OAuth2 (G Suite account vs Gmail account)

OAuth2 (G Suite account vs Gmail account)

by Aakif Tanveer -
Number of replies: 5

Our users sign in to Moodle using the G Suite Education logins (using OAuth2).


On the signing-in page, when they click on the "Google" button to sign in, it automatically tries to log them in using the current gmail account. Since most students are logged into their private gmail accounts (in other tabs for example), Moodle tries to log them in using their same gmail account and they get an error ("This client is restricted to users within its organization.").


The workaround is that they have to sign out of any other google account, before clicking on the Google button.


Is there a way that they're asked to enter their G Suite email address even if they are already signed in to Google.

Average of ratings: -
In reply to Aakif Tanveer

Re: OAuth2 (G Suite account vs Gmail account)

by Ken Task -
Picture of Particularly helpful Moodlers

Restrict access to the GSuite Email domain?   ie, school.net and not allow gmail.com.  

In themes I have setup drop down menus to help situations like this ...

LOGOUT Google|https://accounts.google.com/Logout" target="_new
LOGIN Google|https://accounts.google.com/ServiceLogin" target="_new

If they hit your Moodle and they are logged on to Google with their personal account (gmail.com), the Logout button would log them out of the gmail.com account.   Clicking login on the Moodle then would/should prompt them for which account to use to authenticate into Moodle.

Comment: there isn't a server yet that can do 'Vulcan Mind Melds' with users (not sure I'd want that!).   It will be interesting though in the future with AI improvements. smile

'spirit of sharing', Ken


Average of ratings: -
In reply to Ken Task

Re: OAuth2 (G Suite account vs Gmail account)

by Babaso Aldar -

Hello Ken,

We are using OAuth2 to log in the moodle. After logout from moodle, their gmail session not getting logout. 

We want to logout from gmail as well. what changes i need to do? Please tell us.

Thank you.

Average of ratings: -
In reply to Aakif Tanveer

Re: OAuth2 (G Suite account vs Gmail account)

by Ken Task -
Picture of Particularly helpful Moodlers

Have the users setup multiple accounts in FireFox?

There's a link to 'another account' and if students/users click that they setup the schools account credentials.

Thus when they get to something setup for Google Authenticaton, think the browser when then ask ... 'which account' ...

See pic.


Average of ratings: -
In reply to Aakif Tanveer

Re: OAuth2 (G Suite account vs Gmail account)

by François-Xavier Guénan -
Hello Aakif,

Go in the OAuth2 settings : (yoursite)/admin/tool/oauth2/issuers.php?id=2&action=edit

Add "prompt=consent" in the field "Additional parameters included in a login request."

Regards,

FX
Average of ratings: -
In reply to François-Xavier Guénan

Re: OAuth2 (G Suite account vs Gmail account)

by François-Xavier Guénan -
I've finally used "prompt=select_account" instead : in case the user was already logged in his personal gmail account, he was DIRECTLY leaded to a 403 error without a chance to login to another account. Now each time he clicks on "google login" button on the front page of Moodle, he's redirected to a "select an account" screen.

Using "prompt=consent" will work but the project in google console has to be set to "public" which was a problem for me since I've added Google Drive in the scope, I didn't want to go thru Google Project validation process.
Average of ratings: Useful (1)