Linked logins for many users in bulk (oauth2)

Linked logins for many users in bulk (oauth2)

by Daniel Neis Araujo -
Number of replies: 1
Picture of Core developers Picture of Plugin developers Picture of Translators

Hello,


Moodle 3.3 added support to Linked Logins, for users to be able to log in using oauth2 accounts like found on  Google or Facebook or Microsoft services.

I have two questions with similar scenarios.

when I have a lot of users to create in Moodle beforehand (say I would like them to already be nerolled in some courses when they login first time), is it possible to create the users and link a profile to a oauth2 service? Maybe via users upload csv ?

The other scenario is, given I already have a lot of users on my Moodle site and I know that they have accounts in a oauth2 service. I am able to link the accounts in bulk so they don't have to do so?


Any ideas?


Best regards,

Daniel

Average of ratings: -
In reply to Daniel Neis Araujo

Re: Linked logins for many users in bulk (oauth2)

by Ken Task -
Picture of Particularly helpful Moodlers

Am glad you have posted this ... have something similar to which there have been no replies/responses. sad

See the 'blog' @ https://moodle.org/mod/forum/discuss.php?d=361270

But, I'll share my experiences with customOauth2 as it might help you and others ...

Below from a corp entity (large/international) wanting to use.

Test system using CustomOauth2
The test system moodle has 'noemail' parameter in the config.php file.
Test system is a clone of production - all users, courses, etc.
The ID management system is behind cloudflare and (as the consultant describes it)
an 'ad-hoc' (proof of concept) setup that appears to be also firewalled/limited
to only certain IP addresses.

When entity started testing signing up new users I had turned on Email again.

Two new accounts were created without issue.
In mdl_user table their account shows auth as oath2 - expected.

Finally got the entity to test an existing user.
*EMail must work* ... process involves the user getting a confirmation
email to link the accounts.  No mail means the account gets stuck in a
'pending' state due to mdl_auth_oauth2_linked_login having data in the
'confirmtoken' column that has a epoch time stamp which appears to give
the user 30 minutes to confirm.

IF user does not confirm, there is no admin interface found that allows
the admin to confirm this action for the user. (an admin omission, me thinks).
User cannot login ... using either ... i.e., the normal login boxes as they
had done before, NOR the IDM button.   Had to remove the confirmtoken data and another admin had to change users password and provide that in a private (user-2-user) email.

The CSV route can change the auth of an account easily enough, **but**
there are multiple tables related

| mdl_auth_oauth2_linked_login  |
| mdl_oauth2_endpoint           |
| mdl_oauth2_issuer             |
| mdl_oauth2_system_account     |
| mdl_oauth2_user_field_mapping |

This one:
mdl_auth_oauth2_linked_login
Would also have to have data for those 'linked' accounts - me thinks.

Interestingly enough, the one account tested with linking did not change
the auth column of mdl_user to 'oauth2', but it remained 'manual'.
It actually might allow the user to use either the normal login boxes
or the IDM button on the login page - that's a guess, as I have not
yet gotten the entity to try it again. :\

In addition the site has required additional fields which cannot be
populated by the mapping tool provided in the config of the customoath2
configuration.   The only columns provided to map are from ml_user table
with no way to provide the required extra/added fields found in
mdl_user_info_field  (webservices script triggered by IDM access?)

Here's hoping this helps! ;)

'spirit of sharing', Ken


Average of ratings: -