Moodle for mobile

User Login - Security Key Reset and Token Generation

Picture of Moodle UPF
User Login - Security Key Reset and Token Generation

Hi there!

We are currently working on our own version of the Moodle Mobile app. I've configured the environment, made the necessary changes in the app's config.json file and got it to run.

Everything was running smoothly until the login phase. Then I've got the "We lost connection; you need to reconnect. Your token is now invalid." problem using both a student and admin account.

For the admin account I generated a token on the "Site Administration >> Plugins >> Web services >> Generate token" area as is stated in the docs and it worked like a charm.

For the student account, even though he had all capabilities necessary, the error still persisted. It was just when I went to "Settings >> My profile settings >> Security keys" and did a "Reset" operation of the key for the "Moodle mobile web service" that it started to work. After the reset, the invalid token error stopped altogether. In this case, the user already had a security key.

Config steps done:

  • The mobile web services are activated;
  • Enabled the following capabilities for the authenticated user: moodle/webservice:createmobiletoken, moodle/webservice:createtoken, webservice/rest:use, webservice/soap:use, webservice/xmlrpc:use;

More info:

  • We have LDAP login, and any login option works (in app, via browser window and via embedded browser);
  • The Moodle Mobile additional features plugin isn't installed, since we have Moodle 3.4;
  • Moodle v3.4;

After all of this, I got a few questions:

1. The 'Moodle mobile web service' security key (to use the mobile web service) is generated automatically in the user's first login or the user needs to generate by itself?

2. Is it mandatory for all of our users to reset the key to, only then, successfully login in the app? We sincerely hope to avoid this step, wishing that the token could be reset or generated in the login process, without the need to access the site and do the reset process before accessing on app.

3. If it is mandatory to generate/reset token, is it possible to develop a way to generate/reset token for all users at the same time? We think it will lead to confusion if the users need to do this before logging in the app. We also feel that the user should be able to login without this step.

Average of ratings: -
Picture of Juan Leyva
Re: User Login - Security Key Reset and Token Generation
Core developersMoodle HQParticularly helpful MoodlersPlugin developersTesters


I suspect that this is happening because in the Security settings you've set to reset the authentication token every few minutes.

Please, check this setting: User created token duration (tokenduration) in Security -> Site policies

Re your questions:

1. Is generated automatically

2. No, it isn't

Regards, Juan

Average of ratings: -