So I have set up an oauth2 Microsoft service and everything works fine; however, here is what I want to be able to do:
1) Log into MS (Office 365)
2) From within Office 365, click a link that logs me into Moodle automatically using oauth2
I got things to work as desired by linking to https://mysite.com/auth/oauth2/login.php?id=<oauth2_service_id>&wantsurl=http%3A%2F%2Fmysite.com%2Fmy%3F from Office 365, but I had to comment out the call to "require_sesskey()" in auth/oauth2/login.php so that it would work. Otherwise, I get an invalid / required sesskey error.
Looking at auth/oauth2/login.php file, it makes a call to sesskey() later on, which, after commenting out the call to require_sesskey(), will just create a new one and pass it as part of the return URL to the oauth2 provider.
So my questions are can I safely comment out that call to require_sesskey()? Are there any security concerns in doing so? Am I missing something?
Thanks, I hope it's clear!