General help

Oauth2 authentification - issue with Microsoft

 
Picture of Yvan Urunuela
Oauth2 authentification - issue with Microsoft
 

Hi,


I'm a Moodle admin on 3.3.1. We are a few teachers running an independant Moodle site (https with SSL certificate).

I configured the Oauth2 authentification as explained here:

It works perfectly for Google. Great.

But we've got an issue with Microsoft:
- It works when authenficating with a PERSONAL Microsoft account.
- It fails when authenficating with our COLLEGE Microsoft account. In that case, we have an error A required parameter (code) was missing that appears on  https://oursite.ca/admin/oauth2callback.php?code=xxxxxxxxxxxxxx)

First, I thought there was impossible to have Oauth2 authentification with our college Microsoft account. But I succeeded in log in in moodle.org with my college Microsoft account...

Let's sum up:
- I can connect in https://oursite.ca with my personal Microsoft account, but NOT with my college Microsoft account.
- I can connect in moodle.org with my college Microsoft account.

Any idea or clue?

Thanks a lot.

Yvan

 
Average of ratings: Useful (1)
Me!
Re: Oauth2 authentification - issue with Microsoft
Core developersMoodle HQParticularly helpful MoodlersPlugin developersTesters

I don't know what is causing your issue, but it was specifically tested with both work and personal accounts as part of the qa cycle for 3.3.

Posting the exact text and url of the error page may help debug the issue. 

 
Average of ratings: -
Picture of Adam Jenkins
Re: Oauth2 authentification - issue with Microsoft
Particularly helpful MoodlersPlugin developers

Do you have "prevent account creation" set?

If so, you will only be able to login if there already exists an account that has the email address of the Microsoft account you're using to login.

Try changing your email address in your moodle profile to your college email address and give it another go.


Also, if you have restricted domains to a non-college account setting, that would also prevent you from logging in using your college account (unlikely).

 
Average of ratings: -
Picture of Yvan Urunuela
Re: Oauth2 authentification - issue with Microsoft
 

Thanks Daymon and Adam.

- My moodlesite.ca has been upgraded to 3.3.2 and same problem.

- Adam: yes, "prevent account creation" is NOT activated, as I'd like new users to be able to create a new account when connecting with Oauth2 Microsoft.

- Adam: I use my college email address in my admin profile, still does not work.

- Adam: I'm not sure about the "restricted domains to a non-college account setting". Where can I find this information?

As suggested by Daymon, I've attached a couple of screen shots.

The URL in my moodlesite.ca when the error is displayed is:

The error shown on the Moodle page is:

error/moodle/missingparam

A required parameter (id) was missing.

This error happens when a webpage expects a parameter to be passed from another page (by post or cookie), and it fails to do so.

This happens sometimes when user session times out, due to inactivity, or when an URL that needs that mandatory parameter is instead directly typed in URL bar or invoked from browser bookmarks, like the SCORM Player page not being launched from a link in the course page.

It seems there is something wrong with an id. Notice that it works when connecting to moodle.org with my COLLEGE microsoft account. Maybe my moodlesite.ca and moodle.org don't ask for the same id or fields? The problem could be in the user fields mapping?

Thanks for your help!

Yvan





 
Average of ratings: -
Picture of Adam Jenkins
Re: Oauth2 authentification - issue with Microsoft
Particularly helpful MoodlersPlugin developers

Hi Yvan,

One possibility is that you may have logged in using one account, then tried to repeat the test with the same session key (sesskey) as the first attempt. That would probably confuse the system and throw a parameter error.

Perhaps try closing the browser between attempts (or clearing recent history including cookies). 

Let me know if this works.

 
Average of ratings: -
Picture of Yvan Urunuela
Re: Oauth2 authentification - issue with Microsoft
 

Hi Adams,

I did what you suggested (I purged and deleted cookies, passwords, history, etc.), still the same problem. 

Same problem again - in college - with different computers and web browsers. 

A couple of my colleagues tried to authentify (Oauth2) with their college Microsoft account, and they got exactly the same error.

Thanks for your help.

 
Average of ratings: -
Me!
Re: Oauth2 authentification - issue with Microsoft
Core developersMoodle HQParticularly helpful MoodlersPlugin developersTesters

Thanks for posting the screenshots and urls - they helped me diagnose this problem. 


By replacing the code parameter with "a" characters and testing different lengths I was able to determine there is a configuration problem in your Apache server that is preventing this from working. OAuth works by passing long unguessable tokens around, so it requires very long url parameters. 


You can see the problem is reflected by different error message responses from these 2 urls:


Not working                                                                                                                         

https://sciences-humaines.ca/admin/oauth2callback.php?code=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa&state=%2fauth%2foauth2%2flogin.php%3fwantsurl%3dhttps%253A%252F%252Fsciences-humaines.ca%252F%26sesskey%3dmrEzQAXrNR%26id%3d8&session_state=33fa8ec5-de7d-4e16-a8d6

                                                                                                                                    

Working                                                                                                                             

https://sciences-humaines.ca/admin/oauth2callback.php?code=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa&state=%2fauth%2foauth2%2flogin.php%3fwantsurl%3dhttps%253A%252F%252Fsciences-humaines.ca%252F%26sesskey%3dmrEzQAXrNR%26id%3d8&session_state=33fa8ec5-de7d-4e16-a8d6


I googled this problem for you and this is the most likely answer: 

http://www.php.net/manual/en/reserved.variables.get.php#101469


Cheers, Damyon

 
Average of ratings: Useful (1)
Picture of Yvan Urunuela
Re: Oauth2 authentification - issue with Microsoft
 

Thanks a lot Damyon, it works!


For those who get the same problem, some information (I'm not an expert but it could help):

- As Damyon said, the problem is the lenght of the URL (number of characters). The Php Suhosin patch has a defaut limit of 512 characters for get parameters. In my case, the URL had more than 900...
- To fix the problem, you have to change the suhosin.get.max_value_length = <limit> in the php.ini, for example suhosin.get.max_value_length = 2000
- In my case, I was not able to change it by myself (I changed the php.ini in Cpanel but nothing happens), I had to ask the web hosting team to do it for me (check with your web hosting service).

Thanks Damyon and Adam for your precious help.

 
Average of ratings: Useful (1)