Moodle 3.3 OAuth2 Queries

Moodle 3.3 OAuth2 Queries

by Anthony Connor -
Number of replies: 4

Hi,


We are looking to upgrade from moodle 3.0 to 3.3 at the moment and we came across some differences in the way the user login flow works when using openID connect (moodle 3.0) and OAuth2 services (moodle 3.3), both with a microsoft identity provider. 

The first question i had with regard to the new user account email confirmation seems to be in the pipeline (MDL-58544). So hopefully that will be solved soon.

The second query is in relation to the domain hint option that was available with the openID connect. The domain_hint parameter is used by some OpenID Connect providers to make the login process easier for users. I thought that perhaps the Service base URL with OAuth 2 services would provide the same functionality but it doesn't appear to do so. Is there any way i can add a domain hint to the OAuth 2 services?

Does anybody know if the Microsoft block will be available for moodle 3.3 when using OAuth 2 services with a microsoft identity provider?


Thank you,


Anthony

Average of ratings: -
In reply to Anthony Connor

Re: Moodle 3.3 OAuth2 Queries

by John Okely -

I know you can limit the domains available with Login domains. But this does not provide a hint. This could be a new feature, you can request it on the tracker

I do not know whether the microsoft block will work. Open ID connect was designed as part of the o365 plugins and the block was designed to work with them. It doesn't look like the o365 suite has been updated to work with the new oauth api.

Average of ratings: -
In reply to John Okely

Re: Moodle 3.3 OAuth2 Queries

by Anthony Connor -

Thanks for your reply John. I am using the Login domains and that is working fine. I might have to go down the new feature request on the tracker as you suggested as i don't see an option for the domain hint in the config.

It doesn't look like the microsoft block in the o365 suite of plugins will be upgraded now that OAuth can be used instead for auth, so ill just have to drop that block instead, pity sad 

Average of ratings: -
In reply to John Okely

Re: Moodle 3.3 OAuth2 Queries

by Dave Perry -
Picture of Testers

The latter point you make is very odd, as 365 login is now driven purely by OAuth2 (according to the URLs it spits out as you watch a login attempt anyway). So if moodle is OAuth2 out of the box, it should just work. We haven't gone down that road admittedly (we value SSO from moodle to eResources as a bigger win, so are going Shibboleth over summer).

Average of ratings: -
In reply to Dave Perry

Re: Moodle 3.3 OAuth2 Queries

by John Okely -

I agree, o365 itself should definitely work with the oauth 2 auth plugin new in 3.3.

The bit I'm unsure about is whether the o365 moodle plugin suite (including the microsoft block) will work with the new Oauth 2 authentication plugin. As far as I'm aware the old open id connect plugin used custom fields which the o365 suite then uses.

That said I haven't tried it as I don't have a 365 (school/work) account.

Average of ratings: -