Oauth2 Error "The email address is not allowed at this site."

Oauth2 Error "The email address is not allowed at this site."

oleh Eric Baker -
Jumlah balasan: 10

I am trying to get Oauth2 to allow my employees to login using their Google Workspace account. I've got everything configured and the connection between Google and my Moodle installation are great. Under /admin/tool/oauth2/issuers.php we're all green checks. When I go into the settings for the connection to Google, I have tried both putting in allowed domains and leaving it blank, it doesn't matter. Elsewhere in the settings where I can restrict domains I've tried both putting it in and not. 

Every time I try to login, I get the error "The login attempt failed. Reason: The email address is not allowed at this site." 

This is on Moodle 3.11.3+ (Build: 20211019). Yes, there is an update available, but I've had this issue spanning several versions now and the changelog doesn't look like it's done anything that would rectify this.


Rata-rata penilaian: -
Sebagai balasan Eric Baker

Re: Oauth2 Error "The email address is not allowed at this site."

oleh Ken Task -
Gambar dari Particularly helpful Moodlers

Does the error reported say either of these?

Authorization Error
Error 403: org_internal
This client is restricted to users within its organization.

Error 403: org_internal
This client is restricted to users within its organization.
The content in this section has been provided by the app developer. This content has not been reviewed or verified by Google.
If you’re the app developer, make sure that these request details comply with Google policies.

On the moodle end setup ... check scopes.  Less secure apps on the Google end?

Was helping a K12 site with a Google Work Place setup with  this very thing ... don't think he'd mind me sharing his info cause the 'Work Place' end is where he went to get this to work (I didn't take notes nor screen shots of his google meet screen):

Richard Sullivan - maybe you could find him still in these forums and PM him.

'SoS', Ken


Rata-rata penilaian: -
Sebagai balasan Ken Task

Re: Oauth2 Error "The email address is not allowed at this site."

oleh Eric Baker -
Nope. Just get the error “ The login attempt failed. Reason: The email address is not allowed at this site."
Rata-rata penilaian: -
Sebagai balasan Eric Baker

Re: Oauth2 Error "The email address is not allowed at this site."

oleh Ken Task -
Gambar dari Particularly helpful Moodlers

Maybe:

https://docs.moodle.org/311/en/OAuth_2_services#Login_domains

'SoS', Ken

Rata-rata penilaian: -
Sebagai balasan Ken Task

Ri: Re: Oauth2 Error "The email address is not allowed at this site."

oleh Sergio Rabellino -
Gambar dari Particularly helpful Moodlers Gambar dari Plugin developers
The error is fired in two cases:
1) when the user email is not compliant with the values specified in $CFG->allowemailaddresses (or via Manage Authentication Section in moodle admin menu)
2) when the oauth2 issuer email is not compliant with "Login domains" properties into the oauth2 configuration for google (this is what you checked yet).

So check the point 1.
Rata-rata penilaian: -
Sebagai balasan Sergio Rabellino

Re: Ri: Re: Oauth2 Error "The email address is not allowed at this site."

oleh Eric Baker -
Forgot to mention that I did look at that. It doesn’t matter if I include the domain or leave it blank. Still doesn’t work.
Rata-rata penilaian: -
Sebagai balasan Eric Baker

Ri: Re: Ri: Re: Oauth2 Error "The email address is not allowed at this site."

oleh Sergio Rabellino -
Gambar dari Particularly helpful Moodlers Gambar dari Plugin developers

did you check the two different configurations?

Rata-rata penilaian: -
Sebagai balasan Ken Task

Re: Oauth2 Error "The email address is not allowed at this site."

oleh Emma Richardson -
Gambar dari Documentation writers Gambar dari Particularly helpful Moodlers Gambar dari Plugin developers
Have you set up the necessary permissions etc in your google app and approved the site domain in there.
Rata-rata penilaian: -
Sebagai balasan Emma Richardson

Re: Oauth2 Error "The email address is not allowed at this site."

oleh Eric Baker -
Yes, it’s an internal OAuth client so the domain(s) in question are allowed.
Rata-rata penilaian: -
Sebagai balasan Eric Baker

Re: Oauth2 Error "The email address is not allowed at this site."

oleh Emma Richardson -
Gambar dari Documentation writers Gambar dari Particularly helpful Moodlers Gambar dari Plugin developers
What do you mean by this? You said originally this was a Google workspace connection - but now you are saying you have an internal OAuth? Do you have another server handling authentication between Google and Moodle?
Rata-rata penilaian: -