OpenID Connect

Authentication ::: auth_oidc
Maintained by Enovation Dev Team, James McQuillan, Zion Brewer, Nima Mojgani
The OpenID Connect plugin provides single-sign-on functionality using configurable identity providers.
Latest release:
6496 sites
2k downloads
73 fans

OpenID Connect Authentication Plugin

The OpenID Connect plugin provides single-sign-on functionality using configurable identity providers, including Azure Active Directory. It is used as part of the Microsoft 365 suite of plugins to connect to Azure Active Directory, but can be configured to provide SSO integration between Moodle and other OpenID Connect providers as well.

This is part of the suite of Microsoft 365 plugins for Moodle.

To follow active development on GitHub, click here.

This plugin is updated with stable Moodle releases. This means:

  • New features, bug fixes for general core bugs, and security issues for all plugin versions for Moodle 3.9.x and earlier versions have ended, with the following exception:
    • Bug fixes for security issues for Moodle 3.9.x versions will end 8 May 2023.
  • For plugin versions for Moodle 3.10:
    • New features and full support until November 2021.
    • Bug fixes for security issues until May 2022.
  • For plugin versions for Moodle 3.11 (to be released in July 2021):
    • New features and full support until May 2022.
    • Bug fixes for security issues until November 2022.

Contributing

Before we can accept your pull request, you'll need to electronically complete Microsoft's Contributor License Agreement. If you've done this for other Microsoft projects, then you're already covered.

Why a CLA? (from the FSF)

Copyright

(c) Microsoft, Inc.  Code for this plugin is licensed under the GPLv3 license.

Any Microsoft trademarks and logos included in these plugins are property of Microsoft and should not be reused, redistributed, modified, repurposed, or otherwise altered or used outside of this plugin.

Sets

This plugin is part of set Microsoft 365.

Screenshots

Screenshot #0
Screenshot #1
Screenshot #2

Contributors

Enovation Dev Team (Lead maintainer)
Vinayak (Vin) Bhalerao
Akinsaya Delamarre
Please login to view contributors details and/or to contact them

Comments RSS

Show comments
  • Tue, Aug 18, 2020, 6:11 PM
    I have granted for my company (User.Read) and Type is Delegated.
    What changes do I have to do on this?
    and we use windows for moodle, how do I start the task you provide?
  • Tue, Aug 18, 2020, 7:45 PM
    I need info if this is the problem only in version 3.9 and if there's any plan to fix in in near future (days)?
    I upgraded moodle from 3.6.5 to 3.9 and this broke. New users cannot login but old ones can and they also can change password. So part of plugin works.
    I found out that "Refresh system API user refresh token" task fails with error (Scheduled task failed: Refresh system API user refresh token (local_o365\task\refreshsystemrefreshtoken),Could not get app or system token).
    Deleting tokens did not work. It constantly creates new ones with value zero (0).
    What is the plan if there's no solution in a few days? I need to import new users to Azure AD and a working solution asap.
    Is it better to downgrade back to 3.6 and upgrade to 3.8? Is there this solved?
    Yesterday tried downgrade to 3.8 but got "upgrade requirment" loop.
  • Thu, Sep 3, 2020, 10:57 PM
    error
    DDL sql runtime error

    Información de depuración: Table 'mdl_auth_oidc_prevlogin' already exists
    CREATE TABLE mdl_auth_oidc_prevlogin (
    id BIGINT(10) NOT NULL auto_increment,
    userid BIGINT(10) NOT NULL,
    method VARCHAR(255) COLLATE utf8mb4_unicode_520_ci NOT NULL DEFAULT '',
    password VARCHAR(255) COLLATE utf8mb4_unicode_520_ci NOT NULL DEFAULT '',
    CONSTRAINT PRIMARY KEY (id)
    , UNIQUE KEY mdl_authoidcprev_use2_uix (userid)
    )
    ENGINE = InnoDB
    DEFAULT COLLATE = utf8mb4_unicode_520_ci ROW_FORMAT=Compressed
    COMMENT='Stores previous login methods.'
    ;
    CREATE TABLE mdl_auth_oidc_state (
    id BIGINT(10) NOT NULL auto_increment,
    sesskey VARCHAR(10) COLLATE utf8mb4_unicode_520_ci NOT NULL DEFAULT '',
    state VARCHAR(15) COLLATE utf8mb4_unicode_520_ci NOT NULL DEFAULT '',
    nonce VARCHAR(15) COLLATE utf8mb4_unicode_520_ci NOT NULL DEFAULT '',
    timecreated BIGINT(10) NOT NULL,
    additionaldata LONGTEXT COLLATE utf8mb4_unicode_520_ci,
    CONSTRAINT PRIMARY KEY (id)
    , KEY mdl_authoidcstat_sta2_ix (state)
    , KEY mdl_authoidcstat_tim2_ix (timecreated)
    )
    ENGINE = InnoDB
    DEFAULT COLLATE = utf8mb4_unicode_520_ci ROW_FORMAT=Compressed
    COMMENT='Map of state to sesskey.'
    ;
    CREATE TABLE mdl_auth_oidc_token (
    id BIGINT(10) NOT NULL auto_increment,
    oidcuniqid VARCHAR(255) COLLATE utf8mb4_unicode_520_ci NOT NULL DEFAULT '',
    username VARCHAR(100) COLLATE utf8mb4_unicode_520_ci NOT NULL DEFAULT '',
    userid BIGINT(10) NOT NULL DEFAULT 0,
    oidcusername VARCHAR(255) COLLATE utf8mb4_unicode_520_ci NOT NULL DEFAULT '',
    scope LONGTEXT COLLATE utf8mb4_unicode_520_ci NOT NULL,
    resource VARCHAR(127) COLLATE utf8mb4_unicode_520_ci NOT NULL DEFAULT '',
    authcode LONGTEXT COLLATE utf8mb4_unicode_520_ci NOT NULL,
    token LONGTEXT COLLATE utf8mb4_unicode_520_ci NOT NULL,
    expiry BIGINT(10) NOT NULL,
    refreshtoken LONGTEXT COLLATE utf8mb4_unicode_520_ci NOT NULL,
    idtoken LONGTEXT COLLATE utf8mb4_unicode_520_ci NOT NULL,
    CONSTRAINT PRIMARY KEY (id)
    , KEY mdl_authoidctoke_oid2_ix (oidcuniqid)
    )
    ENGINE = InnoDB
    DEFAULT COLLATE = utf8mb4_unicode_520_ci ROW_FORMAT=Compressed
    COMMENT='Stores tokens.'
    Error code: ddlexecuteerror
  • Thu, Sep 10, 2020, 3:34 AM
    Hi!

    In my organization after an update of our Moodle Arquitecture (using AWS escalabilty), sometimes users get the following error, anyone has an idea how to trobleshoot it??

    The arquitecture use: Redis , EFS, 2 moodle instances, AWS Loadbalances, and Gluster FS

    Error Code: erroroidccall

    stacktrace Image: https://ibb.co/VjZ0nrL
  • Sun, Sep 13, 2020, 1:38 PM
    Is this module compatible with the app Moodle when i usée redirection to authentification to o365 ? Because dit refuse my login
  • Sun, Sep 13, 2020, 6:53 PM
    We are having an issue which gives the following error:
    Error in OpenID Connect: AADSTS9002313: Invalid request. Request is malformed or invalid

    When going into the Health Check it suggest that the System API User :Moodle does not have a token to communicate with Office 365 as the system API user. This can usually be resolved by resetting the system API user.

    This has a fix it link. When we click the link it asks us to sign in with the API user and grant a load of permissions, then ends up back at the same page with the AADSTS9002313 error.

    Any thoughts of what is causing this?
  • Wed, Sep 16, 2020, 9:27 PM
    I have integrated office 365 account(openid connect plugin) with my Moodle 3.0 version for Single Sign On.
    My users are getting the following error message when they try to single sign on into moodle through office.com:
    Error in OpenID Connect: AADSTS9002313: Invalid request. Request is malformed or invalid.
  • Thu, Sep 17, 2020, 1:53 PM
    Hi Andrew Field, Did you find solution for your issue?
  • Fri, Oct 2, 2020, 3:51 PM
    Hello, great plugin !!! I'm using it to connect my users via OpenID Connect with my Okta SSO platform. But I'm facing a problem : how to implement the logout ? Clicking on the Moodle logout button don't logout from Moodle neither Okta. I can't understand how to implement the logout in the plugin. May you help me please ?
  • Wed, Oct 28, 2020, 12:10 AM
    Hi folks, we have a minor problem where the login button image doesn't display on the button in the Moodle header. It does display on the button on the main Moodle login page. We checked with the developer of the theme we are using and she indicated that the button image is served by the oidc plugin code. Is this something that can be fixed?
  • METAMORFOSYS
    Wed, Mar 10, 2021, 9:48 PM
    Hi, I need same help to restrict access by email domain using regular expression pattern that matches the usernames of users. Can someone help: usernames are like: alfa.num@domain.com
  • Thu, Apr 29, 2021, 5:36 PM
    In Version 3.9.4 (2020071504), the scheduled task 'Clean up OIDC state and invalid token' (\auth_oidc\task\cleanup_oidc_state_and_token) fails to run and blocks all other scheduled tasks from running. When run from the command line the below error message is generated:

    !!! Exception - Argument 3 passed to mysqli_native_moodle_database::delete_records_select() must be of the type array or null, int given, called in [dirroot]/auth/oidc/classes/task/cleanup_oidc_state_and_token.php on line 47 !!!

    The only way to have all other scheduled tasks to run is to disable this task. We have this version of auth_oidc installed on two sites and they both produce this error.

    Moodle versions are: 3.9.3 and 3.9.1
  • Wed, Dec 8, 2021, 10:55 PM
    Hi,
    probably there is a bug in latest 3.9.8 version. The tablefield resource was not renamed to tokenresource during upgrade process. The part in upgrade.php is maybe the $result:
    if ($result && $oldversion < 2020071504) {
    ...
  • Wed, Dec 8, 2021, 11:07 PM
    Hi Daniel, please raise any issues you have in the github issues section. For your issue re 3.9.8, we have raised one here https://github.com/microsoft/o365-moodle/issues/1901. Kind Regards Oswaldo
  • Wed, Dec 8, 2021, 11:51 PM
    Hi Daniel,

    I have made an emergency release of auth_oidc for Moodle 3.9 which contains a fix to the issue. Details are added in the github issue https://github.com/microsoft/o365-moodle/issues/1901. The release is at https://moodle.org/plugins/auth_oidc/3.9.8/25633.

    Regards,
    Lai
1 2 3 4 5 6
Please login to post comments