Initially, when first installed user id 1 was 'guest' and auth was or should be 'manual'.
The 3rd line of what you've shared is concerning.
IF user id 1 is guest ... which should not have any permissions except to view
shows created the user with id 246!!!
Who is user id 246?
select firstname,lastname,email,auth,username from mdl_user where id = '1';
Using above query, *normally* one would/should see:
| firstname | lastname | email | auth | username |
| Guest user | | root@localhost | manual | guest |
1 row in set (0.00 sec)
To see info on user id 246
select firstname,lastname,email,auth,username from mdl_user where id = '246';
Perhaps most important, there should always be at least one admin level user whose account is manual. If whatever openID breaks, that user will be the only one that can login to the moodle.
Don't think moodle caches user info ... it does keep track of sessions. Is your site using DB for sessions or files?
Purge caches ... if using files for sessions, manually remove all session files in moodledata/sessions/ - that will force all users out and they will have to login again doing that.
Still ... the screen shot ... third line down said user with ID 1 (the guest user) *CREATED* user id 246. Didn't think that possible unless user ID 1 has the ability to create.
Accounts set to manual are using moodle's own authentication ... openID the user info is coming from outside of Moodle.
So what does user id 246 look like at the other end ... then openid end?
On the DB side the guest user is showing up as auth 'oidc' is this normal? I tried changing it to 'manual' just to see what would happen and when the user tried to login we got this error. It seems that the user and the guest account are somehow connected with each other.
When your moodle was first installed 2 users existed ... uid 1 was automatically guest and set to 'manual' ... there was a md5hashed password that equated to a blank password.
User ID 1 and User ID 2 (person that installed moodle and the first admin level account) should have been left to manual auth.
So back when you did this:
"I had to switch all the users authentication method to OpenID Connect"
Got you into this issue. Guest and any admin level account using 'manual' should have been excluded from whatever you did to convert them all to openid.
You have to query the database for your moodle with a tool outside of Moodle Admin UX - don't think the admin UX will show guest and allow you to edit properly.
So using mysql client as an example and using the db for a moodle called 'moodle'.
mysql> select id,firname,lastname,email,password from mdl_user where id=1;
What do you see?
Do same for ID number 2. Ditto.
Only certain user's authentication method were manually switched via the Admin UX. The admin account and some other test accounts were kept as 'manual'. The guest user is not listed in the Admin UX, so it was never available to be switched. I reviewed the logs further for earlier dates before the change and looks like this user was going through the guest id '1' prior to switching the account. I noticed this was in the Guest user's logs with the user's IP that matches with the times the user has logged into the Moodle site. "Login failed for user 'USERNAME'. User does not exist (error ID '1')."
I ran the query, where id=1 and it displays only the Guest user account. Then ran, where id=2 that displayed only the Admin user.
showed "user with id 1 created the user with 246"
What are the capabilities of 'guest' account or id 1?
When was guest account modified timecreated and timemodified?
select id,username,firstname,lastname,email,timecreated,timemodified,lastip from mdl_user where id=1;
You may have discovered a bug which won't be fixed as the moodle is 3.6.2+