Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-69732

Manifest file /.well-known/badgeconnect.json is ignored by OBv2.1

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Reopened
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 3.9.2
    • Fix Version/s: None
    • Component/s: Badges
    • Testing Instructions:
      Hide

      Requirements

      1. Run your site with public access (use ngrok or similar).
      2. One account set up on https://test.badgr.com/.  Be careful because this is a different account than the ones in badgr.io used previously in other issues. Here, the account needs to be created in https://test.badgr.com/ .
      3. A Google client ID and secret and email address for use in testing.

      Setup badges

      1. Login as admin.
      2. Go to "Site administration | Badges | Add a new badge" and create a badge at site level.
      3. Add criteria to the badge so it can be manually issued by role.
      4. Enable the badge.
      5. Issue the badge to the admin user and to teacher (t1) user.

      Setup "IMS Global" oAuth2 service

      1. Login as admin.
      2. Access to the "Site home" and "Turn editing on".
      3. Add a label, upload an image there and save changes.
      4. Right-click over the uploaded image and copy the image address. You'll need to replace "https://471f8462.ngrok.io/m/stable_master/pluginfile.php/41/mod_label/intro/logo.png" of the next command to the copied image URL.
      5. Register the oAuth2 service in the IMS Global IdentityServer4 executing the following command, replacing "https://471f8462.ngrok.io/" by your server URL. You'll probably need to adapt "https://471f8462.ngrok.io/m/stable_master/" to your Moodle URL:

        curl --location --insecure --request POST 'https://dc.imsglobal.org/obauth/connect/register' \
        --header 'Accept: application/json' \
        --header 'Content-Type: application/json' \
        --data-raw '
        {
          "client_name": "Badge Moodle",
          "client_uri": "https://471f8462.ngrok.io/",
          "logo_uri": "https://471f8462.ngrok.io/m/stable_master/pluginfile.php/41/mod_label/intro/logo.png",
          "tos_uri": "https://471f8462.ngrok.io/",
          "policy_uri": "https://471f8462.ngrok.io/",
          "software_id": "stablemaster-testing",
          "software_version": "2020041700.01",
          "redirect_uris": [
            "https://471f8462.ngrok.io/m/stable_master/badges/oauth2callback.php"
          ],
          "token_endpoint_auth_method": "client_secret_basic",
          "grant_types": [
            "authorization_code",
            "refresh_token"
          ],
          "response_types": [
            "code"
          ],
          "scope": "https://purl.imsglobal.org/spec/ob/v2p1/scope/profile.update https://purl.imsglobal.org/spec/ob/v2p1/scope/profile.readonly https://purl.imsglobal.org/spec/ob/v2p1/scope/assertion.create https://purl.imsglobal.org/spec/ob/v2p1/scope/assertion.readonly offline_access"
        }'

      6. You should get a result like this. Copy the client_id and the client_secret (you'll need them to configure the oAuth2 service)

        {
          "client_id": "LGC8WEFTxp8",
          "client_secret": "3GAfOtFgflA",
          "client_id_issued_at": 1587110808,
          "client_secret_expires_at": 1618646808,
          "client_name": "Badge Moodle",
          "client_uri": "https://471f8462.ngrok.io/",
          "logo_uri": "https://471f8462.ngrok.io/m/stable_master-badges/pluginfile.php/41/mod_label/intro/robot-1214536_1920.png",
          "tos_uri": "https://471f8462.ngrok.io/",
          "policy_uri": "https://471f8462.ngrok.io/",
          "software_id": "13dcdc83-fc0d-4c8d-9159-6461da297388",
          "software_version": "54dfc83-fc0d-4c8d-9159-6461da297388",
          "redirect_uris": [
            "https://471f8462.ngrok.io/m/stable_master/badges/oauth2callback.php"
          ],
          "token_endpoint_auth_method": "client_secret_basic",
          "grant_types": [
            "authorization_code",
            "refresh_token"
          ],
          "response_types": [
            "code"
          ],
          "scope": "https://purl.imsglobal.org/spec/ob/v2p1/scope/profile.update https://purl.imsglobal.org/spec/ob/v2p1/scope/profile.readonly https://purl.imsglobal.org/spec/ob/v2p1/scope/assertion.create https://purl.imsglobal.org/spec/ob/v2p1/scope/assertion.readonly offline_access"
        

      7. Go to "Site administration / Server / OAuth 2 services".
      8. Create a custom service with the following information:
        • Name: "IMS Global"
        • Client ID: <previous client_id>
        • Client secret: <previous client_secret>
        • Enable Authenticate token requests via HTTP headers
        • Scopes included in a login request and Scopes included in a login request for offline access: "openid profile email"
        • Service base URL: https://dc.imsglobal.org 
        • Logo URL: https://dc.imsglobal.org/obauth/icon.jpg
      9. Save changes. 
      10. Check "Discovery" column in OAuth2 services table has a green tick mark for the "IMS Global" services created.
      11. Access to the "Configure endpoints" page.
      12. Check the following endpoints appears:
      13. Go to "Site administration / Badges / Manage backpacks".
      14. Click the "Add a new backpack" button and create a new backpack with the following information:
      15. Save changes.
      16. Go to "Site administration /  Badges / Backpack settings".
      17. Select "https://dc.imsglobal.org" as Active external backpack.

       

      Setup "Test Badgr.io" oAuth2 service

      1. Register the oAuth2 service in the Badgr.io Testing service executing the following command, replacing "https://193f66f5407e.ngrok.io/" by your server URL. You'll probably need to adapt "https://193f66f5407e.ngrok.io/m/stable_master/" to your Moodle URL and review the logo_uri URL to add the same logo URL than before:

        curl --location --insecure --request POST 'https://api.test.badgr.com/o/register' \
        --header 'Accept: application/json' \
        --header 'Content-Type: application/json' \
        --data-raw '
        {
          "client_name": "Badge Moodle",
          "client_uri": "https://193f66f5407e.ngrok.io/",
          "logo_uri": "https://193f66f5407e.ngrok.io/m/stable_master/pluginfile.php/97/mod_label/intro/logo.png",
          "tos_uri": "https://193f66f5407e.ngrok.io/",
          "policy_uri": "https://193f66f5407e.ngrok.io/",
          "software_id": "stablemaster-testing",
          "software_version": "2020041700.01",
          "redirect_uris": [
            "https://193f66f5407e.ngrok.io/m/stable_master/badges/oauth2callback.php"
          ],
          "token_endpoint_auth_method": "client_secret_basic",
          "grant_types": [
            "authorization_code",
            "refresh_token"
          ],
          "response_types": [
            "code"
          ],
          "scope": "https://purl.imsglobal.org/spec/ob/v2p1/scope/profile.update https://purl.imsglobal.org/spec/ob/v2p1/scope/profile.readonly https://purl.imsglobal.org/spec/ob/v2p1/scope/assertion.create https://purl.imsglobal.org/spec/ob/v2p1/scope/assertion.readonly offline_access"
        }'

      2. You should get a result like this. Copy the client_id and the client_secret (you'll need them to configure the oAuth2 service)

        {"client_id":"9ofl140KfgS54uIxbu2zv3v2xqO4EopdSvc02nqV","client_secret":"vsosCajNKEeT9ou9Z0eCRt0nMTsSF9UST2U46v2DJqv42BrZNrh05w8SY95a4lhi07i8z2hCMFzvrlrpFngdAHpWgrdTbGVZAb6rGDZPVBcbQx3NaPYdiB22jt2N7FvQ","client_id_issued_at":1603219589,"client_secret_expires_at":0}
        

      3. Go to "Site administration / Server / OAuth 2 services".
      4. Create a custom service with the following information:
        • Name: "Badgr.io Test"
        • Client ID: <previous client_id>
        • Client secret: <previous client_secret>
        • Enable Authenticate token requests via HTTP headers
        • Scopes included in a login request and Scopes included in a login request for offline access: "openid profile email"
        • Service base URL: https://api.test.badgr.com
        • Logo URL: https://placekitten.com/300/300
      5. Save changes. 
      6. Check "Discovery" column in OAuth2 services table has a green tick mark for the "Badgr.io Test" service.
      7. Access to the "Configure endpoints" page.
      8. Check the following endpoints appears:
      9. Go to "Site administration / Badges / Manage backpacks".
      10. Click the "Add a new backpack" button and create a new backpack with the following information:
      11. Save changes.

       

      Testing scenario 1: Connect to IMS Global backpack

      1. Login as admin.
      2. Go to Dashboard / Preferences / Badges / Backpack settings.
      3. Check the "Status" is "not connected" and the button "Connect to backpack" appears.
      4. Click button "Connect to backpack".
      5. Check the site is redirected to the backpack site and the login form is displayed.
      6. Login using one of the existing users (alice or bob).
      7. Check the screen requesting your permission is displayed with the following application access permissions:
        • Create or update Open Badges Profile
        • Get Open Badges Profile
        • Create Open Badges Assertion
        • Get Open Badges Assertions
        • Offline Access
      8. Click button "Yes, Allow".
      9. Check the "Backpack has been connected" message is displayed.
      10. Check you're redirected to the Manage badges page.
      11. Click the "Change backpack settings" button.
      12. Check the status is "Connected".

      Testing scenario 2: Send badge to the IMS Global backpack

      1. Go to Dashboard / Preferences / Badges / Manage badges.
      2. Click on the "Add to backpack" button.
      3. Check the message "Added badge to backpack " is displayed.

       

      Testing scenario 3: Connect to Badgr.io backpack

      1. Login as admin.
      2. Go to "Site administration / Badges / Backpack settings" and set the site backpack to https://test.badgr.com/.
      3. Log in as teacher (t1).
      4. Go to Dashboard / Preferences / Badges / Backpack settings.
      5. Check the "Status" is "not connected" and the button "Connect to backpack" appears.
      6. Click button "Connect to backpack".
      7. Check the site is redirected to the backpack site and the login form is displayed.
      8. Login using the test.badgr.com user account.
      9. Check the screen requesting your permission is displayed with the following application access permissions:
        • Know who you are on Badgr
        • Add badges into a User's Backpack
        • See who you are
      10. Click button "Authorize".
      11. Check you're redirected to the Moodle page and the following error is displayed: "A required parameter (scope) was missing".
        • This test.badgr.com service is under development and they are working on this issue to fix it (so that shouldn't be the expected behaviour but it's unrelated to this issue).

       

      Testing scenario 4: OAuth2 services still works

      1. Get the credentials (client id and secret) for the Google API following steps described in https://docs.moodle.org/en/OAuth_2_Google_service 
      2. Login as admin.
      3. Go to "Site administration / Server / OAuth 2 services".
      4. Create a Google service with the following information (leave the default values and change only these):
        • Name: "Google"
        • Client ID: <previous client_id>
        • Client secret: <previous client_secret>
      5. Save changes.
      6. Check "Configured", "Allow login" and "Discovery" columns in OAuth2 services table has a green tick mark for the "Google" service.
      7. Access to the "Configure endpoints" page.
      8. Check the following endpoints appears:
      9. Click over the "Connect to a system account" icon for the Google service (in the "System account conected" column).
      10. Click the Continue button.
      11. Check you're redirected to the Google authentication page.

       
       

      Show
      Requirements Run your site with public access (use ngrok or similar). One account set up on https://test.badgr.com/ .  Be careful because this is a different account than the ones in badgr.io used previously in other issues. Here, the account needs to be created in https://test.badgr.com/  . A Google client ID and secret and email address for use in testing. Setup badges Login as admin. Go to "Site administration | Badges | Add a new badge" and create a badge at site level. Add criteria to the badge so it can be manually issued by role. Enable the badge. Issue the badge to the admin user and to teacher (t1) user. Setup "IMS Global" oAuth2 service Login as admin. Access to the "Site home" and "Turn editing on". Add a label, upload an image there and save changes. Right-click over the uploaded image and copy the image address. You'll need to replace "https://471f8462.ngrok.io/m/stable_master/pluginfile.php/41/mod_label/intro/logo.png" of the next command to the copied image URL. Register the oAuth2 service in the IMS Global IdentityServer4 executing the following command, replacing "https://471f8462.ngrok.io/" by your server URL. You'll probably need to adapt "https://471f8462.ngrok.io/m/stable_master/" to your Moodle URL: curl --location --insecure --request POST 'https://dc.imsglobal.org/obauth/connect/register' \ --header 'Accept: application/json' \ --header 'Content-Type: application/json' \ --data-raw ' { "client_name": "Badge Moodle", "client_uri": "https://471f8462.ngrok.io/", "logo_uri": "https://471f8462.ngrok.io/m/stable_master/pluginfile.php/41/mod_label/intro/logo.png", "tos_uri": "https://471f8462.ngrok.io/", "policy_uri": "https://471f8462.ngrok.io/", "software_id": "stablemaster-testing", "software_version": "2020041700.01", "redirect_uris": [ "https://471f8462.ngrok.io/m/stable_master/badges/oauth2callback.php" ], "token_endpoint_auth_method": "client_secret_basic", "grant_types": [ "authorization_code", "refresh_token" ], "response_types": [ "code" ], "scope": "https://purl.imsglobal.org/spec/ob/v2p1/scope/profile.update https://purl.imsglobal.org/spec/ob/v2p1/scope/profile.readonly https://purl.imsglobal.org/spec/ob/v2p1/scope/assertion.create https://purl.imsglobal.org/spec/ob/v2p1/scope/assertion.readonly offline_access" }' You should get a result like this. Copy the client_id and the client_secret (you'll need them to configure the oAuth2 service) { "client_id": "LGC8WEFTxp8", "client_secret": "3GAfOtFgflA", "client_id_issued_at": 1587110808, "client_secret_expires_at": 1618646808, "client_name": "Badge Moodle", "client_uri": "https://471f8462.ngrok.io/", "logo_uri": "https://471f8462.ngrok.io/m/stable_master-badges/pluginfile.php/41/mod_label/intro/robot-1214536_1920.png", "tos_uri": "https://471f8462.ngrok.io/", "policy_uri": "https://471f8462.ngrok.io/", "software_id": "13dcdc83-fc0d-4c8d-9159-6461da297388", "software_version": "54dfc83-fc0d-4c8d-9159-6461da297388", "redirect_uris": [ "https://471f8462.ngrok.io/m/stable_master/badges/oauth2callback.php" ], "token_endpoint_auth_method": "client_secret_basic", "grant_types": [ "authorization_code", "refresh_token" ], "response_types": [ "code" ], "scope": "https://purl.imsglobal.org/spec/ob/v2p1/scope/profile.update https://purl.imsglobal.org/spec/ob/v2p1/scope/profile.readonly https://purl.imsglobal.org/spec/ob/v2p1/scope/assertion.create https://purl.imsglobal.org/spec/ob/v2p1/scope/assertion.readonly offline_access" Go to "Site administration / Server / OAuth 2 services". Create a custom service with the following information: Name: "IMS Global" Client ID: <previous client_id> Client secret: <previous client_secret> Enable Authenticate token requests via HTTP headers Scopes included in a login request and Scopes included in a login request for offline access: "openid profile email" Service base URL: https://dc.imsglobal.org   Logo URL: https://dc.imsglobal.org/obauth/icon.jpg Save changes.  Check "Discovery" column in OAuth2 services table has a green tick mark for the "IMS Global" services created. Access to the "Configure endpoints" page. Check the following endpoints appears: discovery_endpoint: https://dc.imsglobal.org/.well-known/badgeconnect.json   authorization_endpoint: https://dc.imsglobal.org/obauth/connect/authorize   privacypolicy_endpoint: https://www.imsglobal.org/privacystatement.html registration_endpoint: https://dc.imsglobal.org/obauth/connect/register   termsofservice_endpoint: https://dc.imsglobal.org/terms     token_endpoint: https://dc.imsglobal.org/obauth/connect/token   Go to "Site administration / Badges / Manage backpacks". Click the "Add a new backpack" button and create a new backpack with the following information: Backpack API URL: https://dc.imsglobal.org/obprovider/ims/ob/v2p1 Backpack URL: https://dc.imsglobal.org API version supported: Open Badges v2.1 OAuth2 services: IMS Global Save changes. Go to "Site administration /  Badges / Backpack settings". Select "https://dc.imsglobal.org" as Active external backpack.   Setup "Test Badgr.io" oAuth2 service Register the oAuth2 service in the Badgr.io Testing service executing the following command, replacing "https://193f66f5407e.ngrok.io/" by your server URL. You'll probably need to adapt "https://193f66f5407e.ngrok.io/m/stable_master/" to your Moodle URL and review the logo_uri URL to add the same logo URL than before: curl --location --insecure --request POST 'https://api.test.badgr.com/o/register' \ --header 'Accept: application/json' \ --header 'Content-Type: application/json' \ --data-raw ' { "client_name": "Badge Moodle", "client_uri": "https://193f66f5407e.ngrok.io/", "logo_uri": "https://193f66f5407e.ngrok.io/m/stable_master/pluginfile.php/97/mod_label/intro/logo.png", "tos_uri": "https://193f66f5407e.ngrok.io/", "policy_uri": "https://193f66f5407e.ngrok.io/", "software_id": "stablemaster-testing", "software_version": "2020041700.01", "redirect_uris": [ "https://193f66f5407e.ngrok.io/m/stable_master/badges/oauth2callback.php" ], "token_endpoint_auth_method": "client_secret_basic", "grant_types": [ "authorization_code", "refresh_token" ], "response_types": [ "code" ], "scope": "https://purl.imsglobal.org/spec/ob/v2p1/scope/profile.update https://purl.imsglobal.org/spec/ob/v2p1/scope/profile.readonly https://purl.imsglobal.org/spec/ob/v2p1/scope/assertion.create https://purl.imsglobal.org/spec/ob/v2p1/scope/assertion.readonly offline_access" }' You should get a result like this. Copy the client_id and the client_secret (you'll need them to configure the oAuth2 service) {"client_id":"9ofl140KfgS54uIxbu2zv3v2xqO4EopdSvc02nqV","client_secret":"vsosCajNKEeT9ou9Z0eCRt0nMTsSF9UST2U46v2DJqv42BrZNrh05w8SY95a4lhi07i8z2hCMFzvrlrpFngdAHpWgrdTbGVZAb6rGDZPVBcbQx3NaPYdiB22jt2N7FvQ","client_id_issued_at":1603219589,"client_secret_expires_at":0} Go to "Site administration / Server / OAuth 2 services". Create a custom service with the following information: Name: "Badgr.io Test" Client ID: <previous client_id> Client secret: <previous client_secret> Enable Authenticate token requests via HTTP headers Scopes included in a login request and Scopes included in a login request for offline access: "openid profile email" Service base URL:  https://api.test.badgr.com Logo URL:  https://placekitten.com/300/300 Save changes.  Check "Discovery" column in OAuth2 services table has a green tick mark for the "Badgr.io Test" service. Access to the "Configure endpoints" page. Check the following endpoints appears: discovery_endpoint: https://api.test.badgr.com/.well-known/badgeconnect.json   discovery_endpoint: https://api.test.badgr.com/.well-known/badgeconnect.json   termsofservice_endpoint: https://badgr.com/terms-of-service.html   privacypolicy_endpoint: https://badgr.com/privacy-policy.html   registration_endpoint: https://api.test.badgr.com/o/register   authorization_endpoint: https://test.badgr.com/auth/oauth2/authorize   token_endpoint: https://api.test.badgr.com/o/token   Go to "Site administration / Badges / Manage backpacks". Click the "Add a new backpack" button and create a new backpack with the following information: Backpack API URL: https://api.test.badgr.com/   Backpack URL: https://test.badgr.com/   API version supported: Open Badges v2.1 OAuth2 services: Badgr.io Test Save changes.   Testing scenario 1: Connect to IMS Global backpack Login as admin. Go to Dashboard / Preferences / Badges / Backpack settings. Check the "Status" is "not connected" and the button "Connect to backpack" appears. Click button "Connect to backpack". Check the site is redirected to the backpack site and the login form is displayed. Login using one of the existing users (alice or bob). Check the screen requesting your permission is displayed with the following application access permissions: Create or update Open Badges Profile Get Open Badges Profile Create Open Badges Assertion Get Open Badges Assertions Offline Access Click button "Yes, Allow". Check the "Backpack has been connected" message is displayed. Check you're redirected to the Manage badges page. Click the "Change backpack settings" button. Check the status is "Connected". Testing scenario 2: Send badge to the IMS Global backpack Go to Dashboard / Preferences / Badges / Manage badges. Click on the "Add to backpack" button. Check the message "Added badge to backpack " is displayed.   Testing scenario 3: Connect to Badgr.io backpack Login as admin. Go to "Site administration / Badges / Backpack settings" and set the site backpack to https://test.badgr.com/ . Log in as teacher (t1). Go to Dashboard / Preferences / Badges / Backpack settings. Check the "Status" is "not connected" and the button "Connect to backpack" appears. Click button "Connect to backpack". Check the site is redirected to the backpack site and the login form is displayed. Login using the test.badgr.com user account. Check the screen requesting your permission is displayed with the following application access permissions: Know who you are on Badgr Add badges into a User's Backpack See who you are Click button "Authorize". Check you're redirected to the Moodle page and the following error is displayed: "A required parameter (scope) was missing". This test.badgr.com service is under development and they are working on this issue to fix it (so that shouldn't be the expected behaviour but it's unrelated to this issue).   Testing scenario 4: OAuth2 services still works Get the credentials (client id and secret) for the Google API following steps described in https://docs.moodle.org/en/OAuth_2_Google_service   Login as admin. Go to "Site administration / Server / OAuth 2 services". Create a Google service with the following information (leave the default values and change only these): Name: "Google" Client ID: <previous client_id> Client secret: <previous client_secret> Save changes. Check  "Configured", "Allow login" and "Discovery" columns in OAuth2 services table has a green tick mark for the "Google" service. Access to the "Configure endpoints" page. Check the following endpoints appears: discovery_endpoint https://accounts.google.com/.well-known/openid-configuration discovery_endpoint https://accounts.google.com/.well-known/openid-configuration authorization_endpoint https://accounts.google.com/o/oauth2/v2/auth device_authorization_endpoint https://oauth2.googleapis.com/device/code token_endpoint https://oauth2.googleapis.com/token userinfo_endpoint https://openidconnect.googleapis.com/v1/userinfo revocation_endpoint https://oauth2.googleapis.com/revoke   Click over the "Connect to a system account" icon for the Google service (in the "System account conected" column). Click the Continue button. Check you're redirected to the Google authentication page.    
    • Affected Branches:
      MOODLE_39_STABLE
    • Pull from Repository:
    • Pull 3.9 Branch:
    • Pull 3.10 Branch:
      MDL-69732-310
    • Pull Master Branch:
      MDL-69732-master
    • Sprint:
      Moppies Kanban

      Description

      Current OBv2.1 implementation is ignoring the content in manifest file /.well-known/badgeconnect.json . Tests with IMS Digital credential service worked because they had .well-known/openid-configuration (to discover the endpoints). However, that's not a requirement for OBv2.1: https://www.imsglobal.org/spec/ob/v2p1/#api-manifest

      Information such as authorization, token or revocation end points should be loaded from /.well-known/badgeconnect.json when using OBv2.1.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              sarjona Sara Arjona (@sarjona)
              Reporter:
              sarjona Sara Arjona (@sarjona)
              Peer reviewer:
              Carlos Escobedo
              Integrator:
              Jake Dallimore
              Participants:
              Component watchers:
              Yuliya Bozhko, Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Sara Arjona (@sarjona)
              Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

                Dates

                Created:
                Updated:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 day, 2 hours, 30 minutes
                  1d 2h 30m