Oauth2 Error "The email address is not allowed at this site."

Oauth2 Error "The email address is not allowed at this site."

autor Eric Baker -
Počet odpovědí: 10

I am trying to get Oauth2 to allow my employees to login using their Google Workspace account. I've got everything configured and the connection between Google and my Moodle installation are great. Under /admin/tool/oauth2/issuers.php we're all green checks. When I go into the settings for the connection to Google, I have tried both putting in allowed domains and leaving it blank, it doesn't matter. Elsewhere in the settings where I can restrict domains I've tried both putting it in and not. 

Every time I try to login, I get the error "The login attempt failed. Reason: The email address is not allowed at this site." 

This is on Moodle 3.11.3+ (Build: 20211019). Yes, there is an update available, but I've had this issue spanning several versions now and the changelog doesn't look like it's done anything that would rectify this.


Průměr hodnocení: -
V odpovědi na Eric Baker

Re: Oauth2 Error "The email address is not allowed at this site."

autor Ken Task -
Obrázek: Particularly helpful Moodlers

Does the error reported say either of these?

Authorization Error
Error 403: org_internal
This client is restricted to users within its organization.

Error 403: org_internal
This client is restricted to users within its organization.
The content in this section has been provided by the app developer. This content has not been reviewed or verified by Google.
If you’re the app developer, make sure that these request details comply with Google policies.

On the moodle end setup ... check scopes.  Less secure apps on the Google end?

Was helping a K12 site with a Google Work Place setup with  this very thing ... don't think he'd mind me sharing his info cause the 'Work Place' end is where he went to get this to work (I didn't take notes nor screen shots of his google meet screen):

Richard Sullivan - maybe you could find him still in these forums and PM him.

'SoS', Ken


Průměr hodnocení: -
V odpovědi na Ken Task

Re: Oauth2 Error "The email address is not allowed at this site."

autor Eric Baker -
Nope. Just get the error “ The login attempt failed. Reason: The email address is not allowed at this site."
Průměr hodnocení: -
V odpovědi na Eric Baker

Re: Oauth2 Error "The email address is not allowed at this site."

autor Ken Task -
Obrázek: Particularly helpful Moodlers

Maybe:

https://docs.moodle.org/311/en/OAuth_2_services#Login_domains

'SoS', Ken

Průměr hodnocení: -
V odpovědi na Ken Task

Ri: Re: Oauth2 Error "The email address is not allowed at this site."

autor Sergio Rabellino -
Obrázek: Particularly helpful Moodlers Obrázek: Plugin developers
The error is fired in two cases:
1) when the user email is not compliant with the values specified in $CFG->allowemailaddresses (or via Manage Authentication Section in moodle admin menu)
2) when the oauth2 issuer email is not compliant with "Login domains" properties into the oauth2 configuration for google (this is what you checked yet).

So check the point 1.
Průměr hodnocení: -
V odpovědi na Sergio Rabellino

Re: Ri: Re: Oauth2 Error "The email address is not allowed at this site."

autor Eric Baker -
Forgot to mention that I did look at that. It doesn’t matter if I include the domain or leave it blank. Still doesn’t work.
Průměr hodnocení: -
V odpovědi na Eric Baker

Ri: Re: Ri: Re: Oauth2 Error "The email address is not allowed at this site."

autor Sergio Rabellino -
Obrázek: Particularly helpful Moodlers Obrázek: Plugin developers

did you check the two different configurations?

Průměr hodnocení: -
V odpovědi na Ken Task

Re: Oauth2 Error "The email address is not allowed at this site."

autor Emma Richardson -
Obrázek: Documentation writers Obrázek: Particularly helpful Moodlers Obrázek: Plugin developers
Have you set up the necessary permissions etc in your google app and approved the site domain in there.
Průměr hodnocení: -
V odpovědi na Emma Richardson

Re: Oauth2 Error "The email address is not allowed at this site."

autor Eric Baker -
Yes, it’s an internal OAuth client so the domain(s) in question are allowed.
Průměr hodnocení: -
V odpovědi na Eric Baker

Re: Oauth2 Error "The email address is not allowed at this site."

autor Emma Richardson -
Obrázek: Documentation writers Obrázek: Particularly helpful Moodlers Obrázek: Plugin developers
What do you mean by this? You said originally this was a Google workspace connection - but now you are saying you have an internal OAuth? Do you have another server handling authentication between Google and Moodle?
Průměr hodnocení: -