OAuth clients
Navigate: Menu > System > OAuth clients
OAuth clients are used when the LMS integrates with external systems, such as SCIM user provisioning, xAPI Learning Record Store access, or shared event synchronization.
info
OAuth client credentials are sensitive. Regenerated secrets and tokens are shown only once, so they must be handled by the person responsible for the integration.
In this section
- Client list – review existing OAuth clients.
- Create a client – add a new integration client.
- General tab – manage client metadata and enabled integration access.
- Credentials tab – review endpoints and regenerate credentials.
Client List
The OAuth clients table shows columns such as Name, Description, and Updated.
The page includes an Add action for creating a new OAuth client.
Create A Client
When creating an OAuth client, define:
- Name – the client name.
- Short description – a short description of what the client is used for.
- Permission labels – labels that control administrator access to the client.
After creation, the client opens on its edit page.
General Tab
The General tab contains:
- Name – the client name.
- Short description – the purpose or owner of the client.
- Active – whether the client can be used.
- Permission labels – labels used for administrator access control.
- SCIM configuration – the SCIM configuration connected to this client.
- Allow LRS access — read and write access to statements created by this client – allows the client to read and write its own xAPI statements.
- Allow LRS access — full read access to all data – allows broader xAPI statement reading.
- Allow shared events access — for synchronizing events with other LMSes – allows shared event synchronization when shared events are enabled.
Credentials Tab
The Credentials tab contains:
- Client credentials grant – shows the Client ID and when the Client secret was last generated. The Regenerate secret action invalidates the previous secret and active tokens that depend on it.
- Bearer token authentication – shows when the token was last generated. The Regenerate token action invalidates the previous token.
- Endpoints – shows the OAuth2 token endpoint, SCIM endpoint, and xAPI LRS endpoint for the current LMS domain.