Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-70264

badges/oauth2callback.php should be removed and replaced by admin/oauth2callback.php

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide

      Requirements

      1. Run your site with public access and HTTPS (use ngrok or similar).
      2. 2 different accounts set up on https://test.badgr.com/.  Be careful because this is a different account than the ones in Badgr.io used previously in other issues. Here, the accounts need to be created in https://test.badgr.com/ .
      3. Confirm you sing out from https://test.badgr.com/.

      Setup OAuth2 service for Badgr

      1. Register the oAuth2 service in the Badgr.io Testing service executing the following command, replacing "https://193f66f5407e.ngrok.io/" by your server URL. You'll probably need to adapt "https://193f66f5407e.ngrok.io/m/stable_master/" to your Moodle URL:

        curl --location --insecure --request POST 'https://api.test.badgr.com/o/register' \
        --header 'Accept: application/json' \
        --header 'Content-Type: application/json' \
        --data-raw '
        {
          "client_name": "Badge Moodle",
          "client_uri": "https://193f66f5407e.ngrok.io/",
          "logo_uri": "https://193f66f5407e.ngrok.io/m/stable_master/pix/f/moodle-256.png",
          "tos_uri": "https://193f66f5407e.ngrok.io/",
          "policy_uri": "https://193f66f5407e.ngrok.io/",
          "software_id": "stablemaster-testing",
          "software_version": "2020041700.01",
          "redirect_uris": [
            "https://193f66f5407e.ngrok.io/m/stable_master/admin/oauth2callback.php"
          ],
          "token_endpoint_auth_method": "client_secret_basic",
          "grant_types": [
            "authorization_code",
            "refresh_token"
          ],
          "response_types": [
            "code"
          ],
          "scope": "https://purl.imsglobal.org/spec/ob/v2p1/scope/profile.readonly https://purl.imsglobal.org/spec/ob/v2p1/scope/assertion.create https://purl.imsglobal.org/spec/ob/v2p1/scope/assertion.readonly"
        }'

      2. You should get a result like this. Copy the client_id and the client_secret (you'll need them to configure the oAuth2 service)

        {"client_id":"9ofl140KfgS54uIxbu2zv3v2xqO4EopdSvc02nqV","client_secret":"vsosCajNKEeT9ou9Z0eCRt0nMTsSF9UST2U46v2DJqv42BrZNrh05w8SY95a4lhi07i8z2hCMFzvrlrpFngdAHpWgrdTbGVZAb6rGDZPVBcbQx3NaPYdiB22jt2N7FvQ","client_id_issued_at":1603219589,"client_secret_expires_at":0}
        

      3. Run the following SQL query to create the OAuth2 issuer. You'll need to replace clientid and client secret by the previous proper values:

        INSERT INTO "mdl_oauth2_issuer" ("timecreated", "timemodified", "usermodified", "name", "image", "baseurl", "clientid", "clientsecret", "loginscopes", "loginscopesoffline", "loginparams", "loginparamsoffline", "alloweddomains", "scopessupported", "enabled", "showonloginpage", "basicauth", "sortorder", "requireconfirmation") VALUES
        (1611829185,	1611829186,	2,	'IMS OBv2.1 - Badgr',	'https://api.test.badgr.com/static/images/logo.png',	'https://api.test.badgr.com/',	'REPLACE_THIS_BY_CLIENTID',	'REPLACE_THIS_BY_CLIENTSECRET',	'openid profile email',	'openid profile email',	'',	'',	'',	'https://purl.imsglobal.org/spec/ob/v2p1/scope/assertion.readonly https://purl.imsglobal.org/spec/ob/v2p1/scope/assertion.create https://purl.imsglobal.org/spec/ob/v2p1/scope/profile.readonly',	1,	0,	0,	3,	1);
        

      4. Run the following SQL query to get the issuer id you've just created:

        SELECT id FROM mdl_oauth2_issuer WHERE baseurl='https://api.test.badgr.com/'
        

      5. Run the following SQL query to configure enpoints for OAuth2 issuer. You'll need to replace issuerid by the previous proper values:

        INSERT INTO "mdl_oauth2_endpoint" ("timecreated", "timemodified", "usermodified", "name", "url", "issuerid") VALUES
        (1611829186,	1611829186,	2,	'token_endpoint',	'https://api.test.badgr.com/o/token',	REPLACE_THIS_BY_ISSUERID),
        (1611829186,	1611829186,	2,	'authorization_endpoint',	'https://test.badgr.com/auth/oauth2/authorize',	REPLACE_THIS_BY_ISSUERID),
        (1611829186,	1611829186,	2,	'registration_endpoint',	'https://api.test.badgr.com/o/register',	REPLACE_THIS_BY_ISSUERID),
        (1611829186,	1611829186,	2,	'privacypolicy_endpoint',	'https://badgr.com/privacy-policy.html',	REPLACE_THIS_BY_ISSUERID),
        (1611829186,	1611829186,	2,	'termsofservice_endpoint',	'https://badgr.com/terms-of-service.html',	REPLACE_THIS_BY_ISSUERID),
        (1611829186,	1611829186,	2,	'discovery_endpoint',	'https://api.test.badgr.com/.well-known/badgeconnect.json',	REPLACE_THIS_BY_ISSUERID);
        

          

      Setup Backpack for Badgr

      1. Go to "Site administration / Badges / Badges settings".
      2. Set the "Badge issuer email address" to the email address of one of the Badgr.io accounts and Save changes.
      3. Go to "Site administration / Badges / Manage backpacks".
      4. Click the "Add a new backpack" button and create a new backpack with the following information:
      5. Save changes.
      6. Go to "Site administration / Badges / Backpack settings" and set the site backpack to https://test.badgr.com/.

      Testing scenario: Connect to Badgr.io backpack

      1. Log in as teacher (t1).
      2. Go to Dashboard / Preferences / Badges / Backpack settings.
      3. Check https://test.badgr.com/" is the "Backpack URL" or "Backpack provider", depending on the Moodle version. From Moodle 3.10 you should be able to change it (although ihttps://test.badgr.com/ should be displayed by default).
      4. Check the "Status" is "not connected" and the button "Connect to backpack" appears.
      5. Click button "Connect to backpack".
      6. Check the site is redirected to the backpack site and the login form is displayed.
      7. Login using the test.badgr.com user account.
      8. Check the screen requesting your permission is displayed with the following application access permissions:
        • Know who you are on Badgr
        • Add badges into a User's Backpack
        • See who you are
      9. Click button "Authorize".
      10. Check you're redirected to the Moodle page and the following notification is displayed: "Backpack is connected". 

       
       
       

      Show
      Requirements Run your site with public access and HTTPS (use ngrok or similar). 2 different accounts set up on  https://test.badgr.com/ .  Be careful because this is a different account than the ones in Badgr.io used previously in other issues. Here, the accounts need to be created in  https://test.badgr.com/  . Confirm you sing out from https://test.badgr.com/. Setup OAuth2 service for Badgr Register the oAuth2 service in the Badgr.io Testing service executing the following command, replacing "https://193f66f5407e.ngrok.io/" by your server URL. You'll probably need to adapt "https://193f66f5407e.ngrok.io/m/stable_master/" to your Moodle URL: curl --location --insecure --request POST 'https://api.test.badgr.com/o/register' \ --header 'Accept: application/json' \ --header 'Content-Type: application/json' \ --data-raw ' { "client_name": "Badge Moodle", "client_uri": "https://193f66f5407e.ngrok.io/", "logo_uri": "https://193f66f5407e.ngrok.io/m/stable_master/pix/f/moodle-256.png", "tos_uri": "https://193f66f5407e.ngrok.io/", "policy_uri": "https://193f66f5407e.ngrok.io/", "software_id": "stablemaster-testing", "software_version": "2020041700.01", "redirect_uris": [ "https://193f66f5407e.ngrok.io/m/stable_master/admin/oauth2callback.php" ], "token_endpoint_auth_method": "client_secret_basic", "grant_types": [ "authorization_code", "refresh_token" ], "response_types": [ "code" ], "scope": "https://purl.imsglobal.org/spec/ob/v2p1/scope/profile.readonly https://purl.imsglobal.org/spec/ob/v2p1/scope/assertion.create https://purl.imsglobal.org/spec/ob/v2p1/scope/assertion.readonly" }' You should get a result like this. Copy the client_id and the client_secret (you'll need them to configure the oAuth2 service) {"client_id":"9ofl140KfgS54uIxbu2zv3v2xqO4EopdSvc02nqV","client_secret":"vsosCajNKEeT9ou9Z0eCRt0nMTsSF9UST2U46v2DJqv42BrZNrh05w8SY95a4lhi07i8z2hCMFzvrlrpFngdAHpWgrdTbGVZAb6rGDZPVBcbQx3NaPYdiB22jt2N7FvQ","client_id_issued_at":1603219589,"client_secret_expires_at":0} Run the following SQL query to create the OAuth2 issuer. You'll need to replace clientid and client secret by the previous proper values: INSERT INTO "mdl_oauth2_issuer" ("timecreated", "timemodified", "usermodified", "name", "image", "baseurl", "clientid", "clientsecret", "loginscopes", "loginscopesoffline", "loginparams", "loginparamsoffline", "alloweddomains", "scopessupported", "enabled", "showonloginpage", "basicauth", "sortorder", "requireconfirmation") VALUES (1611829185, 1611829186, 2, 'IMS OBv2.1 - Badgr', 'https://api.test.badgr.com/static/images/logo.png', 'https://api.test.badgr.com/', 'REPLACE_THIS_BY_CLIENTID', 'REPLACE_THIS_BY_CLIENTSECRET', 'openid profile email', 'openid profile email', '', '', '', 'https://purl.imsglobal.org/spec/ob/v2p1/scope/assertion.readonly https://purl.imsglobal.org/spec/ob/v2p1/scope/assertion.create https://purl.imsglobal.org/spec/ob/v2p1/scope/profile.readonly', 1, 0, 0, 3, 1); Run the following SQL query to get the issuer id you've just created: SELECT id FROM mdl_oauth2_issuer WHERE baseurl='https://api.test.badgr.com/' Run the following SQL query to configure enpoints for OAuth2 issuer. You'll need to replace issuerid by the previous proper values: INSERT INTO "mdl_oauth2_endpoint" ("timecreated", "timemodified", "usermodified", "name", "url", "issuerid") VALUES (1611829186, 1611829186, 2, 'token_endpoint', 'https://api.test.badgr.com/o/token', REPLACE_THIS_BY_ISSUERID), (1611829186, 1611829186, 2, 'authorization_endpoint', 'https://test.badgr.com/auth/oauth2/authorize', REPLACE_THIS_BY_ISSUERID), (1611829186, 1611829186, 2, 'registration_endpoint', 'https://api.test.badgr.com/o/register', REPLACE_THIS_BY_ISSUERID), (1611829186, 1611829186, 2, 'privacypolicy_endpoint', 'https://badgr.com/privacy-policy.html', REPLACE_THIS_BY_ISSUERID), (1611829186, 1611829186, 2, 'termsofservice_endpoint', 'https://badgr.com/terms-of-service.html', REPLACE_THIS_BY_ISSUERID), (1611829186, 1611829186, 2, 'discovery_endpoint', 'https://api.test.badgr.com/.well-known/badgeconnect.json', REPLACE_THIS_BY_ISSUERID);    Setup Backpack for Badgr Go to "Site administration / Badges / Badges settings". Set the "Badge issuer email address" to the email address of one of the Badgr.io accounts and Save changes. Go to "Site administration / Badges / Manage backpacks". Click the "Add a new backpack" button and create a new backpack with the following information: Backpack API URL:  https://api.test.badgr.com/   Backpack URL:  https://test.badgr.com/   API version supported: Open Badges v2.1 OAuth2 services: IMS OBv2.1 - Badgr Save changes. Go to "Site administration / Badges / Backpack settings" and set the site backpack to https://test.badgr.com/. Testing scenario: Connect to Badgr.io backpack Log in as teacher (t1). Go to Dashboard / Preferences / Badges / Backpack settings. Check  https://test.badgr.com/ " is the "Backpack URL" or "Backpack provider", depending on the Moodle version. From Moodle 3.10 you should be able to change it (although ihttps://test.badgr.com/ should be displayed by default). Check  the "Status" is "not connected" and the button "Connect to backpack" appears. Click button "Connect to backpack". Check  the site is redirected to the backpack site and the login form is displayed. Login using the test.badgr.com user account. Check  the screen requesting your permission is displayed with the following application access permissions: Know who you are on Badgr Add badges into a User's Backpack See who you are Click button "Authorize". Check  you're redirected to the Moodle page and the following notification is displayed: "Backpack is connected".       
    • Affected Branches:
      MOODLE_39_STABLE
    • Fixed Branches:
      MOODLE_310_STABLE, MOODLE_39_STABLE
    • Pull from Repository:
    • Pull 3.9 Branch:
    • Pull 3.10 Branch:
      MDL-70264-310
    • Pull 3.11 Branch:
      MDL-70264-311
    • Pull Master Branch:
      MDL-70264-master
    • Sprint:
      Moppies Kanban

      Description

      While testing Moodle OBv2.1 with Badgr and Milestone, we've seen scope shouldn't be mandatory: https://tools.ietf.org/html/rfc6749#section-4.1.2 This is causing issues because most providers won't send this information.

      Besides, analysing badges/backpack-connect.php (where badges/oauth2callback.php request is redirected) scope is optional too so it will be better to make scope optional in order to avoid problems with some backpack providers.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              sarjona Sara Arjona (@sarjona)
              Reporter:
              sarjona Sara Arjona (@sarjona)
              Peer reviewer:
              Amaia Anabitarte Amaia Anabitarte
              Integrator:
              Andrew Lyons Andrew Lyons
              Tester:
              Janelle Barcega Janelle Barcega
              Participants:
              Component watchers:
              Yuliya Bozhko, Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Ilya Tregubov, Sara Arjona (@sarjona)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                8/Mar/21

                  Time Tracking

                  Estimated:
                  Original Estimate - 0 minutes
                  0m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 day, 1 hour, 20 minutes
                  1d 1h 20m