# OpenID Authentication

To create a User with the login method "OpenID Authentication," you need to check the box "Use OpenID Authentication" and then fill in the "oAuth id" field:

<figure><img src="https://3237142148-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FscP4BXwl9ufpJr5mfVln%2Fuploads%2Fgit-blob-36aa4bde2240886f25d41301d4df5729f2e82a96%2F%D0%B8%D0%B7%D0%BE%D0%B1%D1%80%D0%B0%D0%B6%D0%B5%D0%BD%D0%B8%D0%B5%20(51).png?alt=media" alt=""><figcaption></figcaption></figure>

<figure><img src="https://3237142148-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FscP4BXwl9ufpJr5mfVln%2Fuploads%2Fgit-blob-380681aa9af0579113571a06f8c597ed990cbf14%2F2025-07-30_15-33-13.png?alt=media" alt=""><figcaption></figcaption></figure>

To enable OpenID, you need to set parameters in the file `./backend/config/config.ini`:

```
oAuthClientId="clientId"
oAuthClientSecret="clientSecret"
oAuthAuthUri="https://OpenID.url/authorize"
oAuthTokenUri="https://OpenID.url/token"
oAuthUserInfoUri="https://OpenID.url/info"
```

When requesting a token, the parameter `redirect_uri` is passed.

If you need to specify the Callback URL manually, then specify:

```
yourDomainURL/api/gui/system/oAuthHook
```

You can also fill in the additional fields:

<table data-header-hidden><thead><tr><th width="229"></th><th width="327"></th></tr></thead><tbody><tr><td><strong>Interface Element</strong></td><td><strong>Description</strong></td></tr><tr><td>text field “oAuth id”</td><td>OAuth identifier. This field is required. This field is available for OpenID authentication.</td></tr><tr><td>text field “Email”</td><td>Email address for automatic message sending.</td></tr><tr><td>text field “First Name”</td><td>User's first name.</td></tr><tr><td>text field “Last Name”</td><td>User's last name.</td></tr><tr><td>text field “Department”</td><td>Name of the department/location of the User's workplace.</td></tr><tr><td>checkboxes “Notify about audit messages of the following types”</td><td><p>Allows the User (when specifying an email address and checking the boxes for message types from Sherpa AI Server) to receive automatically sent notifications to their email. Possible options:</p><ul><li>Critical;</li><li>Error;</li><li>Warning;</li><li>Notice;</li><li>Info;</li><li>Debug.</li></ul></td></tr><tr><td>field “Role”</td><td>Allows specifying a pre-configured Role (one or more), according to which access to Sherpa AI Server tools (creation, editing, reading, and deleting objects) will be configured.</td></tr><tr><td>checkbox “User is blocked”</td><td>Allows blocking the User.</td></tr><tr><td>checkbox “Notify about license expirations via email”</td><td>Enables the function to notify the User about license expirations via email.</td></tr></tbody></table>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sherparpa.ru/en/sherpa-ai/sherpa-ai-server/rabota-v-sherpa-ai-server/polzovateli/avtorizaciya-polzovatelei/openid-autentifikaciya.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.