General help

Google Drive Repository and Moodle 3.3.1

 
Picture of Jason Touw
Re: Google Drive Repository and Moodle 3.3.1
 

Sam - I was a little confused about Google's instructions for verification when I attempted this.  Which path are you using to become verified?  Thanks for sharing.

 
Average of ratings: -
Picture of Bob Bell
Re: Google Drive Repository and Moodle 3.3.1
 

I've just completed the verification process for our school district. I completed the verification form to the best of my ability and, after a few days, Google got back to me asking for more information or corrections. The first return email I received was probably a form email/auto response to make sure the important steps had been completed.

  1. Your OAuth Consent Screen is created.

  2. Your authorized redirect URI or origin URL is linked to the OAuth web client.

  3. Your app's Privacy policy meets the following requirements.

    • The Privacy policy must be linked to the OAuth consent screen on Google Cloud Console  and visible to users.

    • The Privacy Policy must disclose the manner in which your application accesses, uses, stores, or shares Google user data. Your use of Google user data must be limited to the practices explicitly disclosed in your published privacy policy.

  4. Each scope that you’re requesting in the form must have an explanation for its use/need for the project.

Of particular note here was numbers 2 and 4. For number 2, your Authorized redirect URIs should include something like:

For the scopes I used the scopes Damyon Wiese posted above but the reasons I gave for needing them were apparently not good enough prompting another round of emails. I replied with:

profile - To view basic profile info

email - To view email address

openid - To authenticate using OpenID

https://www.googleapis.com/auth/drive - To upload, download, update, and delete files in Google Drive. To create, access, update, and delete native Google documents in Google Drive. To manage files and documents in your Google Drive (e.g., search, organize, and modify permissions and other metadata, such as title)

That seemed to work for them. When originally filling in the OAuth Consent Screen I had also verified our domain. This was also apparently not enough and the next email from Google wanted me to verify the site itself. It was a matter of downloading an HTML file, dropping it in the root web folder and clicking a "Verify" button. I did have to enable the Google Search Console for an OU that didn't include any students in Google Apps for Education as this is apparently OFF by default.

After replying to Google that the site verification was a success we were approved the next day and the warning screen is no longing showing for students and staff.

 
Average of ratings: Useful (2)
Picture of Kees Koopman
Re: Google Drive Repository and Moodle 3.3.1
 

Do you have an example "The Privacy Policy must disclose the manner in which your application accesses, uses, stores, or shares Google user data. Your use of Google user data must be limited to the practices explicitly disclosed in your published privacy policy."

Thanks

 
Average of ratings: -
Picture of Bob Bell
Re: Google Drive Repository and Moodle 3.3.1
 

We just added some fairly generic language to our existing policy:

Integrated Services: You may be given the option to access or register for the Service through the use of your user name and passwords for certain services provided by third parties (each, an “Integrated Service”), such as through the use of your Google account, or otherwise have the option to authorize an Integrated Service to provide Personal Data or other information to us. By authorizing us to connect with an Integrated Service, you authorize us to access and store your name, email address(es), and basic profile information that the Integrated Service makes available to us, and to use and disclose it in accordance with this Policy. You should check your privacy settings on each Integrated Service to understand what information that Integrated Service makes available to us, and make changes as appropriate. Please review each Integrated Service’s terms of use and privacy policies carefully before using their services and connecting to our Service.

 
Average of ratings: Useful (1)
Picture of Jason Touw
Re: Google Drive Repository and Moodle 3.3.1
 

Thanks Bob for sharing.  I just completed the OAuth verification as well and I'll let everyone on the forum know how it goes.  It was a slightly tedious process completing the steps, as you so hinted.

 
Average of ratings: -
Picture of Jason Touw
Re: Google Drive Repository and Moodle 3.3.1
 

I received this email from Google today:


Dear Developer,

Based on the information for your specific use case, we recommend using the following scope that is necessary to implement your app's feature.

Your app already has access to this scope and does not need to go through verification process. If you don't know how to implement this scope, please reach out to Drive Support. For more information about Drive scopes, please read "What scope or scopes does my app need".

However, if this recommended scope doesn't meet the needs of your app's feature, please reply to this email directly with the Drive scopes required for your app's feature. Please refer this FAQ to ensure your verification request is complete.



Has anyone else received this notification?

Anyone know what to do from here to get the OAuth to work properly?


Thanks!

 
Average of ratings: -
Picture of Bob Bell
Re: Google Drive Repository and Moodle 3.3.1
 

That was the exact email I received when I said what I'd originally used for my explanation of what scopes were needed and why wasn't good enough.

 
Average of ratings: -
Picture of Kees Koopman
Re: Google Drive Repository and Moodle 3.3.1
 

Hi Jason,

I get this e-mail too smile.

Ask them again and write that Moodle says it needs the following scope.

I hope its works.

Sincerely,

Kees.


https://www.googleapis.com/auth/drive - To uploaddownload, update, and delete files in Google Drive. To create, access, update, and delete native Google documents in Google Drive. To manage files and documents in your Google Drive (e.g., search, organize, and modify permissions and other metadata, such as title)

 
Average of ratings: -
Picture of Jason Touw
Re: Google Drive Repository and Moodle 3.3.1
 

Thank you all for great collaboration as we work through this obstacle.

I did email Google back with that exact request.


In the meantime, I want to make sure that I have the API setup properly if you wouldn't mind checking.  

First this is the error I get when I try to access Google Drive:

==========================================================================

Invalid action parameter

More information about this error

×Debug info: 
Error code: invalidaction
×Stack trace:
  • line 503 of \lib\setuplib.php: moodle_exception thrown
  • line 121 of \course\modedit.php: call to print_error()

===========================================================================

-->I assume this is due to the API...?



This is my Google OAuth2 parameters:

============================================================================

Edit identity issuer: Google

Detailed instructions on configuring the common OAuth 2 services
Name Help with Name
Client ID Help with Client ID
[hiding this for security but cut and pasted the entire client ID with ID number and hyphen suffix from Console]

Client secret Help with Client secret
[hiding this for security but cut and pasted the entire secret from Console]

Scopes included in a login request.Help with Scopes included in a login request
  openid profile email https://www.googleapis.com/auth/drive
Scopes included in a login request for offline access.Help with Scopes included in a login request for offline access
Additional parameters included in a login request.Help with Additional parameters included in a login request
Additional parameters included in a login request for offline access.Help with Additional parameters included in a login request for offline access
 access_type=offline&prompt=consent
Service base URL Help with Service base URL
Login domains Help with Login domains
Show on login page Help with Show on login page

===============================================================================


Are those the same parameters that you are using and does yours show on the login screen because mine does not.


Thanks!



 
Average of ratings: -
Picture of Jason Touw
Re: Google Drive Repository and Moodle 3.3.1
 

Hmm... I just read that perhaps I should UNINSTALL a prior plugin for this to work.  My earlier versions of Moodle used the auth_googleoauth2 plugin.  Should I uninstall this from the plugins page, or is it a required component in 3.3?

 
Average of ratings: -
Picture of Ken Task
Re: Google Drive Repository and Moodle 3.3.1
Particularly helpful Moodlers

The old google auth plugin and the new in a M33 cannot work on the same box - different credentials API, secret, key, etc on the google end.

So in Google's Auth API (credentials), remove the old one.   Remove the plugin ONLY after manipulating your mdl_user table for the M33.

Old Google plugin - in example below, k12os-xxxx.net is a google domain for email.

username,auth,firstname.lastname,email
social_user_2,googleauth2,Ken,Task,ktask@k12os-xxxx.net

All users *IN THE OLD* were given a social_user_# username ... the # was sequential.

New Google part of core - using same example becomes

username,auth,firstname,lastname,email
ktask@k12os-xxxx.net,oauth2,Ken,Task,ktask@k12os-xxxx.net

So username and auth columns are diff ... but you have what you need to make the changes.

Think what you have to do is directly manipulate the database mdl_user
table *IF* academic year has begun and students have already been assigned to
a course and turned in work.

Save your mdl_user table to a csv dump.   Work with a copy of that .... the original is your backup and could be used again should you mess up.

Bring that into Excel

Then use Excel to get the following columns:

username,auth,firstname,lastname,email

with username really their email address - copy the email column, paste it back in, change the  column heading to username.

Keep the ID for that is the student ID number already being used..

Import users editing/updating existing.

Double check the Google API credentials ... remember, you had a call back URL with the old auth plugin.    Don't need *the OLD one* any more.

'spirit of sharing', Ken


 
Average of ratings: -
Picture of Ken Task
Re: Google Drive Repository and Moodle 3.3.1
Particularly helpful Moodlers

Follow up .... just to make certain you understand about the excel work for creating a users csv update file.

Remove the rows in excel that show 'manual' as authentication - those would be guest and the initial account created for admin access - typically, user ID 1 and 2.   And, if you had created another admin level account to use ... it's also set to manual.

You only want to update the student/teacher accounts that had used the old googleoauth2 for authentication.

Passwords were not retained in mdl_user table using the old and won't be in the new.   So you need not worry about them.

And for the how to for uploading users:

https://docs.moodle.org/33/en/Upload_users

Got any students with names that use 'a-typical' characters?   Knew a guy one time whose first name was "D'Jack" ... this to remind to check over the saved .csv file from excel with notepad to assure you select the correct delimiters in the CSV file and that a name like 'D'Jack' doesn't bite ya! ;)

Ok, think I'm done! ;)

'spriit of sharing', Ken




 
Average of ratings: -
Picture of Jason Touw
Re: Google Drive Repository and Moodle 3.3.1
 

OK, I used that exact language and this is the email I received back:

Dear Developer,

Thank you for your response!

Your privacy policy url http://moodle.wvcsd.org/mod/page/view.php?id=4284 on your OAuth consent page doesn’t have any content of privacy policy. Your privacy policy must disclose the manner in which your application accesses, uses, stores, and or shares Google user data. 

If you want to update your privacy policy url on OAuth consent page, please sign in to Google Cloud Console, select project id moodle2-1236, go to Credentials - OAuth consent screen, enter privacy policy URL and click on "Save".

Please reply back to this email after you update your Privacy Policy.

Anyone want to suggest how to modify Bob's language so that it is acceptable?  Bob, yours was actually accepted as you wrote it because that is what I used and they didn't like it.

Thanks for any suggestions.......

 
Average of ratings: -
Picture of Bob Bell
Re: Google Drive Repository and Moodle 3.3.1
 

Yes, what I posted here was, word for word, what was used on our privacy policy. It is just a section of our complete privacy policy that outlines other things like what info we collect and why we collect it, how we use that info, and how to opt out/get a copy of/update the info. I mention this because of the line "and to use and disclose it in accordance with this Policy" included in what I posted previously.

I don't think it matters but I'll add that our privacy policy is not on the Moodle site itself and covers more then just Moodle. It is posted on our web site and just linked in the OAuth Consent Screen (APIs & Services > Credentials).

 
Average of ratings: -