OAuth 2 services

OAuth 2 services

by Ahmed Ndaula -
Number of replies: 11

Hello folks,

I am trying to integrate  OAuth 2 service accepting registration with hotmail. After making all the configuration and trying to "Connect to the system account" from within MOODLE, I get this errors

error/Could not upgrade oauth token

More information about this error

×Debug info:
Error code: Could not upgrade oauth token
$a contents:
×Stack trace:
  • line 571 of /lib/oauthlib.php: moodle_exception thrown
  • line 251 of /lib/classes/oauth2/client.php: call to oauth2_client->upgrade_token()
  • line 479 of /lib/oauthlib.php: call to core\oauth2\client->upgrade_token()
  • line 276 of /lib/classes/oauth2/client.php: call to oauth2_client->is_logged_in()
  • line 907 of /lib/classes/oauth2/api.php: call to core\oauth2\client->is_logged_in()
  • line 175 of /admin/tool/oauth2/issuers.php: call to core\oauth2\api::connect_system_account()

Any help is highly appreciated


Ahmed


Average of ratings: -
In reply to Ahmed Ndaula

Re: OAuth 2 services

by Leon Stringer -
Picture of Core developers Picture of Particularly helpful Moodlers

If you just want to authenticate users you don't need to connect to a system account. You only need this to use OAuth 2 to access content in a course for example.

In Moodle 3.11 and above you can enable debugging to see more information about the Could not upgrade oauth token error. If you have Moodle 3.10 or earlier you need to modify the source code first.

1. Change line 571 of lib/oauthlib.php from:

570         if ($this->info['http_code'] !== 200) { 
571             throw new moodle_exception('Could not upgrade oauth token'); 
572         } 

to:

570         if ($this->info['http_code'] !== 200) { 
571             $debuginfo = !empty($this->error) ? $this->error : $response; 
572             throw new moodle_exception('oauth2upgradetokenerror', 'core_error', '', $this->info['http_code'], $debuginfo); 
573         }

2. Add the following line to lang/en/error.php:

$string['oauth2upgradetokenerror'] = 'Could not upgrade OAuth 2 token. HTTP status for remote endpoint: {$a}';

3. Purge caches.

4. Enable debugging.

Then you should see more details when this error occurs.

Average of ratings: Useful (1)
In reply to Leon Stringer

Re: OAuth 2 services

by Ahmed Ndaula -
Hi Leon,

I have done your procedure but still getting the same error. I am running MOODLE 3.10


error/Could not upgrade oauth token

More information about this error
Debug info:
Error code: Could not upgrade oauth token
$a contents:
Stack trace:

line 572 of /lib/oauthlib.php: moodle_exception thrown
line 251 of /lib/classes/oauth2/client.php: call to oauth2_client->upgrade_token()
line 479 of /lib/oauthlib.php: call to core\oauth2\client->upgrade_token()
line 276 of /lib/classes/oauth2/client.php: call to oauth2_client->is_logged_in()
line 44 of /auth/oauth2/login.php: call to core\oauth2\client->is_logged_in()
Average of ratings: -
In reply to Ahmed Ndaula

Re: OAuth 2 services

by Leon Stringer -
Picture of Core developers Picture of Particularly helpful Moodlers

Double-check line 572 of lib/oauthlib.php which should now be:

572             throw new moodle_exception('oauth2upgradetokenerror', 'core_error', '', $this->info['http_code'], $debuginfo);

which will produce a different error message, not error/Could not upgrade oauth token.

Average of ratings: -
In reply to Leon Stringer

Re: OAuth 2 services

by Ahmed Ndaula -
Hi Leon,

Thanks it's now showing the following. I dont really know why saying invalid client secret whch I copy from microsoft

Debug info: {"error":"invalid_client","error_description":"AADSTS7000215: Invalid client secret is provided.\r\nTrace ID: ca50228e-d9f2-4a2a-8f32-ab8229d8a500\r\nCorrelation ID: bc9f94d5-6ab2-41ff-b2b2-dca9519a337f\r\nTimestamp: 2021-07-19 11:06:20Z","error_codes":[7000215],"timestamp":"2021-07-19 11:06:20Z","trace_id":"ca50228e-d9f2-4a2a-8f32-ab8229d8a500","correlation_id":"bc9f94d5-6ab2-41ff-b2b2-dca9519a337f","error_uri":"https://login.microsoftonline.com/error?code=7000215"}
Error code: oauth2upgradetokenerror
$a contents: 401
Average of ratings: -
In reply to Ahmed Ndaula

Re: OAuth 2 services

by Leon Stringer -
Picture of Core developers Picture of Particularly helpful Moodlers

I dont really know why saying invalid client secret – I can't help you there but that's why you're getting the error in Moodle, the Microsoft server is rejecting the secret.

Average of ratings: -
In reply to Leon Stringer

Re: OAuth 2 services

by Ahmed Ndaula -
Leon,

I have managed to get a step closer. Now I am running into this issue. I am running MOODLE 3.11 - Please remember I am trying to have users with gmail account be able to register/login

Exception - Argument 1 passed to core\oauth2\client::map_userinfo_to_fields() must be an instance of stdClass, null given, called in [dirroot]/lib/classes/oauth2/client.php on line 504

When I check the client.php on line 504 this is what is there and I dont know how to proceed from here;

return $this->map_userinfo_to_fields($userinfo);

Any help is highly appreciated


Thnx
Average of ratings: -
In reply to Ahmed Ndaula

Re: OAuth 2 services

by Leon Stringer -
Picture of Core developers Picture of Particularly helpful Moodlers

Moodle is calling the OAuth 2 issuer's userinfo endpoint URL to get the user's details. Moodle expects the details in a JSON message but it looks like the issuer is sending something else.

Try adding this moodle_exception before the return:

504         throw new moodle_exception('generalexceptionmessage', 'core', '', "JSON: $response");
505         return $this->map_userinfo_to_fields($userinfo);

When you try to log in using OAuth 2 you will get an error which will show the issuer's response (after "JSON:").

You may need to check the URL for the userinfo endpoint and any mapped fields re correct.

Average of ratings: -
In reply to Leon Stringer

Re: OAuth 2 services

by Leon Stringer -
Picture of Core developers Picture of Particularly helpful Moodlers
I should add: you must have debugging enabled (Debug messages: DEVELOPER and Display debug messages: Yes) to see the message.
Average of ratings: -
In reply to Leon Stringer

Re: OAuth 2 services

by Ahmed Ndaula -
Hi Leon,

I think after adding the line within client.php before line 504, it was able to register a user. But after a successful registration I have this errors display. How can I solve this;

*********** ×Stack trace: **************

line 497 of /lib/setuplib.php: moodle_exception thrown
line 26 of /admin/settings.php: call to print_error()
Average of ratings: -
In reply to Ahmed Ndaula

Re: OAuth 2 services

by Ahmed Ndaula -
Leon,

I think Google login has worked fine. Now using Microsoft login, I run into the following error. The site is www.giantpedia.com. If you have a hotmail account, you can run a test on that website

                                Could not upgrade OAuth 2 token. HTTP status for remote endpoint: 401


Thnx
Average of ratings: -
In reply to Ahmed Ndaula

Re: OAuth 2 services

by Leon Stringer -
Picture of Core developers Picture of Particularly helpful Moodlers

Aren't we back to the beginning of this thread, i.e. you're getting a 401 from the issuer? If you enable debugging in Moodle you should see the response from the issuer which may contain more details.

Average of ratings: -