error/Could not upgrade oauth token

error/Could not upgrade oauth token

by Shawn L -
Number of replies: 3

Hello all,

I am currently trying the utilize the oauth2 functionality for Moodle version 3.8.1+. I have entered the client Id, client secret, service base url, authorization endpoint, token endpoint, and userinfo endpoint.  

Afterwards, I clicked "connect to a system account" where it does hit my service endpoint where I can sign in. However, once I sign into my custom service with the correct credentials I receive the following error:

error/Could not upgrade oauth token

More information about this error

Which fails to connect my service account. Is there any reasons as to why I am running into this problem? And, possibly a solution? Thanks in advance!
Average of ratings: -
In reply to Shawn L

Re: error/Could not upgrade oauth token

by Leon Stringer -
Picture of Core developers Picture of Particularly helpful Moodlers

This occurs when the OAuth 2 issuer responds to Moodle with anything other than HTTP status '200 OK'. Maybe the issuer has a log you can check showing why it's not responding in the expected.

The current error doesn't include any detail, to find out more edit lib/oauthlib.php changing line 567:

            throw new moodle_exception('Could not upgrade oauth token');

to:

            $error = "";

            if ($this->error) {
                $error = $this->error;
            } else if ($this->info['http_code']) {
                $error = "HTTP status: {$this->info['http_code']}";
            }

            throw new moodle_exception('Could not upgrade oauth token', 'core_error', '', $response, $error);

Then enable debugging (Debug messages: DEVELOPER, Display debug messages: Yes) and try to connect the system account again. Hopefully there'll be more information to aid troubleshooting.

Average of ratings: -
In reply to Leon Stringer

Re: error/Could not upgrade oauth token

by Shawn L -
Thanks, so I was able to get a more specific error as provided below for troubleshooting:

[Wed Aug 19 19:33:00.244245 2020] [php7:notice] [pid 2588:tid 1564] [client 10.98.56.124:52746] Default exception handler: core_error/Could not upgrade oauth token Debug: Received HTTP code 403 from proxy after CONNECT\r\nError code: Could not upgrade oauth token\r\n$a contents: Received HTTP code 403 from proxy after CONNECT\n* line 576 of \\lib\\oauthlib.php: moodle_exception thrown\n* line 475 of \\lib\\oauthlib.php: call to oauth2_client->upgrade_token()\n* line 905 of \\lib\\classes\\oauth2\\api.php: call to oauth2_client->is_logged_in()\n* line 175 of \\admin\\tool\\oauth2\\issuers.php: call to core\\oauth2\\api::connect_system_account()\n

Also, I looked into the issuer logs and we are sending a 302 status code in order to redirct url to <wwwroot>/admin/oauth2callback.php which I believe is necessary. Would you happen to know the cause of this proxy error?
Average of ratings: -
In reply to Shawn L

Re: error/Could not upgrade oauth token

by Leon Stringer -
Picture of Core developers Picture of Particularly helpful Moodlers

I think it's what it says: Moodle is configured to use a proxy for web access. Moodle (from the web server not the browser) attempts to connect to the configured token endpoint but the proxy server is refusing to allow the connection replying with status 403 Forbidden.

Presumably Moodle has a web proxy configured so check that's configured as expected. Under the hood Moodle is using Curl to make this request so if you're familiar with this you can test connecting to the token endpoint from the Moodle server using the command curl to troubleshoot the settings.

Average of ratings: -