I'm trying to use Moodle's core OAuth implentation to integrate with Cognito.
(Moodle 3.8)
The issue I'm running into exactly matches this (closed) thread from a couple of years ago:
https://moodle.org/mod/forum/discuss.php?d=370241
I've traced the issue to:
moodle/lib/oauthlib.php::515
'state' => $this->returnurl->out_as_local_url(false),
Basically, the core logic expects sesskey to be a query-parameter of the state request parameter, but because the argument is improperly escaped, sesskey is a param of the request.
Currently, the only alternative I can find, that doesn't involve hacking core, is creating a new oauth auth-plugin to change one line in login.php to correctly encode the state request parameter.
I would welcome an alternative.
Thanks.