2 Confirmation paths need to be tested: Newly created account: ** Set up mailcatcher or the like and Moodle SMTP. We want to see outbound emails from Moodle. Set up google oauth as per the instructions in MDL-58220 Now, make sure you've deleted all users on the site, so we can start from scratch. As admin, disable the setting 'authpreventaccountcreation' (untick it) Log out. Now, using the google oauth login button, try to login using your gmail account. You should see a message about confirming your account and an email to the same effect. Don't click the link yet. Check the link in the email and Confirm that it links to 'confirm-account.php'. Don't click it yet. Now, as the admin user, log in, browse the list of users and remove the user which is not yet confirmed (Hint: You'll see a 'confirm' link next to their name) Now, click the link in the email and Confirm that you see the notification messsage "The confirmation link is either invalid, or has expired. Please start the login process again to generate a new confirmation email." Repeat the process, but this time don't expire the confirmation link, and proceed to log in as the new account user. Existing account with same email: Now, from the user preferences of the new user, go to 'Linked logins' and remove the link to your google account Log out. Now, try to login using google again. You should see a message about confirming your account and an email to the same effect. Don't click the link yet. Check the link in the email and Confirm that it links to 'confirm-linkedlogin.php'. Don't click it yet. Now, update the 'confirmtokenexpires' column in the 'auth_oauth2_linked_login' table to the current unix timestamp. I.e. expire it. Now, click the link in the email and Confirm that you see the notification messsage "The confirmation link is either invalid, or has expired. Please start the login process again to generate a new confirmation email." Repeat the process, but this time don't expire the confirmation link, and proceed to log in as the new account user.