHbebAKoHs" alt=""><figcaption><p>Add IP Restrictions</p></figcaption></figure></div>

## Using the OAuth Client with the Agent

### Enabling Inventory

* In the main menu, click **Administration**
* Select **Inventory** from the submenu
* Check the "**Enable inventory**" checkbox

<figure><img src="/files/LWrSUbZmXygPB3rMobdV" alt=""><figcaption><p>Enable inventory</p></figcaption></figure>

### Agent Authorization

Once inventory is enabled, the field for **"Agent authentication"** becomes relevant.

In the corresponding **dropdown list**, select **"OAuth – Client credentials"** to use an **OAuth client** as the authentication source.

<figure><img src="/files/MpEJe6lDiFxDBsSMZYpM" alt=""><figcaption><p>Enable OAuth authentication for GLPI Agents</p></figcaption></figure>

### Creating the OAuth Client

Create an **OAuth client** that will be used by the agent. In the **"Scopes"** section, select **`Inventory`** to authorize access to inventory functionalities.

{% hint style="warning" %}
**Warning:** Remember to **copy the client secret immediately**, as it will only be displayed once and cannot be retrieved later.
{% endhint %}

Once the client is created, carefully keep the following information:

* **Client ID**
* **Client Secret**

These values will be necessary for configuring the agent in the next step.

<div align="left"><figure><img src="/files/jUySqbo7gYCPHd79H3B9" alt=""><figcaption><p>Add inventory to scope</p></figcaption></figure></div>

### Connecting to the Agent

To finalize the configuration, add the **`oauth-client-id`** and **`oauth-client-secret`** parameters in the agent's configuration. This information will allow the agent to authenticate correctly with the OAuth server.

* **`oauth-client-id`**: copy/paste the **Client ID** of the OAuth client created previously.
* **`oauth-client-secret`**: copy/paste the **Client Secret** associated with this same OAuth client.

Once these parameters are entered, **save the agent's configuration**. The agent will then automatically use these credentials to obtain an **access token** and communicate securely with the server.

<a href="https://glpi-agent.readthedocs.io/en/1.10/man/glpi-agent.html#server-authentication" class="button secondary">Configure my GLPI agents</a>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.glpi-project.org/documentation/modules/configuration/oauth-clients.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.