Google Drive Repository and Moodle 3.3.1

Re: Google Drive Repository and Moodle 3.3.1

by Damyon Wiese -
Number of replies: 15

Hi - this seems to be a recent change from Googles side. We never had to do this extra step when working on these features for 3.3.


My guess is that it's a response to some recent phishing attacks involving OAuth (https://www.scmagazine.com/massive-google-docs-phishing-attack-targeted-credentials-permissions/article/654938/). It may also be related to the recent changes to EU privacy laws.


Regardless - it would be very helpful for anyone who has completed this process to post about it here so others can see how it works. The list of scopes that Moodle requires are: "openid profile email https://www.googleapis.com/auth/drive". This is the minimum user information we require to create a unique account - and the google drive API is required to use the google drive repository. The google drive API is also required if you are using the google document converter. 


Regards, Damyon

Average of ratings: Useful (2)
In reply to Damyon Wiese

Re: Google Drive Repository and Moodle 3.3.1

by Sam Black -

I currently am going through the verification process.  I'll try and let everyone know how it comes out.  They said 3-7 business days....

Average of ratings: -
In reply to Sam Black

Re: Google Drive Repository and Moodle 3.3.1

by Jason Touw -

Sam - I was a little confused about Google's instructions for verification when I attempted this.  Which path are you using to become verified?  Thanks for sharing.

Average of ratings: -
In reply to Jason Touw

This forum post has been removed

The content of this forum post has been removed and can no longer be accessed.
In reply to Deleted user

Re: Google Drive Repository and Moodle 3.3.1

by Kees Koopman -

Do you have an example "The Privacy Policy must disclose the manner in which your application accesses, uses, stores, or shares Google user data. Your use of Google user data must be limited to the practices explicitly disclosed in your published privacy policy."

Thanks

Average of ratings: -
In reply to Kees Koopman

This forum post has been removed

The content of this forum post has been removed and can no longer be accessed.
In reply to Deleted user

Re: Google Drive Repository and Moodle 3.3.1

by Jason Touw -

Thanks Bob for sharing.  I just completed the OAuth verification as well and I'll let everyone on the forum know how it goes.  It was a slightly tedious process completing the steps, as you so hinted.

Average of ratings: -
In reply to Deleted user

Re: Google Drive Repository and Moodle 3.3.1

by Jason Touw -

I received this email from Google today:


Dear Developer,

Based on the information for your specific use case, we recommend using the following scope that is necessary to implement your app's feature.

Your app already has access to this scope and does not need to go through verification process. If you don't know how to implement this scope, please reach out to Drive Support. For more information about Drive scopes, please read "What scope or scopes does my app need".

However, if this recommended scope doesn't meet the needs of your app's feature, please reply to this email directly with the Drive scopes required for your app's feature. Please refer this FAQ to ensure your verification request is complete.



Has anyone else received this notification?

Anyone know what to do from here to get the OAuth to work properly?


Thanks!

Average of ratings: -
In reply to Jason Touw

This forum post has been removed

The content of this forum post has been removed and can no longer be accessed.
In reply to Jason Touw

Re: Google Drive Repository and Moodle 3.3.1

by Kees Koopman -

Hi Jason,

I get this e-mail too smile.

Ask them again and write that Moodle says it needs the following scope.

I hope its works.

Sincerely,

Kees.


https://www.googleapis.com/auth/drive - To uploaddownload, update, and delete files in Google Drive. To create, access, update, and delete native Google documents in Google Drive. To manage files and documents in your Google Drive (e.g., search, organize, and modify permissions and other metadata, such as title)

Average of ratings: -
In reply to Kees Koopman

Re: Google Drive Repository and Moodle 3.3.1

by Jason Touw -

Thank you all for great collaboration as we work through this obstacle.

I did email Google back with that exact request.


In the meantime, I want to make sure that I have the API setup properly if you wouldn't mind checking.  

First this is the error I get when I try to access Google Drive:

==========================================================================

Invalid action parameter

More information about this error

×Debug info: 
Error code: invalidaction
×Stack trace:
  • line 503 of \lib\setuplib.php: moodle_exception thrown
  • line 121 of \course\modedit.php: call to print_error()

===========================================================================

-->I assume this is due to the API...?



This is my Google OAuth2 parameters:

============================================================================

Edit identity issuer: Google

Detailed instructions on configuring the common OAuth 2 services
Name Help with Name
Client ID Help with Client ID
[hiding this for security but cut and pasted the entire client ID with ID number and hyphen suffix from Console]

Client secret Help with Client secret
[hiding this for security but cut and pasted the entire secret from Console]

Scopes included in a login request.Help with Scopes included in a login request
  openid profile email https://www.googleapis.com/auth/drive
Scopes included in a login request for offline access.Help with Scopes included in a login request for offline access
Additional parameters included in a login request.Help with Additional parameters included in a login request
Additional parameters included in a login request for offline access.Help with Additional parameters included in a login request for offline access
 access_type=offline&prompt=consent
Service base URL Help with Service base URL
Login domains Help with Login domains
Show on login page Help with Show on login page

===============================================================================


Are those the same parameters that you are using and does yours show on the login screen because mine does not.


Thanks!



Average of ratings: -
In reply to Jason Touw

Re: Google Drive Repository and Moodle 3.3.1

by Jason Touw -

Hmm... I just read that perhaps I should UNINSTALL a prior plugin for this to work.  My earlier versions of Moodle used the auth_googleoauth2 plugin.  Should I uninstall this from the plugins page, or is it a required component in 3.3?

Average of ratings: -
In reply to Jason Touw

Re: Google Drive Repository and Moodle 3.3.1

by Ken Task -
Picture of Particularly helpful Moodlers

The old google auth plugin and the new in a M33 cannot work on the same box - different credentials API, secret, key, etc on the google end.

So in Google's Auth API (credentials), remove the old one.   Remove the plugin ONLY after manipulating your mdl_user table for the M33.

Old Google plugin - in example below, k12os-xxxx.net is a google domain for email.

username,auth,firstname.lastname,email
social_user_2,googleauth2,Ken,Task,ktask@k12os-xxxx.net

All users *IN THE OLD* were given a social_user_# username ... the # was sequential.

New Google part of core - using same example becomes

username,auth,firstname,lastname,email
ktask@k12os-xxxx.net,oauth2,Ken,Task,ktask@k12os-xxxx.net

So username and auth columns are diff ... but you have what you need to make the changes.

Think what you have to do is directly manipulate the database mdl_user
table *IF* academic year has begun and students have already been assigned to
a course and turned in work.

Save your mdl_user table to a csv dump.   Work with a copy of that .... the original is your backup and could be used again should you mess up.

Bring that into Excel

Then use Excel to get the following columns:

username,auth,firstname,lastname,email

with username really their email address - copy the email column, paste it back in, change the  column heading to username.

Keep the ID for that is the student ID number already being used..

Import users editing/updating existing.

Double check the Google API credentials ... remember, you had a call back URL with the old auth plugin.    Don't need *the OLD one* any more.

'spirit of sharing', Ken


Average of ratings: -
In reply to Ken Task

Re: Google Drive Repository and Moodle 3.3.1

by Ken Task -
Picture of Particularly helpful Moodlers

Follow up .... just to make certain you understand about the excel work for creating a users csv update file.

Remove the rows in excel that show 'manual' as authentication - those would be guest and the initial account created for admin access - typically, user ID 1 and 2.   And, if you had created another admin level account to use ... it's also set to manual.

You only want to update the student/teacher accounts that had used the old googleoauth2 for authentication.

Passwords were not retained in mdl_user table using the old and won't be in the new.   So you need not worry about them.

And for the how to for uploading users:

https://docs.moodle.org/33/en/Upload_users

Got any students with names that use 'a-typical' characters?   Knew a guy one time whose first name was "D'Jack" ... this to remind to check over the saved .csv file from excel with notepad to assure you select the correct delimiters in the CSV file and that a name like 'D'Jack' doesn't bite ya! ;)

Ok, think I'm done! ;)

'spriit of sharing', Ken




Average of ratings: -
In reply to Kees Koopman

Re: Google Drive Repository and Moodle 3.3.1

by Jason Touw -

OK, I used that exact language and this is the email I received back:

Dear Developer,

Thank you for your response!

Your privacy policy url http://moodle.wvcsd.org/mod/page/view.php?id=4284 on your OAuth consent page doesn’t have any content of privacy policy. Your privacy policy must disclose the manner in which your application accesses, uses, stores, and or shares Google user data. 

If you want to update your privacy policy url on OAuth consent page, please sign in to Google Cloud Console, select project id moodle2-1236, go to Credentials - OAuth consent screen, enter privacy policy URL and click on "Save".

Please reply back to this email after you update your Privacy Policy.

Anyone want to suggest how to modify Bob's language so that it is acceptable?  Bob, yours was actually accepted as you wrote it because that is what I used and they didn't like it.

Thanks for any suggestions.......

Average of ratings: -
In reply to Jason Touw

This forum post has been removed

The content of this forum post has been removed and can no longer be accessed.