Dear Community,
we are using OpenID Connect (OIDC) together with Microsoft Azure in Moodle 3.5. In a few weeks we will do an upgrade to Moodle 3.9. Our Moodle provider recommends us to switch over from OIDC to OAUTH2, because there might be some problems in 3.9. with OIDC and Azure; OAUTH2 should be the better solution.
There are some setup instructions, it seems to be easy to configure: https://docs.moodle.org/39/en/OAuth_2_Microsoft_service
We will also change the authentication method of existing users in moodle database, so existing users can also login via OAUTH2.
Has anyone already had experience by changing from OIDC to OAUTH2? Are there some issues with user sync, multi factor authentication, token problems, changing authentication method directly in the moodle database, ...?
thanks, best regards
Anton
Hi Anton,
what a coincidence,
I've been struggling with all this on the very day you post your question.
I setup OIDC to azure a while back on an old devel server (running 3.7 I think) and all went well.
Today I tried doing the same for our production server (3.9.4+) and nothing worked. It seems the latest iteration of the Microsoft Moodle plugins are a bit buggy. Could be me of course, but I didn't get it to work and I've been tinkering with it all day. Our setup has existing users in moodle and the automatch or sync don't seem to work at all.
If anyone else has a bright idea, or similar problems I'm also very interested
Seeing as we're not really going all-in on the microsoft coupling just yet, I decided to go with OAuth2. Works well enough. Can't seem to sync profile pictures though. but things could be worse.
One thing I do miss with OAuth2 is that there's no simple way to have your login page automatically redirect to the microsoft login page. But that can be fixed by creating a small plugin that does the trick.
Cheers,
Wim
Thank you for your experience report.
We are running OIDC with 3.5 and we also have problems with synchronising users from Azure to Moodle. Synch will not work anymore, so we have to create/change users in Moodle manually. After discussions with Microsoft Support and plugin developer we found the problem: it's a token problem and it should be solved in newer plugin versions for 3.8/3.9.
I think you already know the github pages of o365-plugin set, maybe you can find a solution for your problem: https://github.com/microsoft/o365-moodle/issues
espessially a solution for the token-synch problem: https://github.com/microsoft/o365-moodle/issues/1357 (but just for 3.5 - no guarantee that will solve your problem)
We also have troubles with synchronising profile pictures in 3.5 with oidc, we hope in newer versions of oidc or in oauth2 profile picture sync will work, but as you said it is also true for us "things could be worse"
br, Anton