-
Bug
-
Resolution: Fixed
-
Major
-
3.3, 3.4
-
MOODLE_33_STABLE, MOODLE_34_STABLE
-
MOODLE_33_STABLE
-
MDL-59869-master -
The OAuth 2 API provides a scheduled task that regularly uses the refresh token to get a current access token. As a side effect, it intends to notify administrators if that wasn't possible.
Causes for that (that I could think of):
1. The refresh token has expired or was revoked in the remote system.
2. Client ID / Secret in the remote system were revoked or changed.
3. The remote system is unreachable/gone.
4. Someone changed the endpoint URL for the issuer (causing 2 or 3 effectively).
See https://github.com/moodle/moodle/blob/27466d7548de99cbb050027acc3e809ce49ad2e9/lib/classes/oauth2/refresh_system_tokens_task.php#L87: Only in case 1 we can be certain that the notification function will be called. In the other cases, exceptions may bubble up from within get_system_oauth_client, causing notify_admins() to be skipped. Consequently, renewal has failed but administrators are not informed.
Also, notify_admins needs fixing: https://github.com/moodle/moodle/blob/27466d7548de99cbb050027acc3e809ce49ad2e9/lib/classes/oauth2/refresh_system_tokens_task.php#L52 it uses $CFG without declaring it, and core\user should be \core_user.
I prepare a patch.
- will help resolve
-
MDL-58943 Create Nextcloud integration, similar to G-Suite and Office
-
- Closed
-