Is it possible to do something with user authorisation using webservices? I'm making a java client for moodle but I want to check if a user logging in is authorised to use my java client.
When retrieving all users with the web service function `core_get_users` it doesn't return a password and so far i can't seem to find a webservice doing that. How can I check if a user is registered with the moodle installation?
What you are actually asking is how to access Moodle to authenticate your local users. This is fraught with problems - depending how much you care about security. This is why horrible things like OAuth exist. Moodle doesn't know the user's password as it is hashed for security in the database.
What you could do (and I've done it) is to write a (say) local plugin that exposes a new web service to authenticate a username and password passed to it. However, you need to think very hard if you really want to do that and how much you want to secure it.
I have little to no experience on developing in Moodle, is it possible that you can share your code with me?
Any code I have written is very client specific and wouldn't really help you. Sorry.
There is some talk of developing an OAuth2 server plugin for Moodle. If this happens it should provide a solution to this sort of problem. At best, it will be several weeks away though.
Hmm, I can't really wait several weeks. Could you tell me the basics about creating a (local) plugin to expose a webservice to authenticate the user with a username and password passed to it? or link a tutorial/documentation on the matter
This is just one way...
- Write a new local plugin (https://docs.moodle.org/dev/Local_plugins)
- Add a page called authenticate.php to the plugin and get it to read two params - username and password. So, you'll end up with an endpoint something like http://your.moodle/local/auth/authenticate?username=fred&password=foo
- The page calls authenticate_user_login( ... ) to verify the credentials. You can find it in lib/moodlelib.php and returns a result to your application
- In your app, you use curl or similar to call the above endpoint and check the result
This is about as simple as I can think of and has lots potentially wrong with it and there are several ways to do it better. Hopefully it gives you a clue. This sort of thing pays my rent so you'll understand why I can't be much more helpful.
Thanks! This will get me started at least.
