Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-61383

Comply to standards to allow interoperability, e.g. for Apps

    XMLWordPrintable

Details

    • Improvement
    • Status: Open
    • Minor
    • Resolution: Unresolved
    • 3.5
    • None
    • Authentication

    Description

      Overview
       
          Project size: medium
          Audience: all
          Target users: all
       
      Moodle incompletely incorportates OAuth2 Standards. For example, it does not allow for more than one key. Then, keys are not stored in an correctly encrypted way.
      In that way, as of today it is not possible to develop or integrate apps which use actual standards being able to connect to Moodle. Only "Moodle Mobile" and "Moodle Desktop" apps can connect. This is a lack of functionality and standard compliance.
      Another example, which isn't the topic of this issue, is QTI standards, xAPI could do better, too.
       
      Goals
       
      To enable third applications to use OAuth2 authentication standards and thus allow things like single sign-on from an app to another.
       
      User Stories 
       
      As a student, I should be able to open an flash card app on my phone. This app then authenticates with my associated Moodle and fetches the cards my teachers prepared for me.
       
      Tracker issues
      https://tracker.moodle.org/browse/MDL-59419 Have Moodle support OAuth2 Key Encryption standards
       
      Requirements
       
      Implement and comply to those OAuth2 standards:
       

      • RFC-2617: The Basic HTTP Authorization Scheme
      • RFC-6749: The OAuth 2.0 Authorization Framework
      • RFC-7009: OAuth2 Token Revocation
      • RFC-7516: JSON Web Encryption (JWE)
      • RFC-7517: JSON Web Key (JWK)
      • RFC-7518: JSON Web Algorithms (JWA)
      • RFC-7519: JSON Web Tokens (JWT)
      • RFC-7521: Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants
      • RFC-7523: JSON Web-Tokens (JWT) for OAuth 2.0 Client Authentication and Authorization Grants
      • RFC-7797: JSON Web Signature
      • RFC-7800: Proof-of-Possession Key for JWT

      Attachments

        Activity

          People

            Unassigned Unassigned
            lucaboesch Luca Bösch
            David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo
            Votes:
            1 Vote for this issue
            Watchers:
            10 Start watching this issue

            Dates

              Created:
              Updated: