Can't login with Facebook or LinkedIn using Oauth2 on moodle 3.5.5

Can't login with Facebook or LinkedIn using Oauth2 on moodle 3.5.5

by Giuseppe Mandarà -
Number of replies: 5

Hello everyone,
in a test environment (for example https://test-www.mydomain.com), on CentOS Linux release 7.5, using moodle 3.5.5+, with php 7.2.17, mysql 5.6.15 and apache 2.4.6
after enabling the OAuth2 authentication plugin and configuring the OAuth2 services for Google, Facebook and LinkedIn trying to log in with Facebook I get:
No user information was returned. The OAuth 2 service may be configured incorrectly.
To enable login with Facebook I used the 'Create new Facebook service' button and followed the instructions on https://docs.moodle.org/35/en/OAuth_2_Facebook_service
filling in the fields:
name (Facebook)
client ID (many numbers)
client secret (even more numbers and letters)
Authenticate token requests via HTTP headers: checkbox is disabled
Scopes included in a login request: public_profile email
Scopes included in a login request for offline access: public_profile email
Login domains: https://test-www.mydomain.com
Show on login page: checkbox is enabled
Require email verification: checkbox is disabled
The same thing I did for LikedIn except for:
name (LikedIn)
Scopes included in a login request: r_basicprofile r_emailaddress
Scopes included in a login request for offline access: r_basicprofile r_emailaddress
On the OAuth2 services page the check marks are green for the configured and allow login entries, while Discovery does not have a check mark even though the endpoints and the user field mapping are configured as indicated on the page https://docs.moodle.org/36/en/OAuth_2_LinkedIn_service and the 'System account connected' field has a red cross and when I try to link an account I get:
'The system account was not connected for offline access'.
Conversely, authentication using Google works correctly.
Any suggestions?

Thanks in advance.

Giuseppe

Average of ratings: -
In reply to Giuseppe Mandarà

Re: Can't login with Facebook or LinkedIn using Oauth2 on moodle 3.5.5

by Les Bell -
I recently had a user report that they were unable to log in using LinkedIn OAuth2 authentication, and he was getting the same error message: "No user information was returned. The OAuth 2 service may be configured incorrectly."

Digging around, I found a page at https://engineering.linkedin.com/blog/2018/12/developer-program-updates which states:

Update: As of May 1, 2019, Version 1.0 of our API is no longer supported. Applications requesting Version 1.0 APIs may experience issues as we begin to remove services. To find the latest updates, go to the new LinkedIn Developers site at https://www.linkedin.com/developers/. You can learn more about our Version 2.0 APIs, our developer program, and how to migrate your apps.

At the time, I hypothesized that the Moodle OAuth2 plugin might be written for the old version of the LinkedIn API, as the problem started in mid-May. However, the user has been logging in more recently, so I have emailed him to ask if he is still using LinkedIn or has switched to, e.g. Google. I'll add any more info I discover.

The only other thing I can think of is that you say you are running Moodle in a test environment. The OAuth2 API requires that the identity provider (in this case, LinkedIn) must be able to invoke a callback API on your server, and that means that the server can't be behind a firewall - or at least, port 443 must be reachable from the outside world. But you've probably already realised that.

Best,

--- Les

Average of ratings: -
In reply to Les Bell

Re: Re: Can't login with Facebook or LinkedIn using Oauth2 on moodle 3.5.5

by Les Bell -

My user has replied and confirms that LinkedIn sign-on is not working, and that he is authenticating using Facebook.

This particular server has been running for four years or so and has been using OAuth2 authentication for most of that time, initially with the plugin and then with the core OAuth2 functionality from soon after its introduction. It's currently fully up-to-date, running on CentOS 7.6.1810 (Core) and Moodle 3.7+ build 20190524. Most users are authenticating via Google, some are using passwords and a few are using Facebook.

Is anybody else experiencing problems with LinkedIn OAuth2 authentication?

Best,

--- Les

Average of ratings: -
In reply to Les Bell

Re: Re: Can't login with Facebook or LinkedIn using Oauth2 on moodle 3.5.5

by Michiel Povre -

Hi,


I'm currently having the same problem while developing LinkedIn logging for website.

Were you able to fix the problem somehow?


Thanks in advance.

Average of ratings: -
In reply to Les Bell

Re: Re: Can't login with Facebook or LinkedIn using Oauth2 on moodle 3.5.5

by Richard van Iwaarden -
Picture of Particularly helpful Moodlers
I can confirm this is still a problem in Moodle 3.7.1... Logging in with LinkedIn does not seem to work anymore.

Is this a priority for anyone to get fixed? It seems a bit odd, Facebook login seems les simportant for me. LinkedIn is a more professional platform. Also look at LinkedIn Learning...
Average of ratings: -
In reply to Giuseppe Mandarà

Re: Can't login with Facebook or LinkedIn using Oauth2 on moodle 3.5.5

by Gimhana Jayasekara -

Firs t of all, My facebook auth is working fine. But I have the same issue with linkedin. The first problem was 'r_basicprofile',

Linkedin API v2 is not supporting r_basicprofile any more. Instead they have 'r_liteprofile' permission. According to the linkedin Documentation. However they have another problem. I can't get userinfo & email using same GET request. Because they are 2 different requests. 

The current moodle docs for this Oauth 2 (https://docs.moodle.org/36/en/OAuth_2_LinkedIn_service) is outdated because of LinkedIn API v2. I have already suggested an edit to that doc.

The new API needs following GET requests.

user Info (No Email)

GET https://api.linkedin.com/v2/me?projection=(id,firstName,lastName,profilePicture(displayImage~:playableStreams))

user email

GET https://api.linkedin.com/v2/emailAddress?q=members&projection=(elements*(handle~))


Now I'm also having a problem with endpoints. Because I don't know how to send two GET requests in same userinfo_endpoint URL.


Attachment Captur2e.JPG
Average of ratings: -