Oauth2 authentication
This document describes the functional and technical specification of Moodle Oauth2 plugin(s). Oauth2 plugin(s) will allow a user to authenticate in Moodle with a identity provider that implement Oauth2, like Google or Facebook.
What is Oauth2
See also
What is the user's benefice
The user can connect in Moodle with a Google/Facebook/... account. Login in Moodle becomes 1 click on a Google/Facebook/... button.
Why implementing Oauth2 which is still in Draft version
The main reason we choose Oauth2 is that massive identity providers as Google already start to deprecate Oauth1 or only use Oauth2 (Facebook). Oauth2 has also for benefit over Oauth1 to be simpler to implement for the client. However at the moment, Oauth2 is on a rocky road. The specification are still marked as Draft, and major providers as Facebook or Google implement their own version. But at the end they are globally similar, and we will be able to reuse a major part of our code for each providers.
Functional specification
User
User authenticates for the first time in Moodle
User already has an account
The email address sent by the identity provider is known by Moodle
The email address is unknown
Administration
The administrator wants to:
- enable the plugin(s)
- set Oauth2 client id / Oauth2 client secret
- allow user account creation
- set lockable fields
- deny email addresses
- bypass the deny email addresses global settings (for example allow hotmail registration by Oauth2 but disallow it for manual to avoid spammer)
- allow email addresses