Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-67802

Allow disabling email verification for all OAuth clients

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 3.8.1
    • Fix Version/s: None
    • Component/s: Authentication
    • Labels:
      None
    • Affected Branches:
      MOODLE_38_STABLE

      Description

      Commit df6092d65c21dbb54dc76703af98652ccef0c37c (MDL-66598?) reads

      Only Facebook, Google, and Microsoft issuers can optionally offer to
      require account confirmation via email. We will require email
      confirmation for the rest of the issuers.

      Seriously? Are these three the only trustworthy OAuth providers in the world? Have sysadmins really become this dumb that you need to hard-code the words "Google", "Facebook" and "Microsoft" for security reasons? This commit effectively makes it impossible for my organization to use the module to login with an internal provider.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                pulsejet Varun Patil
                Participants:
                Component watchers:
                Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias
              • Votes:
                2 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated: