Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-58090

OAuth 2 authentication upgrades for Moodle.

    XMLWordPrintable

Details

    • MOODLE_33_STABLE
    • MDL-58090-master
    • Hide

      New admin page "Site admin -> Server -> OAuth 2 Services"

      Create one of each of the standard OAuth services (google, microsoft, facebook). You will need to register an OAuth 2 client with each of their APIs to get a client id and secret. Your site will need to use https. Enable the OAuth 2 Authentication plugin. See the documentation link for a guide on setting these up.

      You should now be able to login using each provider.

      For Google / Microsoft you should be able to connect a system account from the new admin tool. It will request "offline" access and show as connected.

      Show
      New admin page "Site admin -> Server -> OAuth 2 Services" Create one of each of the standard OAuth services (google, microsoft, facebook). You will need to register an OAuth 2 client with each of their APIs to get a client id and secret. Your site will need to use https. Enable the OAuth 2 Authentication plugin. See the documentation link for a guide on setting these up. You should now be able to login using each provider. For Google / Microsoft you should be able to connect a system account from the new admin tool. It will request "offline" access and show as connected.

    Description

      1. Improve the moodle oauth 2 library so it is compatible with several prominant OAuth APIs (Google, Microsoft, Facebook is a nice start). Some specific problems are use of multi-part form encoding for token requests and duplicating Authentication headers on every request.
      2. Provide a central administration page for configuring OAuth services in a generic way (including support for service discovery with OpenID Connect)
      3. Allow system wide configuration of an OAuth service account which retrieves a "refresh token" for an OAuth API - allowing the system to retrieve access tokens and use the service account as part of an API.
      4. Allow incremental authorization by remembering the approved scopes and requesting re-authentication when the un un-authorized scope is requested.
      5. Implement a new auth plugin that displayes the installed OAuth services in a list on the login page and will login and update the user details via OAuth.

      Attachments

        Issue Links

          Activity

            People

              damyon Damyon Wiese
              damyon Damyon Wiese
              Juan Leyva Juan Leyva
              David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo
              Votes:
              2 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: