Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-58090

OAuth 2 authentication upgrades for Moodle.

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide

      New admin page "Site admin -> Server -> OAuth 2 Services"

      Create one of each of the standard OAuth services (google, microsoft, facebook). You will need to register an OAuth 2 client with each of their APIs to get a client id and secret. Your site will need to use https. Enable the OAuth 2 Authentication plugin. See the documentation link for a guide on setting these up.

      You should now be able to login using each provider.

      For Google / Microsoft you should be able to connect a system account from the new admin tool. It will request "offline" access and show as connected.

      Show
      New admin page "Site admin -> Server -> OAuth 2 Services" Create one of each of the standard OAuth services (google, microsoft, facebook). You will need to register an OAuth 2 client with each of their APIs to get a client id and secret. Your site will need to use https. Enable the OAuth 2 Authentication plugin. See the documentation link for a guide on setting these up. You should now be able to login using each provider. For Google / Microsoft you should be able to connect a system account from the new admin tool. It will request "offline" access and show as connected.
    • Affected Branches:
      MOODLE_33_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-58090-master

      Description

      1. Improve the moodle oauth 2 library so it is compatible with several prominant OAuth APIs (Google, Microsoft, Facebook is a nice start). Some specific problems are use of multi-part form encoding for token requests and duplicating Authentication headers on every request.
      2. Provide a central administration page for configuring OAuth services in a generic way (including support for service discovery with OpenID Connect)
      3. Allow system wide configuration of an OAuth service account which retrieves a "refresh token" for an OAuth API - allowing the system to retrieve access tokens and use the service account as part of an API.
      4. Allow incremental authorization by remembering the approved scopes and requesting re-authentication when the un un-authorized scope is requested.
      5. Implement a new auth plugin that displayes the installed OAuth services in a list on the login page and will login and update the user details via OAuth.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                2 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: