Affects Version/s: 3.3.1, 3.4
Fix Version/s: 3.3.3
- Add a Google OAuth issuer
- Connect a system account for the new service.
- Refresh the access token for that service by running the \core\oauth2\refresh_system_tokens_task from $wwwroot/admin/tool/task/scheduledtasks.php. This should still succeed.
Affected Branches:MOODLE_33_STABLE, MOODLE_34_STABLE
Pull from Repository:
Pull Master Branch:
Pull Master Diff URL:
Not really a regression of ---
---, but I discovered something that just couldn't happen before: MDL-59511
When authorisation of a system account is renewed by means of a refresh token, it compares the former external user's email address to that of the "new" (i.e. re-authenticated) external user, cf. https://github.com/moodle/moodle/blob/27466d7548de99cbb050027acc3e809ce49ad2e9/lib/classes/oauth2/client.php#L220.
Some services do not provide an email address, such as ownCloud and Nextcloud. If that happens, a Notice: Undefined index: email is raised.
Existing pre-defined services all provide an email, so this won't happen to them. Therefore it is not an actual regression. This just concerns third-party plugins using other services, such as ownCloud/Nextcloud integrations, as such services may not provide an email address.
Steps to reproduce
- Add an OAuth issuer who does not (reliably) provide email addresses for users, e.g. Nextcloud (provision a test instance from https://demo.nextcloud.com) based on step 1 at https://github.com/learnweb/moodle-repository_owncloud/tree/e4b1e4dcd050331b2bf109223f72a0940071d676#installation and the endpoints/field mappings from https://github.com/nextcloud/server/issues/5694#issuecomment-314790014.
- If you used Nextcloud/ownCloud in Step 1, please apply the (preliminary) patch from
MDL-59512[^0001-bad-patch-use-basic-auth-together-with-payload-based.patch] as those need basic auth.
- Connect a system account for the new service. Make sure that the remote account does not provide an email address (this is the default in ownCloud/Nextcloud).
- Refresh the access token for that service by running the \core\oauth2\refresh_system_tokens_task from $wwwroot/admin/tool/task/scheduledtasks.php.
Step 4 fails with the moodle_exception "Attempt to store refresh token for non-system user.".