Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-64555

Some user field mappings ignored when creating a new user via OAuth 2



    • Bug
    • Resolution: Duplicate
    • Minor
    • None
    • 3.6.1
    • Authentication


      My case

      I have OAuth 2 custom service set up with the following user field mappings:


      External field name Internal field name
      given_name firstname
      middle_name middlename
      family_name lastname
      email email
      userid idnumber
      schoolname institution



      Creation of Moodle account on authentication via OAuth 2 is allowed.

      The problem is that idnumber and institution fields are not filled for new users, but userinfo endpoint responds with correct values for these fields.


      The bug

      I've looked through Moodle code and found out that only few fields of those we can map are saved.


      Let's start from \auth_oauth2\auth::complete_login function. It's called after the user is redirected to oauth2callback.php and authorization code is upgraded to access token.

      First, it calls $client->get_userinfo which returns an array (key = internal field name, value = field value from userinfo endpoint response). Mapping is done correctly there. In my case I see idnumber and institution keys with expected values.


      Later, depending on 'Require e-mail confirmation' option, one of two functions called:

      • \auth_oauth2\api::create_new_confirmed_account;
      • \auth_oauth2\api::send_confirm_account_email.


      Both has the same code which creates the user.

      $user = new stdClass();
      $user->username = $userinfo['username'];
      $user->email = $userinfo['email'];
      $user->auth = 'oauth2';
      $user->mnethostid = $CFG->mnet_localhost_id;
      $user->lastname = isset($userinfo['lastname']) ? $userinfo['lastname'] : '';
      $user->firstname = isset($userinfo['firstname']) ? $userinfo['firstname'] : '';
      $user->url = isset($userinfo['url']) ? $userinfo['url'] : '';
      $user->alternatename = isset($userinfo['alternatename']) ? $userinfo['alternatename'] : '';
      $user->secret = random_string(15);
      $user->password = '';
      // This user is not confirmed.
      $user->confirmed = 0;
      $user->id = user_create_user($user, false, true);

      After that linked account record is created and only user picture could be updated later.


      This explains why some fields are not saved after OAuth login.


        Issue Links



              Unassigned Unassigned
              nixo Nikita Kalinin
              0 Vote for this issue
              3 Start watching this issue