A deep link to a mod_resource file fails when using the auth pre_loginpage_hook

Set up: Create course with file activity (upload a text file, for simplicity). Mark this activity as not visible to students Copy the resource url eg  http://moodle.local/pluginfile.php/2892/mod_resource/content/0/resource1.txt . The easiest way to get this is to view the file resource as the teacher/admin, and copy the resulting URL, which must contain 'pluginfile.php'. Create some user (testuser1 with password Testuser1@) and enrol them into a course as a MANAGER. Confirm that this user can see the resource when logged in normally in the browser   Scenario for auth_basic Install https://github.com/catalyst/moodle-auth_basic enable plugin at admin/settings.php?section=manageauths Run following command, replacing ONLY the url to the resource with your own (from setup, step 3):   curl -s -c /tmp/cookies -v -L --user testuser1:Testuser1@ http: //moodle.local/RESOURCE_URL 2>&1 > /dev/null | egrep 'filename|HTTP' Expected behaviour: you should 200 server status and filename, i.e. something like  > GET /RESOURCE_URL HTTP/ 1.1 < HTTP/ 1.1 200 OK < Content-Disposition: inline; filename= "download%2F8%2F8%2F3%2F883C0889-72A8-4766-8D07-4BF2F048BE36%2FMoodleAndOffice365WithADFS.pdf"   Optional : Scenario for saml2 (This one is not really required, is harder to test but where the bug was originally found). If you don't have a working saml setup, then please skip this.) Set up Idp Install saml plugin https://moodle.org/plugins/auth_saml2 disable basic auth plugin installed previously enable saml2 plugin admin/settings.php?section=manageauths Set Dual login to No in saml2 plugin settings Make sure "Force users to log in" is set to yes in Site security settings Create a saml user  Open incognito tab and paste the resource URL (you should be redirected to saml login page) Fill the username/password and click login Expected behavior: Resource file is opened   Note that if you reload the page you will be able to access the resource