HTTP Basic authentication

Authentication ::: auth_basic
Maintained by Catalyst IT, Brendan Heywood, Daniel Thee Roperto
Enable services and users to authenticate using basic auth.
Latest release:
310 sites
8 fans
Moodle 2.7, 2.8, 2.9, 3.0, 3.1, 3.2, 3.3, 3.4, 3.5, 3.6, 3.7, 3.8, 3.9, 3.10, 3.11

Enable users to authenticate using basic auth.

This is more for dev purposes and allows easier testing with tools such as webpage test, page speed, link checkers etc which often can use basic auth out of the box, and you don't want to, or cannot, customise just to handle moodle specific authentication.

Even in production this has value for use cases such as performance regression testing using a real user and a real page which does a full bootstrap.

Unlike the core 'no authentication' plugin, this still requires real users and does proper password checks. It does ignore the auth type against the account, eg manual, ldap, smtp so can be used side by side with other auth plugins, as long as those plugins store or cache the password, ie prevent_local_passwords() returns false for those plugins. So it can only be used with existing accounts and doesn't create accounts.

From a security perspective this auth plugin is exactly as secure as the manual auth plugin, so this should only be used in conjunction with https.


Screenshot #0
Screenshot #1


Catalyst IT (Lead maintainer)
Daniel Thee Roperto: Coder at Catalyst IT Australia
Please login to view contributors details and/or to contact them

Comments RSS

Show comments
  • Fri, Jan 9, 2015, 6:14 AM
    Hi Brendan,

    The plugin looks good - it's simple and useful.
    Would you mind fixing at least more important prechecker errors (eg @copyright, __construct(), visibility).
    Also, note that the redirect you do:
    $urltogo = '/';

    won't work correctly if Moodle is installed in sub-directory (e.g. - you should redirect to root WWW instead.

    Thanks for sharing !
  • Fri, Jan 9, 2015, 11:31 AM
    Thanks Tomek, It's now passes with both the local/moodlecheck and local/codechecker and I fixed that redirect, so should be good to go
  • Sat, Jan 10, 2015, 5:57 AM
    Something is not right here with the versions - points to old version download as latest:

    Current version 2014121100 (2014121100)
    Release date: Thursday, December 11, 2014, 3:37 AM

    Previous versions 2014121903 (2014121903)
    Release date: Friday, January 9, 2015, 2:34 AM

    maybe you just need to put info on the latest version that it's for Moodle 2.7, 2.8 - could you just update it.
  • Sat, Jan 10, 2015, 7:05 AM
    Yeah I've cleaned that metadata up.
  • Fri, Sep 2, 2016, 4:32 AM
    Which directory does this plug-in get installed to?
  • Mon, Sep 5, 2016, 8:39 AM
    hi Christopher,

    I've fleshed out the install instructions here:

    This goes into /auth/basic/
  • Sat, Nov 25, 2017, 7:21 AM
    I'm having trouble removing this plugin from my instance. This may be causing an upgrading issue for Moodle v3.4 and I need to uninstall this plugin
  • Mon, Nov 27, 2017, 6:41 AM
    hi Christopher,

    Support for 3.3 and 3.4 has not yet been added to this plugin as the auth settings api changed in 3.3

    There is nothing special about this plugin in terms of uninstalling - the only gotcha, which applies to all auth plugins, is that you can only uninstall it if there are no users who have this auth type, which includes suspended users. You may need to migrate them to another auth type like manual first and then uninstall this plugin.
  • Tue, Nov 27, 2018, 5:54 PM
    Are there any plans to get this working for 3.4.x ?
  • Tue, Dec 4, 2018, 10:56 AM
    hi Don, this already supports 3.4
  • Tue, Mar 5, 2019, 2:55 AM
    Estimad@s, está versión estará disponible para Moodle 3.5?
Please login to post comments