Sam - I was a little confused about Google's instructions for verification when I attempted this. Which path are you using to become verified? Thanks for sharing.
Google Drive Repository and Moodle 3.3.1
I've just completed the verification process for our school district. I completed the verification form to the best of my ability and, after a few days, Google got back to me asking for more information or corrections. The first return email I received was probably a form email/auto response to make sure the important steps had been completed.
Your OAuth Consent Screen is created.
Your authorized redirect URI or origin URL is linked to the OAuth web client.
Each scope that you’re requesting in the form must have an explanation for its use/need for the project.
For the scopes I used the scopes Damyon Wiese posted above but the reasons I gave for needing them were apparently not good enough prompting another round of emails. I replied with:
That seemed to work for them. When originally filling in the OAuth Consent Screen I had also verified our domain. This was also apparently not enough and the next email from Google wanted me to verify the site itself. It was a matter of downloading an HTML file, dropping it in the root web folder and clicking a "Verify" button. I did have to enable the Google Search Console for an OU that didn't include any students in Google Apps for Education as this is apparently OFF by default.
After replying to Google that the site verification was a success we were approved the next day and the warning screen is no longing showing for students and staff.
We just added some fairly generic language to our existing policy:
I received this email from Google today:
Based on the information for your specific use case, we recommend using the following scope that is necessary to implement your app's feature.
Your app already has access to this scope and does not need to go through verification process. If you don't know how to implement this scope, please reach out to Drive Support. For more information about Drive scopes, please read "What scope or scopes does my app need".
However, if this recommended scope doesn't meet the needs of your app's feature, please reply to this email directly with the Drive scopes required for your app's feature. Please refer this FAQ to ensure your verification request is complete.
Has anyone else received this notification?
Anyone know what to do from here to get the OAuth to work properly?
I get this e-mail too .
Ask them again and write that Moodle says it needs the following scope.
I hope its works.
https://www.googleapis.com/auth/drive - To upload, download, update, and delete files in Google Drive. To create, access, update, and delete native Google documents in Google Drive. To manage files and documents in your Google Drive (e.g., search, organize, and modify permissions and other metadata, such as title)
Thank you all for great collaboration as we work through this obstacle.
I did email Google back with that exact request.
In the meantime, I want to make sure that I have the API setup properly if you wouldn't mind checking.
First this is the error I get when I try to access Google Drive:
Invalid action parameter
Error code: invalidaction
- line 503 of \lib\setuplib.php: moodle_exception thrown
- line 121 of \course\modedit.php: call to print_error()
-->I assume this is due to the API...?
This is my Google OAuth2 parameters:
Edit identity issuer: GoogleDetailed instructions on configuring the common OAuth 2 services
Are those the same parameters that you are using and does yours show on the login screen because mine does not.
Hmm... I just read that perhaps I should UNINSTALL a prior plugin for this to work. My earlier versions of Moodle used the auth_googleoauth2 plugin. Should I uninstall this from the plugins page, or is it a required component in 3.3?
The old google auth plugin and the new in a M33 cannot work on the same box - different credentials API, secret, key, etc on the google end.
So in Google's Auth API (credentials), remove the old one. Remove the plugin ONLY after manipulating your mdl_user table for the M33.
Old Google plugin - in example below, k12os-xxxx.net is a google domain for email.
All users *IN THE OLD* were given a social_user_# username ... the # was sequential.
New Google part of core - using same example becomes
So username and auth columns are diff ... but you have what you need to make the changes.
Think what you have to do is directly manipulate the database mdl_user
table *IF* academic year has begun and students have already been assigned to
a course and turned in work.
Save your mdl_user table to a csv dump. Work with a copy of that .... the original is your backup and could be used again should you mess up.
Bring that into Excel
Then use Excel to get the following columns:
with username really their email address - copy the email column, paste it back in, change the column heading to username.
Keep the ID for that is the student ID number already being used..
Import users editing/updating existing.
Double check the Google API credentials ... remember, you had a call back URL with the old auth plugin. Don't need *the OLD one* any more.
'spirit of sharing', Ken
Follow up .... just to make certain you understand about the excel work for creating a users csv update file.
Remove the rows in excel that show 'manual' as authentication - those would be guest and the initial account created for admin access - typically, user ID 1 and 2. And, if you had created another admin level account to use ... it's also set to manual.
You only want to update the student/teacher accounts that had used the old googleoauth2 for authentication.
Passwords were not retained in mdl_user table using the old and won't be in the new. So you need not worry about them.
And for the how to for uploading users:
Got any students with names that use 'a-typical' characters? Knew a guy one time whose first name was "D'Jack" ... this to remind to check over the saved .csv file from excel with notepad to assure you select the correct delimiters in the CSV file and that a name like 'D'Jack' doesn't bite ya! ;)
Ok, think I'm done! ;)
'spriit of sharing', Ken
OK, I used that exact language and this is the email I received back: