OAuth 2 services

Jump to: navigation, search

New feature
in Moodle 3.3!

OAuth2 services

  • Moodle 3.3 adds support for OAuth 2 services, which can be used by any plugin to provide authenticated access to external services either as the current user, or using a system account.
  • OAuth 2 services are used for example, to provide a "Log in using Google/Microsoft/Facebook" feature on the login page, and then to share that authenticated session with repositories like Google Drive and OneDrive without having to re-authenticate.
  • OAuth 2 services can be used by plugins even if they do not use them on the login page, and it's possible to login to multiple services at the same time.

Login

See OAuth 2 authentication for details of how to enable the feature.

Open ID Connect

Open ID Connect is a standard for OAuth 2 login services that makes it easier to setup a working login system. If the service you are setting up is Open ID Connect compliant, you will only have to enter the base url for the service, and Moodle will discover all the other information required by requesting the "discovery document" which is expected to exist at <issuer base url>/.well-known/openid-configuration.

How do I get a client ID and secret?

The client ID and secret are created outside of Moodle when setting up the OAuth provider. Instructions for prominent OAuth 2 providers are linked here.

Connecting a system account

  • A system account may be connected to provide advanced functionality, such as access controlled links from the Google Drive repository or OneDrive repository.
  • The system account should be a dedicated account for this purpose only. The system account doesn't require an email address to be associated with it (Moodle 3.3.2 onwards).
  • A system account is not needed for login functionality.

See also