Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-58090

OAuth 2 authentication upgrades for Moodle.

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide

      New admin page "Site admin -> Server -> OAuth 2 Services"

      Create one of each of the standard OAuth services (google, microsoft, facebook). You will need to register an OAuth 2 client with each of their APIs to get a client id and secret. Your site will need to use https. Enable the OAuth 2 Authentication plugin. See the documentation link for a guide on setting these up.

      You should now be able to login using each provider.

      For Google / Microsoft you should be able to connect a system account from the new admin tool. It will request "offline" access and show as connected.

      Show
      New admin page "Site admin -> Server -> OAuth 2 Services" Create one of each of the standard OAuth services (google, microsoft, facebook). You will need to register an OAuth 2 client with each of their APIs to get a client id and secret. Your site will need to use https. Enable the OAuth 2 Authentication plugin. See the documentation link for a guide on setting these up. You should now be able to login using each provider. For Google / Microsoft you should be able to connect a system account from the new admin tool. It will request "offline" access and show as connected.
    • Affected Branches:
      MOODLE_33_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-58090-master

      Description

      1. Improve the moodle oauth 2 library so it is compatible with several prominant OAuth APIs (Google, Microsoft, Facebook is a nice start). Some specific problems are use of multi-part form encoding for token requests and duplicating Authentication headers on every request.
      2. Provide a central administration page for configuring OAuth services in a generic way (including support for service discovery with OpenID Connect)
      3. Allow system wide configuration of an OAuth service account which retrieves a "refresh token" for an OAuth API - allowing the system to retrieve access tokens and use the service account as part of an API.
      4. Allow incremental authorization by remembering the approved scopes and requesting re-authentication when the un un-authorized scope is requested.
      5. Implement a new auth plugin that displayes the installed OAuth services in a list on the login page and will login and update the user details via OAuth.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              damyon Damyon Wiese
              Reporter:
              damyon Damyon Wiese
              Peer reviewer:
              Juan Leyva
              Participants:
              Component watchers:
              Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias
              Votes:
              2 Vote for this issue
              Watchers:
              8 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: