Oauth2 problems in Moodle 3.3

Oauth2 problems in Moodle 3.3

by Breno Jacinto -
Number of replies: 21

Hello everyone,

    I just did a fresh install for Moodle 3.3 as I'm a big fan of using Oauth for authenticating my users. I used a plugin in prior versions, but since it became a core plugin in 3.3 and on, I just did a fresh install and hope to be migrating my courses soon.


    I followed instructions from https://docs.moodle.org/dev/OAuth2_Services. My users started creating accounts normally, but now all I get is the following message:

error/Could not upgrade oauth token


     I tried to recreate / update the setting at the Oauth2 services page, but as you can see in the image attached, Moodle seems to be unable to do Discovery nor connect to the System Account. I also attached my current settings. Is there anything I could do to fix this issue? 


thanls in advance,


- Breno

Attachment Moodle.png
Attachment Moodle2.png
Average of ratings: -
In reply to Breno Jacinto

Re: Oauth2 problems in Moodle 3.3

by AL Rachels -
Picture of Core developers Picture of Particularly helpful Moodlers Picture of Plugin developers Picture of Testers

Hi Breno,

Have you tried clicking the arrow in the System account connected column?

Just today I was doing the Moodle 3.3 QA test for DropBox, OneDrive, and Flickr. I too was having trouble until I realized I had to have the system account connected before things would work.

Average of ratings: -
In reply to AL Rachels

Re: Oauth2 problems in Moodle 3.3

by Breno Jacinto -

Hi Rachels,


   Thanks for you reply. I did this, and it properly redirected to Google's oauth page for confirmation, etc. Then I get the same error as always about not upgrading the oauth token sad. I attached the image below. 


    Any other idea of why this is happening? The funny thing is that it was working normally, then it began raising this error message. Some users even created their accounts already, but none are being able to login and new users are unable to create new accounts. 


regards,


- Breno

Attachment Moodle-1.png
Average of ratings: -
In reply to AL Rachels

Re: Oauth2 problems in Moodle 3.3

by Jason Touw -

Hi Al, 

I just made a similar post to what I am reading here in the Authentication forum.  Do you believe that your fix will solve my problem?  Is this what you experienced for GoogleDrive, OneDrive, Flickr, etc? as you mentioned...


Here is my post from the other forum:

I recently upgraded from 3.1 to 3.3.  After the upgrade, I am having difficulty using the file picker to pull up Google Drive.  

1. File Picker opens

2.  Click on Google Drive and the "Login to your account" button appears.

3.  Then this screen:




...and for OneDrive...


I appreciate any suggestions or thoughts for troubleshooting this error!


...and if your fix did work, where is that screenshot from that you show to "connect the system account"?

Average of ratings: -
In reply to Jason Touw

Re: Oauth2 problems in Moodle 3.3

by AL Rachels -
Picture of Core developers Picture of Particularly helpful Moodlers Picture of Plugin developers Picture of Testers

Hi Jason,

Possibly it will work. The screenshot is from Site administration > Server OAuth 2 services in the System account connected column.

Average of ratings: -
In reply to Breno Jacinto

Re: Oauth2 problems in Moodle 3.3

by Damyon Wiese -

This error means that google is returning a HTTP code other than 200 from the request to get an access token. This could mean many things, but I would start by carefully checking your clientid and secret as well as checking the google api console for anything suspicious (bad redirect url, APIs not enabled etc).


Average of ratings: Useful (1)
In reply to Damyon Wiese

Re: Oauth2 problems in Moodle 3.3

by Breno Jacinto -
Hi Damyon,


    I tried to reset my configuration carefully, but while saving new credentials I got: error/Could not discover end points for identity issuerGoogle


   The API is enabled and the URL set is http://cursos.brenojac.com/admin/oauth2callback.php.


   I may try to reconfigure using another Gmail account and see what happens.. but I'd like to have some more debugging information to solve this issue. Is there anyway I could monitor messages exchanged between Moodle and Google?


regards,


- Breno

Average of ratings: -
In reply to Breno Jacinto

Re: Oauth2 problems in Moodle 3.3

by Ken Task -
Picture of Particularly helpful Moodlers

I, like you, had previously used the excellent addon/plugin for authentications to google.   One of  the thing I noticed had to do with getting the secret and key from google into Moodle properly.   After creating an IAM in Google, you are presented with the key and secret.   If I copied and pasted those into Moodle, noticed that there was a space at the start of both (key and secret) as well as a space at the end of both.  That caused errors and the error came from the google end ... no way for Moodle to trap it.

Check that in the Moodle config for Google Authentication, there are no spaces before nor after the secret/key.

If you are getting google errors, you might have to share screen shots of those.

The sites I was using were NOT https but http.   So am not sure that's really the reason, although now-a-days it's probably best to run https ... even though that's only a 'comfort thang' for users.

The other thing that folks might have to share about issues is some more about their systems ... Ubuntu version?   What are you using for a web service on your Moodle server?   Apache as what (mod/cgi) or is it Nginx?

There could also be issues with curl on your server .... from terminal might be a good idea to test using curl -I URL to Google.  That's a capital "I"

To see more output ...  curl -I -vvv URL to Google.

The -vvv sets verbose levels which will show every step in exchange/negotiation of the connection.

'spirit of sharing', Ken



Average of ratings: -
In reply to Breno Jacinto

Re: Oauth2 problems in Moodle 3.3

by Phuong Hoang -

I got the same error with Google and Facebook. By the way, my site's using http instead of https, which may be a reason.

Average of ratings: -
In reply to Phuong Hoang

Re: Oauth2 problems in Moodle 3.3

by Emi Camargo -

Hello!

Could you resolved your problem??.. Because I just installed the new version moodle 3.3 and I cant get the google login working, not even been  the button  appears.

my site's using http instead of https, too. I don have ssl certificate.

I need help!!

Note: Sorry about my English.!

Average of ratings: -
In reply to Breno Jacinto

Re: Oauth2 problems in Moodle 3.3

by Ken Task -
Picture of Particularly helpful Moodlers

This may/may not solve the issues immediately, but ....

When one begins to interface things like Google (Facebook/other) to Moodle, there are settings etc. on the other end - yeah, ok, we all know that so what's the point.   Point is you might need to check everything on the other end.

Tip
Every once in a while Google does send via Email to the primary account you might have used to interface Moodle with Google that ask you to  check - got one of those today.

Here's the URL in case you didn't get an EMail today (you might get one in near future):

https://myaccount.google.com/permissions

You should be prompted to login into Google and if you have multiple accounts
in Google, make sure you login with the same account you used to interface
Moodle.

Can check it all:
https://myaccount.google.com/security

https://myaccount.google.com/security#connectedapps

May not be a bad idea to create a System Admin Category and a System Admin course in your Moodle that's accessible only by System Admin (hidden/assign no one) and record your keys/secrets and other information.   Could create a page resource of the above information and thus not have to find that message in your EMail - nor have to return to these forums to find the links.

'spirit of sharing', Ken


Average of ratings: -
In reply to Ken Task

Re: Oauth2 problems in Moodle 3.3

by Emi Camargo -

thanks Ken.

All setting are ckecked!..the google configuration worked on versión 3.2.3 moodle with Outh2 plugin.

But in this case, the button for google login doesn appear in the login page, so I cant test the google login. 

Any ideas about why is not showing up?

Show on login page: Is checked!!

thanks!!

Average of ratings: -
In reply to Emi Camargo

Re: Oauth2 problems in Moodle 3.3

by Ken Task -
Picture of Particularly helpful Moodlers

Isn't there a test button in config?   Try that?

Are there all greens in the setup of Google?

https://docs.moodle.org/33/en/OAuth_2_services

Change theme.  Does login button show?  Got theme designer mode on?  Turn off.

Other than that, since 3.3 is brand spanking new, cache?   On server purge cache ... might even manually purge in moodledata cache and localcache.

In the paste, before using the plugin no longer supported or it was built in, had a link in drop down menus for "Login to Google" ... pointed to accounts ... one of those links seen in the config.   Try making a menu item in the theme pointed to accounts that uses new window.

If that dosn't work, then ???? ... look else where ... web server error logs?  Other logs?

The old plugin used to detech that user was logged on and took one right into Moodle.

Just can't do 'Vulcan Mind Melds'!

'spirit of sharing', Ken


Average of ratings: -
In reply to Ken Task

Re: Oauth2 problems in Moodle 3.3

by Emi Camargo -

I have a new question!

Where are setting about the answers mails and the page  linked login confirmation after cliking  the   "google"button in oauth2?, Because I need  to change the language to spanish.


thanks !!



Average of ratings: -
In reply to Ken Task

Re: Oauth2 problems in Moodle 3.3

by Steven Geggie -

Ken,


When we use the system account to connect between Moodle and Google, is that just a generic Google account or is like a Google "Super user"??


Thanks,
Steve

Average of ratings: -
In reply to Steven Geggie

Re: Oauth2 problems in Moodle 3.3

by Mary Cooch -
Picture of Documentation writers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Testers Picture of Translators

For the system account, you can use any Google account but it must be one dedicated to that purpose - ie - not your own  account. 

Average of ratings: -
In reply to Mary Cooch

Re: Oauth2 problems in Moodle 3.3

by Dirk Grunwald -

You mentioned that the account must not be the one you use on a normal basis -- why is this? In other words, how does this fail and what problems would it cause? I'm currently using it this way and trying to trouble shoot items.


I'm also not certain why it needs email confirmation followup -- i.e. why the site says "This account is pending email confirmation." I'm also in the middle of getting my email relay set up, so I'm not receiving any confirmation messages yet; I'm not certain why that's needed since other OAuth2 services don't do that.

Average of ratings: Useful (1)
In reply to Ken Task

Re: Oauth2 problems in Moodle 3.3

by Emi Camargo -

I Resolved the problem!!

It was my template fault!.. I restored the default theme and the button showed.

Thanks!!

Average of ratings: -
In reply to Emi Camargo

Re: Oauth2 problems in Moodle 3.3

by Mary Cooch -
Picture of Documentation writers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Testers Picture of Translators

Thanks for posting back with your solution, Emi -it could be helpful to others in futuresmile

Average of ratings: -
In reply to Mary Cooch

Re: Oauth2 problems in Moodle 3.3

by Jerome Denanot -

Same error "error/Could not upgrade oauth token" using a custom external OAuth provider. Any hints as answers above don't seem linked to the inital question ? 

Average of ratings: -
In reply to Jerome Denanot

Re: Oauth2 problems in Moodle 3.3

by Aurélien Besson -

I have the same error , OneDrive / DropBox return "error/Could not upgrade oauth token". 

it's clear, in the code 

if ($this->info['http_code'] !== 200) {
    throw new moodle_exception('Could not upgrade oauth token');
}


We have 4 identical web server (same code / same config / share DB) and just one retun this error. If i inspect the request i find this

  • Request URL: https://[........]/repository/repository_callback.php?callback=yes&repo_id=258&sesskey=ssJ0VPwCih&oauth2code=M491d5458[........]
  • Request Method: GET
  • Status Code: 404 Not Found

I don't understant why for this server the callback get 404 error.



Average of ratings: -
In reply to Aurélien Besson

Re: Oauth2 problems in Moodle 3.3

by Aurélien Besson -

After many research, i put somes traces in /lib/oauthlib.php (ln 566).


Trace exemple :

error_log("==== HTTP_CODE : ".$this->info['http_code'], 0);
error_log("==== ERROR : ".$this->error, 0);
error_log("==== ERRORNO : ".$this->errno, 0);
$TypeCode=gettype($this->info['http_code']);
error_log("==== type HTTP_CODE : ".$TypeCode, 0);


Return

[07-Nov-2018 08:52:48 America/New_York] ==== HTTP_CODE : 0
[07-Nov-2018 08:52:48 America/New_York] ==== ERROR : couldn't connect to host
[07-Nov-2018 08:52:48 America/New_York] ==== ERRORNO : 7
[07-Nov-2018 08:52:48 America/New_York] ==== type HTTP_CODE : integer
[07-Nov-2018 08:52:48 America/New_York] Default exception handler: error/Could not upgrade oauth token Debug:
Error code: Could not upgrade oauth token

couldn't connect to host caused by a firewall rule.


Average of ratings: -