Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-61383

Comply to standards to allow interoperability, e.g. for Apps



    • Improvement
    • Resolution: Unresolved
    • Minor
    • None
    • 3.5
    • Authentication


          Project size: medium
          Audience: all
          Target users: all
      Moodle incompletely incorportates OAuth2 Standards. For example, it does not allow for more than one key. Then, keys are not stored in an correctly encrypted way.
      In that way, as of today it is not possible to develop or integrate apps which use actual standards being able to connect to Moodle. Only "Moodle Mobile" and "Moodle Desktop" apps can connect. This is a lack of functionality and standard compliance.
      Another example, which isn't the topic of this issue, is QTI standards, xAPI could do better, too.
      To enable third applications to use OAuth2 authentication standards and thus allow things like single sign-on from an app to another.
      User Stories 
      As a student, I should be able to open an flash card app on my phone. This app then authenticates with my associated Moodle and fetches the cards my teachers prepared for me.
      Tracker issues
      https://tracker.moodle.org/browse/MDL-59419 Have Moodle support OAuth2 Key Encryption standards
      Implement and comply to those OAuth2 standards:

      • RFC-2617: The Basic HTTP Authorization Scheme
      • RFC-6749: The OAuth 2.0 Authorization Framework
      • RFC-7009: OAuth2 Token Revocation
      • RFC-7516: JSON Web Encryption (JWE)
      • RFC-7517: JSON Web Key (JWK)
      • RFC-7518: JSON Web Algorithms (JWA)
      • RFC-7519: JSON Web Tokens (JWT)
      • RFC-7521: Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants
      • RFC-7523: JSON Web-Tokens (JWT) for OAuth 2.0 Client Authentication and Authorization Grants
      • RFC-7797: JSON Web Signature
      • RFC-7800: Proof-of-Possession Key for JWT




            Unassigned Unassigned
            lucaboesch Luca Bösch
            1 Vote for this issue
            10 Start watching this issue