OpenID Connect

Authentication ::: auth_oidc

Maintained by

Enovation Dev Team,

Lai Wei,

Patryk Mroczko

Part of set Microsoft 365.

The OpenID Connect plugin provides single-sign-on functionality using configurable identity providers.

Latest release: 4 months

8713 sites

3k downloads

102 fans

Current versions available: 9

Download

OpenID Connect Authentication Plugin

The OpenID Connect plugin provides single-sign-on functionality using configurable identity providers, including Azure Active Directory. It is used as part of the Microsoft 365 suite of plugins to connect to Azure Active Directory, but can be configured to provide SSO integration between Moodle and other OpenID Connect providers as well.

This is part of the suite of Microsoft 365 plugins for Moodle.

To follow active development on GitHub, or to find historical versions, click here.

The supported Moodle versions of this plugin is in line with core Moodle version support.

Questions and issue reporting

Github should be used for reporting issues found when configuring or using the plugin, and to ask questions. The comments area on this page is not actively monitored.

Contributing

Before we can accept your pull request, you'll need to electronically complete Microsoft's Contributor License Agreement. If you've done this for other Microsoft projects, then you're already covered.

Why a CLA? (from the FSF)

Copyright

Code for this plugin is licensed under the GPLv3 license.

Any Microsoft trademarks and logos included in these plugins are property of Microsoft and should not be reused, redistributed, modified, repurposed, or otherwise altered or used outside of this plugin.

Useful links

Screenshots

Contributors

Enovation Dev Team (Lead maintainer)

View other contributions

Lai Wei

View other contributions

Patryk Mroczko

View other contributions

James McQuillan

View other contributions

Mike Churchward

View other contributions

Vinayak (Vin) Bhalerao

View other contributions

Zion Brewer

View other contributions

Nima Mojgani

View other contributions

Please login to view contributors details and/or to contact them

Awards

Automated testing support

Privacy friendly

Early bird 4.1

Comments

Show comments

Oswaldo Rojas
Thu, 20 Oct 2022, 7:39 PM
Hi, please report your issues to Github so we can get back to you individually in an organised way: https://github.com/microsoft/o365-moodle/issues. Viviana, Site administration - Plugins - Manage authentication -> Enable the option authpreventaccountcreation and it will stop any authentication methods from creating new accounts first time login.
Friedhelm Küppers
Wed, 26 Oct 2022, 9:53 PM
Hi!

With the update to plugin version 3.11.5 from October 12, 2022, the login button for the authentication request disappeared. Our learners can no longer log in. The settings in Moodle have all remained the same.

Is this a problem in the plugin or can we install the plugin version for Moodle 4 for Moodle 3.11.10 and will that solve the problem?

Many greetings
Friedhelm
Kateryna Martynenko
Tue, 31 Jan 2023, 6:16 AM
Hey,

I wonder if the plugin could be used for Clever SSO integration into Moodle?

Kateryna
Tom Tom
Fri, 14 Apr 2023, 7:47 AM
I see the OpenID Connect login along side manual uid/pwd login. I click the OpenID Connect login. I get redirected to the Windows server and authenticate. I get redirected back to Moodle. But I see this: "Error in OpenID Connect: Wrong authentication method used. MUST use 'client_secret_basic'" It appears that the Windows server is posting the response. Why does this plugin not handle it? Is there a setting I'm missing to set up installation? Thanks
cristian bodda
Wed, 15 Nov 2023, 2:47 AM
Good morning everyone, I have a problem that I can't solve with Open Id connect, could you help me? I'm trying to make open Id connect work in our school, in a Moodle 3.2 platform with the old version 4.0.1
2022041905 of open id connect everything works perfectly.
With the new version of Moodle 4.2 and the specific open id connect plugin for Moodle 4.2 nothing works anymore. The version of the Opne Id connect Plugin that does not work is this: 4.2.2 ; 2023042410

Activity ID: 55b79301-a33f-43fa-0646-0080010000ad
Relying party: test.formazione-polizia.ti.ch
Error details: MSIS9223: Received invalid OAuth authorization request. The received 'client_id' is invalid as no registered client was found with this client identifier. Make sure that the client is registered. Received client_id: 'https://test.formazione-polizia.ti.ch/auth/oidc/'.
Node name: f7ab8949-9558-457d-8280-11bf8f605f8d
Error time: Tue, 14 Nov 2023 18:45:35 GMT
Cookie: enabled
User agent string: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0

Can anyone help me? Thank you
Eurecat Academy
Tue, 12 Dec 2023, 11:38 PM
Hello,

Thank you for the plugin!

We attempted to connect Keycloak with Moodle 4.2.2+ (Build: 20230822) using this plugin.

We have taken the following steps:

1- We created the client in Keycloak.
2- We set the redirect URI (provided by the plugin) in Keycloak.
3- In the plugin settings, we configured the authorization endpoint, token endpoint, resource, identity provider (IdP) type: other, and client secret.
4- We tested logging in. We were able to log in using OpenID, which directed us to Keycloak. However, when it attempted to redirect to Moodle, we encountered the following error:
403 Forbidden
You don't have permission to access this resource.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

Could you please help us?
Syusan Jun
Thu, 11 Jan 2024, 2:05 PM
When using "Microsoft identity platform (v2.0)" IdP type, use v2.0 endpoint, e.g.

When using "Microsoft identity platform (v2.0)" IdP type, use v2.0 endpoint, e.g.
https://login.microsoftonline.com/common/oauth2/v2.0/authorize
Csaba Vágvölgyi
Fri, 30 Aug 2024, 1:51 PM
We have just launched a new Moodle 4.1 site with OpenId connect authentication. The authentication works well and the synchronization of the basic profile fields (name, e-mail) is ok, but any other profile fields are not synchronized.
Microsoft Graph seems to be set up well, but still the profile fields set on the Field mapping page do not appear in the Moodle profiles. Anyone have any ideas? TIA
Andrew C
Tue, 10 Sept 2024, 7:12 PM
Hi Csaba, I hope all is well. Please can you let me know if you found a solution.
Csaba Vágvölgyi
Tue, 10 Sept 2024, 7:33 PM
Hi Andrew,
I found the solution with some help:
On the "Sync settings page" of the Microsoft 365 Integration module I have to check 2 checkboxes:
- Update accounts in Moodle for users in Microsoft Entra ID
- Perform a full sync each run
The defualt run time is 2:00 am, but you can run manually on Scheduled tasks: Sync users from Microsoft Entra ID
After this, the missng profile fields were successfully updated
Andrew C
Tue, 10 Sept 2024, 11:09 PM
Thanks Csaba. This is really appreciated.
Michael Milette
Thu, 14 Nov 2024, 11:28 PM
When do you think we can expect to see a release for Moodle 4.5 LTS?
Enovation Dev Team
Thu, 14 Nov 2024, 11:49 PM
Hi Michael, all the Microsoft plugins are being tested for 4.5 at this moment, next release will be in a couple weeks. Kind Regards
Xodenni Louke
Tue, 20 May 2025, 8:19 PM
Hello,

I have installed Moodle version 4.5.3 with the OpenID Connect plugin (https://moodle.org/plugins/auth_oidc).
Authentication works perfectly and I have no apparent problems.
However, the refresh token code was missing in the plugin, so I coded it myself.

Once I had installed my updated plugin, I noticed that my OIDC server (Keycloak) wasn't receiving any token renewal requests.
So I deduce that Moodle itself renews the token without going through the authentication system (OIDC in my case).

Do you know how to force OIDC to refresh the token?

Thanks for your help
[Ticket from https://moodle.org/mod/forum/discuss.php?d=468069]
Luca C
Thu, 10 July 2025, 4:05 PM
Hello, is the current version compatible with Moodle 5? If not, when is a compatible version expected to be released? Thank you