Google authentication setup on Moodle 3.3

Google authentication setup on Moodle 3.3

by Yogesh Nahar -
Number of replies: 22

Hello Moodlers,

I recently updated one of our sites to the latest weekly release v3.3. The upgrade worked fine and a great set of features. So then I setup Google authentication and have it showing two tick marks for 'Configured and 'Allow Login' in the Oauth2 services setup page under 'Server'. The client ID and secret also were setup as per the instructions on: https://docs.moodle.org/33/en/OAuth_2_Google_service. Oauth2 auth service is also enabled.

Environment:

Moodle v3.3+ | Apache | MySQL 5.6.32.78.1 | PHP 5.6.29 | Cloud Hosting on Blue Host | 

Now, the Google login button shows up fine on the login page. The Google login button links to: http://academy.carterradley.com/auth/oauth2/login.php?id=1&wantsurl=%2F&sesskey=GJkcwFT9GRut 

But when you click on it, it simply displays a page with the auth/oauth2 directory. 

Unsure why this is happening. Cleared/purged all caches. Removed the old oauth2 plugin I was using with Moodle v3.2 from the Moodle /auth directory. 

If any of you have come across this issue or know why this is happening, please advice. Would really appreciate it. Screenshots attached for reference. 

Thank you. 

Attachment auth index page.png
Attachment OAuth 2 services.png
Average of ratings: -
In reply to Yogesh Nahar

Re: Google authentication setup on Moodle 3.3

by Emma Richardson -
Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Plugin developers

Well you have red checks by discovery and system account connected...I would start there...

Average of ratings: -
In reply to Emma Richardson

Re: Google authentication setup on Moodle 3.3

by Yogesh Nahar -

Hi Emma, yes. I tried clicking on the button below system account connected and it takes me to a confirm or cancel page. When I click on confirm it again takes me to the index of the oauth folder. Not sure why this is happening here too.

But I think the system connected account is only used when you want to use google drive to have trusted links for documents for students and teachers to use. Not sure if that is required for the login. 

Any other place I could debug this? 

Average of ratings: -
In reply to Yogesh Nahar

Re: Google authentication setup on Moodle 3.3

by Emma Richardson -
Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Plugin developers

You might checking permissions on the folder itself - maybe the web user does not have appropriate permissions...

Average of ratings: -
In reply to Yogesh Nahar

Re: Google authentication setup on Moodle 3.3

by Damyon Wiese -

Yes it is correct that the system account is not needed just for authentication.

Average of ratings: -
In reply to Yogesh Nahar

Re: Google authentication setup on Moodle 3.3

by Damyon Wiese -

I think it would help if you could copy/paste the url from your browser when you see that web page listing the files. (if the url contains clientid/secrets please change them before posting).


Average of ratings: -
In reply to Damyon Wiese

Re: Google authentication setup on Moodle 3.3

by Yogesh Nahar -

Hi Damyon, 

Here it is:  http://academy.carterradley.com/auth/oauth2/login.php?id=1&wantsurl=%2F&sesskey=GJkcwFT9GRut

This is the URL listing all the files in the oauth folder when clicking on the Google login button. 

The permissions for the folder are 0644. That is right I presume. 

Do you think copying all the Moodle v3.3 files again will help ? As such there is no debug info being displayed when I turn on debugging so I presume it's not an issue with any missing files either. I shall check the server logs too just in case I find something. 

Thank you for all your support in debugging this. Truly appreciate it. 

Average of ratings: -
In reply to Damyon Wiese

Re: Google authentication setup on Moodle 3.3

by Damyon Wiese -

Well the listing shows that the login.php file is present, so it should run.

My guess is that you have a bogus url re-write rule, security filter (mod_security?) or some other webserver misconfiguration that is preventing the login.php file from being processed when accessing this page.



Average of ratings: -
In reply to Damyon Wiese

Re: Google authentication setup on Moodle 3.3

by Yogesh Nahar -

So I checked the server and also verified with the hosting service, no rewrite happening in any htaccess file or any other server issue. 

Do you think this could be because of SSL? I have a wild card SSL certificate on the server for the domain and the moodle sub-domain too. But I haven't setup Moodle for SSL yet. Any chance that might be causing any issues? 

I will try re-doing the whole process of the v3.3 installation and check if it happens again. Shall report soon. 

Thank you. 

Average of ratings: -
In reply to Damyon Wiese

Re: Google authentication setup on Moodle 3.3

by Yogesh Nahar -

Hello again,

So I went through the entire upgrade process for Moodle v3.3. With a fresh installation, removed previous google oauth2 plugins and cleaned up the entire system of external plugins including any remnants in the database in config_plugins. Thought might have been some issue with the old google oauth2 plugin. 

Using the boost theme, enabled the core oauth2 service and setup google login. Unfortunately still facing the same issue. The google login button directs to this URL showing an index of files in the oauth2 folder still. 

URL: http://academy.carterradley.com/auth/oauth2/?client_id=1008082128017-q892e413r78jkm4g29mqp0fckhbj50r7.apps.googleusercontent.com&response_type=code&redirect_uri=http%3A%2F%2Facademy.carterradley.com%2Fadmin%2Foauth2callback.php&state=%2Fauth%2Foauth2%2Flogin.php%3Fwantsurl%3Dhttp%253A%252F%252Facademy.carterradley.com%252F%26sesskey%3DeGuvF8wDnX%26id%3D1&scope=openid%20profile%20email

have cleaned out the htaccess files on the server too. Any other areas I could look at to debug this? 

Appreciate any advice here. Thank you. 

Average of ratings: -
In reply to Damyon Wiese

Re: Google authentication setup on Moodle 3.3

by Yogesh Nahar -

Damyon...I checked my error logs and it shows a php parse error:

PHP Parse error: syntax error, unexpected T_STRING in /home2/carterra/public_html/academy/login/index.php on line 197This is line 197 from index.php: 

\core\session\manager::apply_concurrent_login_limit($user->id, session_id());

Do you think this has anything to do with it? 

Pls advice. 

Average of ratings: -
In reply to Damyon Wiese

Re: Google authentication setup on Moodle 3.3

by Yogesh Nahar -

Hello again....just been trying to debug this issue by reading some of the other discussions. One of them pointed to the 'discovery' setting against the google oauth service. 

Does Discovery need a green tick mark? It is 'x' in red right now. This means, the end point and user mapping fields have to be entered manually. 

The end point is coded in already. Do we also have to setup the user mapping fields manually for google authentication if discovery is not found? 

I have tested with the mappings of user fields, but still no luck. Just checking if anybody else has come across this issue. 

Please advice. Appreciate any direction here. 

Thank you.  

Average of ratings: -
In reply to Yogesh Nahar

Re: Google authentication setup on Moodle 3.3

by Helen Foster -
Picture of Core developers Picture of Documentation writers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Plugin developers Picture of Testers Picture of Translators

Just noting that when the Google OAuth 2 service was enabled here on moodle.org, a green tick was shown under Discovery without us needing to enter anything manually (apart from the client ID and secret).

Unfortunately I don't know any more to be able to help, but I'm subscribed to this discussion thread ready to add anything we learn to the documentation.

Average of ratings: -
In reply to Helen Foster

Re: Google authentication setup on Moodle 3.3

by Yogesh Nahar -

Thanks for the info Helen. 

Anyone who might be facing the same issue or has resolved the oauth2 connectivity issues, please do advice where we can debug this. 

Thank you. 

Average of ratings: -
In reply to Yogesh Nahar

Re: Google authentication setup on Moodle 3.3

by Damyon Wiese -

The error you have described is very unlikely to be caused by any thing in the Moodle code, or any configuration settings in Moodle. This is a system/webserver configuration problem in that you are accessing the URL for a php page and the webservice is not running that page with the php interpreter but is giving you a file listing instead. 


Average of ratings: -
In reply to Damyon Wiese

Re: Google authentication setup on Moodle 3.3

by Yogesh Nahar -
Thanks, Damyon.

I tried to re-add the google oauth keys and got this error:

error/Could not discover service endpoints: Failed to connect to 2607:f8b0:4005:808::200d: Network is unreachable

This error shows up at the top of the oauth2 services page. Screenshot attached. 

As you said, I might have to check the server to see if the connection going out is being blocked in any way. 

I am going to check with blue host to see if they can help with this. Anybody else get this error and have been able to resolve it, please direct me so I could debug on my end. 

Thank you.

Attachment OAuth 2 services.png
Average of ratings: -
In reply to Damyon Wiese

Re: Google authentication setup on Moodle 3.3

by Yogesh Nahar -

So looks like this was finally fixed. Phew.

Silly little mistake in the URL. the default base URL was http://accounts.google.com, changed it to https. 

The discovery showed a positive tick mark and was able to then get through to the Google SSO login page. 

There were some issues with bad tokens and redirection. I thought it must have been due to the cache or multiple logged in google sessions in the browser. 

So went through and cleared all the browser, Moodle system (purge all cache) and the server cache (blue host) and tested the SSO once again. All working fine for now. 

For anyone with the same issues, please check the default base URL when adding the Google service on the oauth2 page. It should be https://accounts.google.com

Thank you all for your direction in debugging this issue. The Moodle community rocks!


Average of ratings: Useful (1)
In reply to Yogesh Nahar

Re: Google authentication setup on Moodle 3.3

by Damyon Wiese -

I am glad you managed to resolve it and thanks for posting back your solution for anyone else with a similar problem to see.


Average of ratings: -
In reply to Damyon Wiese

Re: Google authentication setup on Moodle 3.3

by Helen Foster -
Picture of Core developers Picture of Documentation writers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Plugin developers Picture of Testers Picture of Translators

Yes, thanks Yogesh for letting us know how you solved the problem. However I'm a bit confused because the Google service here on moodle.org has http://accounts.google.com/ as service base URL i.e. the default setting is http not https.

Damyon, should I create a tracker issue for changing the default setting to https?

Average of ratings: -
In reply to Helen Foster

Re: Google authentication setup on Moodle 3.3

by Yogesh Nahar -

Thank you to the community for helping resolve this issue. 

But I came across another issue when testing with multiple Google accounts in the Chrome browser.

So here is the scenario:

I have allowed Moodle to create new accounts on authentication. The setting Prevent account creation on authentication under 'Authentication' is off.

Next I click on Login via Google, and am taken to the Google accounts login page. Here I have multiple accounts in the Chrome browser but all the accounts are signed out. See screenshot 1. So if I click on any email address and login, it authenticates and goes to a email sent for confirmation screen in Moodle. This is fine. 

But going through the same steps above with multiple Google accounts already signed in is creating an issue. So if I am taken to the Google accounts login page and I have say 2 Google accounts logged in already and if I select from any of those accounts (that does not exist in Moodle) to log me in to Moodle, it simply starts redirecting but then refreshes and comes back to the same Google login page. 

Here are the URLs:

When I reach the Google SSO login page: 
https://accounts.google.com/signin/oauth/oauthchooseaccount?client_id=448236099137-1t7nfe1v3o189octrkl1em8c4icck3ls.apps.googleusercontent.com&as=-43077ec6f2bd02bf&destination=http%3A%2F%2Facademy.carterradley.com&approval_state=!ChRTRzZfWV9qa3loZnJyZXZSZVNMXxIfZzRYQjY0Unh6RmdYVU9xWmlfQjdtUjlrbkxxQnpoVQ%E2%88%99ADiIGyEAAAAAWVNEGjZa0Qzyp9i_vAhfevVFk8BdSeFb&xsrfsig=AHgIfE8patmsAycjpw9vJoTRg1iexmh4Aw&flowName=GeneralOAuthFlow

When it starts redirecting after I click on a Google account to sign me in it shows a new URL but then refreshes and goes back to the one above: 

https://accounts.google.com/signin/oauth/oauthchooseaccount?client_id=448236099137-1t7nfe1v3o189octrkl1em8c4icck3ls.apps.googleusercontent.com&as=-43077ec6f2bd02bf&destination=http%3A%2F%2Facademy.carterradley.com&approval_state=!ChRTRzZfWV9qa3loZnJyZXZSZVNMXxIfZzRYQjY0Unh6RmdYVU9xWmlfQjdtUjlrbkxxQnpoVQ%E2%88%99ADiIGyEAAAAAWVNEGjZa0Qzyp9i_vAhfevVFk8BdSeFb&xsrfsig=AHgIfE8patmsAycjpw9vJoTRg1iexmh4Aw&flowName=GeneralOAuthFlow

Any one come across a similar issue? Tried searching the forums but cannot find this reported. Any ideas why this might be happening? 

I have tested this in multiple browsers. Same issue. Any advice on debugging? 

Thank you for your time. 

Average of ratings: -
In reply to Yogesh Nahar

Re: Google authentication setup on Moodle 3.3

by Marcos Rugerio Islas -

Hi Yogesh Nahar

Did you fixed you issue? I have a similar problem in this week and I all ready fixed, in my case I needed to enable the OAuth service and check the ecact location of the oauth2callback file on my system, according the documentation and installation you can find on your server over the following path where the moodle platform was installed.

In my case moodle is installed on / path
marcos@desarrollo:/moodle33/admin$ ls |grep *oauth*
oauth2callback.php

Othe issue was the name... I was typing wrong the name tongueout

Right now is working with Google and Facebook, I am working to enable Github.


Average of ratings: -