Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-58090

OAuth 2 authentication upgrades for Moodle.

XMLWordPrintable

    • MOODLE_33_STABLE
    • MDL-58090-master
    • Hide

      New admin page "Site admin -> Server -> OAuth 2 Services"

      Create one of each of the standard OAuth services (google, microsoft, facebook). You will need to register an OAuth 2 client with each of their APIs to get a client id and secret. Your site will need to use https. Enable the OAuth 2 Authentication plugin. See the documentation link for a guide on setting these up.

      You should now be able to login using each provider.

      For Google / Microsoft you should be able to connect a system account from the new admin tool. It will request "offline" access and show as connected.

      Show
      New admin page "Site admin -> Server -> OAuth 2 Services" Create one of each of the standard OAuth services (google, microsoft, facebook). You will need to register an OAuth 2 client with each of their APIs to get a client id and secret. Your site will need to use https. Enable the OAuth 2 Authentication plugin. See the documentation link for a guide on setting these up. You should now be able to login using each provider. For Google / Microsoft you should be able to connect a system account from the new admin tool. It will request "offline" access and show as connected.

      1. Improve the moodle oauth 2 library so it is compatible with several prominant OAuth APIs (Google, Microsoft, Facebook is a nice start). Some specific problems are use of multi-part form encoding for token requests and duplicating Authentication headers on every request.
      2. Provide a central administration page for configuring OAuth services in a generic way (including support for service discovery with OpenID Connect)
      3. Allow system wide configuration of an OAuth service account which retrieves a "refresh token" for an OAuth API - allowing the system to retrieve access tokens and use the service account as part of an API.
      4. Allow incremental authorization by remembering the approved scopes and requesting re-authentication when the un un-authorized scope is requested.
      5. Implement a new auth plugin that displayes the installed OAuth services in a list on the login page and will login and update the user details via OAuth.

            damyon Damyon Wiese
            damyon Damyon Wiese
            Juan Leyva Juan Leyva
            Votes:
            2 Vote for this issue
            Watchers:
            8 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.