Oauth2 Error "The email address is not allowed at this site."

Oauth2 Error "The email address is not allowed at this site."

by Eric Baker -
Number of replies: 10

I am trying to get Oauth2 to allow my employees to login using their Google Workspace account. I've got everything configured and the connection between Google and my Moodle installation are great. Under /admin/tool/oauth2/issuers.php we're all green checks. When I go into the settings for the connection to Google, I have tried both putting in allowed domains and leaving it blank, it doesn't matter. Elsewhere in the settings where I can restrict domains I've tried both putting it in and not. 

Every time I try to login, I get the error "The login attempt failed. Reason: The email address is not allowed at this site." 

This is on Moodle 3.11.3+ (Build: 20211019). Yes, there is an update available, but I've had this issue spanning several versions now and the changelog doesn't look like it's done anything that would rectify this.


Average of ratings: -
In reply to Eric Baker

Re: Oauth2 Error "The email address is not allowed at this site."

by Ken Task -
Picture of Particularly helpful Moodlers

Does the error reported say either of these?

Authorization Error
Error 403: org_internal
This client is restricted to users within its organization.

Error 403: org_internal
This client is restricted to users within its organization.
The content in this section has been provided by the app developer. This content has not been reviewed or verified by Google.
If you’re the app developer, make sure that these request details comply with Google policies.

On the moodle end setup ... check scopes.  Less secure apps on the Google end?

Was helping a K12 site with a Google Work Place setup with  this very thing ... don't think he'd mind me sharing his info cause the 'Work Place' end is where he went to get this to work (I didn't take notes nor screen shots of his google meet screen):

Richard Sullivan - maybe you could find him still in these forums and PM him.

'SoS', Ken


Average of ratings: -
In reply to Ken Task

Re: Oauth2 Error "The email address is not allowed at this site."

by Eric Baker -
Nope. Just get the error “ The login attempt failed. Reason: The email address is not allowed at this site."
Average of ratings: -
In reply to Eric Baker

Re: Oauth2 Error "The email address is not allowed at this site."

by Ken Task -
Picture of Particularly helpful Moodlers

Maybe:

https://docs.moodle.org/311/en/OAuth_2_services#Login_domains

'SoS', Ken

Average of ratings: -
In reply to Ken Task

Ri: Re: Oauth2 Error "The email address is not allowed at this site."

by Sergio Rabellino -
Picture of Particularly helpful Moodlers Picture of Plugin developers
The error is fired in two cases:
1) when the user email is not compliant with the values specified in $CFG->allowemailaddresses (or via Manage Authentication Section in moodle admin menu)
2) when the oauth2 issuer email is not compliant with "Login domains" properties into the oauth2 configuration for google (this is what you checked yet).

So check the point 1.
Average of ratings: -
In reply to Sergio Rabellino

Re: Ri: Re: Oauth2 Error "The email address is not allowed at this site."

by Eric Baker -
Forgot to mention that I did look at that. It doesn’t matter if I include the domain or leave it blank. Still doesn’t work.
Average of ratings: -
In reply to Eric Baker

Ri: Re: Ri: Re: Oauth2 Error "The email address is not allowed at this site."

by Sergio Rabellino -
Picture of Particularly helpful Moodlers Picture of Plugin developers

did you check the two different configurations?

Average of ratings: -
In reply to Sergio Rabellino

Re: Ri: Re: Ri: Re: Oauth2 Error "The email address is not allowed at this site."

by Eric Baker -
Yes, checked both those areas.
Average of ratings: -
In reply to Ken Task

Re: Oauth2 Error "The email address is not allowed at this site."

by Emma Richardson -
Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Plugin developers
Have you set up the necessary permissions etc in your google app and approved the site domain in there.
Average of ratings: -
In reply to Emma Richardson

Re: Oauth2 Error "The email address is not allowed at this site."

by Eric Baker -
Yes, it’s an internal OAuth client so the domain(s) in question are allowed.
Average of ratings: -
In reply to Eric Baker

Re: Oauth2 Error "The email address is not allowed at this site."

by Emma Richardson -
Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Plugin developers
What do you mean by this? You said originally this was a Google workspace connection - but now you are saying you have an internal OAuth? Do you have another server handling authentication between Google and Moodle?
Average of ratings: -