Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-59511

Can't connect a system account to OAuth 2 services that do not provide email in userinfo

    XMLWordPrintable

Details

    • MOODLE_33_STABLE, MOODLE_34_STABLE
    • MOODLE_33_STABLE
    • MDL-59511-master-oauthsysmail
    • Hide

      To obtain a userinfo "endpoint" that does not provide an email address, you can use fake_userinfo.json.

      Existing site

      1. Perform an upgrade.
      2. Confirm email field of the table {prefix}oauth2_system_account does not have NOT_NULL restriction .
      3. Add an issuer whose userinfo endpoint will not provide an email address (e.g. with a fake userinfo endpoint, see above).
      4. Verify that you can connect a system account and that its username is shown in the issuers table.
      5. Add an issuer that does provide an email address in userinfo.
      6. Verify that you can connect a system account to that issuer and that both username and email address show up in the issuers table.

      Fresh site

      1. Install a new Moodle.
      2. Make sure the email field in {prefix}oauth2_system_account does not have a NOT NULL restriction.
      Show
      To obtain a userinfo "endpoint" that does not provide an email address, you can use  fake_userinfo.json . Existing site Perform an upgrade. Confirm email field of the table {prefix}oauth2_system_account does not have NOT_NULL restriction . Add an issuer whose userinfo endpoint will not provide an email address (e.g. with a fake userinfo endpoint, see above). Verify that you can connect a system account and that its username is shown in the issuers table. Add an issuer that does provide an email address in userinfo. Verify that you can connect a system account to that issuer and that both username and email address show up in the issuers table. Fresh site Install a new Moodle. Make sure the email field in {prefix}oauth2_system_account does not have a NOT NULL restriction.

    Description

      Currently, both fields "username" and "email" are marked NOT NULL in lib/db/install.xml (https://github.com/moodle/moodle/blob/350700bf8b509f5269b0fefd34fec0d3d5393c99/lib/db/install.xml#L3519). However, there are OAuth 2 providers that do not require an email adress for their user accounts, which therefore cannot provide a reliable value in the corresponding field of a userinfo_endpoint. Both ownCloud and Nextcloud allow users to provide an email address, but this is not enforced e.g. when accounts are created by an admin manually (Try for yourself: Instant trial on https://demo.nextcloud.com/#short-term; Log in as admin//admin, click the Settings cog > Users and add a new user).

      (Partly related: Both services do not (yet) provide a userinfo endpoint, so I currently have to mock it – but as soon as they do, the email might not always be part of it  )

      I suggest that the email field can be NULL-able. I don't know of any services that do not provide a username, so that one can remain NOT NULL imo.

      Attachments

        Issue Links

          Activity

            People

              jan.dagefoerde Jan Dageförde
              jan.dagefoerde Jan Dageförde
              Simey Lameze Simey Lameze
              David Monllaó David Monllaó
              Jake Dallimore Jake Dallimore
              Votes:
              8 Vote for this issue
              Watchers:
              13 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Clockify

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.