I have the same problem. New users cannot login.
We use 3.9.1 version of moodle.
I cannot successed old OIDC plugin methode. Everytime I login wants to update it.
I found that an old version of moodle (3.7 and 3.8) had the same problme and it was fixed later.
Is there any solution known for version 3.9.1+ because we really need to have this fixed.
New school year starts from 1st of September 2020 and I need to have 600 new students imported and working till then.
Please help ASAP!

Hi @Sebastjan Pivk , I didn't find a solution yet.
when rolling back to older version, I get thae same upgrade requirment (for admin users) , but the OIDC works, I nelive it says that on Office365 configurations are still ok.
you can meanwhile follow this thread in Git: https://github.com/microsoft/o365-moodle/issues/1342 and maybe post your issue there as well.
some of the solutions (delete the tokens with userid=0) helped some of the people in the thread, dosnt work for me thogh.

Hi,
we have the same problem but find a solution.
it was a permission in azure AD to update (User.Read)
After that, we execute manually a task (php admin/tool/task/cli/schedule_task.php --execute='\local_o365\task\refreshsystemrefreshtoken) if local_o365 is installed
Finally, we remove all token with userid = 0
For us, this problem is solved

I have granted for my company (User.Read) and Type is Delegated.
What changes do I have to do on this?
and we use windows for moodle, how do I start the task you provide?

I need info if this is the problem only in version 3.9 and if there's any plan to fix in in near future (days)?
I upgraded moodle from 3.6.5 to 3.9 and this broke. New users cannot login but old ones can and they also can change password. So part of plugin works.
I found out that "Refresh system API user refresh token" task fails with error (Scheduled task failed: Refresh system API user refresh token (local_o365\task\refreshsystemrefreshtoken),Could not get app or system token).
Deleting tokens did not work. It constantly creates new ones with value zero (0).
What is the plan if there's no solution in a few days? I need to import new users to Azure AD and a working solution asap.
Is it better to downgrade back to 3.6 and upgrade to 3.8? Is there this solved?
Yesterday tried downgrade to 3.8 but got "upgrade requirment" loop.

error
DDL sql runtime error

Información de depuración: Table 'mdl_auth_oidc_prevlogin' already exists
CREATE TABLE mdl_auth_oidc_prevlogin (
id BIGINT(10) NOT NULL auto_increment,
userid BIGINT(10) NOT NULL,
method VARCHAR(255) COLLATE utf8mb4_unicode_520_ci NOT NULL DEFAULT '',
password VARCHAR(255) COLLATE utf8mb4_unicode_520_ci NOT NULL DEFAULT '',
CONSTRAINT PRIMARY KEY (id)
, UNIQUE KEY mdl_authoidcprev_use2_uix (userid)
)
ENGINE = InnoDB
DEFAULT COLLATE = utf8mb4_unicode_520_ci ROW_FORMAT=Compressed
COMMENT='Stores previous login methods.'
;
CREATE TABLE mdl_auth_oidc_state (
id BIGINT(10) NOT NULL auto_increment,
sesskey VARCHAR(10) COLLATE utf8mb4_unicode_520_ci NOT NULL DEFAULT '',
state VARCHAR(15) COLLATE utf8mb4_unicode_520_ci NOT NULL DEFAULT '',
nonce VARCHAR(15) COLLATE utf8mb4_unicode_520_ci NOT NULL DEFAULT '',
timecreated BIGINT(10) NOT NULL,
additionaldata LONGTEXT COLLATE utf8mb4_unicode_520_ci,
CONSTRAINT PRIMARY KEY (id)
, KEY mdl_authoidcstat_sta2_ix (state)
, KEY mdl_authoidcstat_tim2_ix (timecreated)
)
ENGINE = InnoDB
DEFAULT COLLATE = utf8mb4_unicode_520_ci ROW_FORMAT=Compressed
COMMENT='Map of state to sesskey.'
;
CREATE TABLE mdl_auth_oidc_token (
id BIGINT(10) NOT NULL auto_increment,
oidcuniqid VARCHAR(255) COLLATE utf8mb4_unicode_520_ci NOT NULL DEFAULT '',
username VARCHAR(100) COLLATE utf8mb4_unicode_520_ci NOT NULL DEFAULT '',
userid BIGINT(10) NOT NULL DEFAULT 0,
oidcusername VARCHAR(255) COLLATE utf8mb4_unicode_520_ci NOT NULL DEFAULT '',
scope LONGTEXT COLLATE utf8mb4_unicode_520_ci NOT NULL,
resource VARCHAR(127) COLLATE utf8mb4_unicode_520_ci NOT NULL DEFAULT '',
authcode LONGTEXT COLLATE utf8mb4_unicode_520_ci NOT NULL,
token LONGTEXT COLLATE utf8mb4_unicode_520_ci NOT NULL,
expiry BIGINT(10) NOT NULL,
refreshtoken LONGTEXT COLLATE utf8mb4_unicode_520_ci NOT NULL,
idtoken LONGTEXT COLLATE utf8mb4_unicode_520_ci NOT NULL,
CONSTRAINT PRIMARY KEY (id)
, KEY mdl_authoidctoke_oid2_ix (oidcuniqid)
)
ENGINE = InnoDB
DEFAULT COLLATE = utf8mb4_unicode_520_ci ROW_FORMAT=Compressed
COMMENT='Stores tokens.'
Error code: ddlexecuteerror

Hi!

In my organization after an update of our Moodle Arquitecture (using AWS escalabilty), sometimes users get the following error, anyone has an idea how to trobleshoot it??

The arquitecture use: Redis , EFS, 2 moodle instances, AWS Loadbalances, and Gluster FS

Error Code: erroroidccall

stacktrace Image: https://ibb.co/VjZ0nrL

Is this module compatible with the app Moodle when i usée redirection to authentification to o365 ? Because dit refuse my login

We are having an issue which gives the following error:
Error in OpenID Connect: AADSTS9002313: Invalid request. Request is malformed or invalid

When going into the Health Check it suggest that the System API User :Moodle does not have a token to communicate with Office 365 as the system API user. This can usually be resolved by resetting the system API user.

This has a fix it link. When we click the link it asks us to sign in with the API user and grant a load of permissions, then ends up back at the same page with the AADSTS9002313 error.

Any thoughts of what is causing this?

I have integrated office 365 account(openid connect plugin) with my Moodle 3.0 version for Single Sign On.
My users are getting the following error message when they try to single sign on into moodle through office.com:
Error in OpenID Connect: AADSTS9002313: Invalid request. Request is malformed or invalid.

Hi Andrew Field, Did you find solution for your issue?

Hello, great plugin !!! I'm using it to connect my users via OpenID Connect with my Okta SSO platform. But I'm facing a problem : how to implement the logout ? Clicking on the Moodle logout button don't logout from Moodle neither Okta. I can't understand how to implement the logout in the plugin. May you help me please ?

Hi folks, we have a minor problem where the login button image doesn't display on the button in the Moodle header. It does display on the button on the main Moodle login page. We checked with the developer of the theme we are using and she indicated that the button image is served by the oidc plugin code. Is this something that can be fixed?

Hi, I need same help to restrict access by email domain using regular expression pattern that matches the usernames of users. Can someone help: usernames are like: alfa.num@domain.com

In Version 3.9.4 (2020071504), the scheduled task 'Clean up OIDC state and invalid token' (\auth_oidc\task\cleanup_oidc_state_and_token) fails to run and blocks all other scheduled tasks from running. When run from the command line the below error message is generated:

!!! Exception - Argument 3 passed to mysqli_native_moodle_database::delete_records_select() must be of the type array or null, int given, called in [dirroot]/auth/oidc/classes/task/cleanup_oidc_state_and_token.php on line 47 !!!

The only way to have all other scheduled tasks to run is to disable this task. We have this version of auth_oidc installed on two sites and they both produce this error.

Moodle versions are: 3.9.3 and 3.9.1