I'm using oauth2 for logging from Microsoft account and Google account to our Moodle site.
Recently, some user informed me that suddenly their accounts (logged by Microsoft account) had Site Administrator privileges. I checked and saw that, some bad users already processed wrong actions on our sites (changing the other profile, viewing/editing Quiz and Grade,...).
Same user but if logged with Google account so that hadn't Site Administrator privileges.
It's really dangerous so.
Is there anybody has been faced to that problem with Oauth2 plugin in Moodle.
My Moodle version is 3.6.4+ (Build: 20190519)
Hope to get quickly anyone's help for this big issue so.