@all in this thread ... have been using Google Oauth2 authentication before it was offered as part of core. Can say this ... Google (like Moodle) isn't 'standing still'. Because they are global and have presence in every part of the globe, there are 'watched' shall we say ... GDPR etc.
I have two servers on different networks (one of which is Google Compute Engine) and recently have been reviewing Google Oauth2 setups on both ... actually forced to in order to get both auth and Drive to work.
Anyhooo ... here are some notes/clips from recent reviews/setups of the two servers I have using Google. Please note they are clips from Google pages ... with links to some ... and are not organized in a 1,2,3 .... sorry bout that.
Oauth2 has gotten more complicated to initially configure me thinks.
I already had two sites using it and they have been working but seems I can't leave well enough alone ... or felt there was something 'lurking' and decided to review setups.
It appears now that Google has a:
Google Cloud Platform/API Trust & Safety
The API's one needs for Oauth2 and for Drive is found ...
Endbled apis and services.
Google Drive API - has to be enabled.
IAM Service Account Credentials API has to be enabled.
Then one can get to OAuth2 client ID's etc.
The following clips from an email from Google's
Google Cloud Platform/API Trust & Safety. Obviously, the project ID
here nas been obscured.
Thank you for submitting a verification request.
To proceed with the approval process, please ensure that your project api-project-ANUMBER is in compliance with the following requirements.
The website ownership of the following domains should be verified. Please go to the Search Console with an account that is either a Project Owner or a Project Editor on your Project.
(which happens to be a Google Compute Engine CentOS 7 instance running
2 Moodles ... a 3.4 and a 3.5 ... both using Google Authentication.
Thank you for your patience. Please reply back to this email after your project is in compliance with the requirements above.
In console, search for 'domain verification' which will lead you to Google info ... confusing to say the least ... but don't quit! Hang in there. The results are worth the headache's ... IMHO!
Configure webhook notifications for api-project-myprojectnumber
You need to verify domain ownership to allow webhook notifications to be sent to your external domains. Google verifies that the user owns each of the listed domains via Search Console. Learn more
Important: Your site must be registered on Search Console with an https:// URL or with the domain name provider verification method.
Allow webhook notifications to be sent to the following domain.
Before you register mydomain.org you must first verify ownership. You can do this in the Google Search Console.
Click the 'Teke me there' link.
It goes to:
Verify your ownership of mdlgoogle.org. Learn more.
Learn More link:
** Verfication method
HTML file upload
Great job, https://mydomain.org/ is now verified! You can now use Google services for your property such as Search Console .
Your Google Account will be recorded in Google's systems as an official owner of this property.
Note - your ownership information will be stored and be visible to other owners (both current and future).
Select the domain provider you have for your Moodle site - mine with Network Solutions ... am an old dude!
Then it will suggest ways of getting this TXT
info into DNS or
an alt way of verifying server.
The HTML file upload me thinks is easier - see ** above!
Well, there ya have it! Need to do this entire thing about 10 more times before I can begin to internalize ... and even then, if I 'snooze' I could 'loose'. :\ But that's tech/internet and cloud today for ya!
Best of luck! Hoping this might help a little.
'spirit of sharing', Ken