Note: You are currently viewing documentation for Moodle 3.8. Up-to-date documentation for the latest stable version of Moodle may be available here: OAuth 2 authentication.

OAuth 2 authentication

From MoodleDocs
Main pageManaging a Moodle siteAuthenticationOAuth 2 authentication
Authentication
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
Login page with options to log in with an OAuth 2 service

Log in using your account on another site

The OAuth 2 authentication plugin enables users to log in using their Google, Microsoft and/or Facebook account via buttons on the login page.

If account creation is enabled, when a user first logs in, a new account will be created. Otherwise, they will be prompted to link it to their existing account with the same email address.

Enabling OAuth 2 authentication

To use OAuth 2 authentication, an administrator must first create the required OAuth 2 services.

  1. Go to 'OAuth 2 services' in Site administration > Server and click the button to create a new service.
  2. Follow the instructions in OAuth 2 Google service, OAuth 2 Microsoft service or OAuth 2 Facebook service and obtain a client ID and secret.
  3. Enter the client ID and secret, make sure 'Show on login page' is ticked, then save changes.

If desired, un-tick the 'Require email verification' box, then a confirmation email is not sent. This is useful for institutions using Google for their domain; the Google OAuth provider can be considered trusted for that domain.

Repeat for additional services as desired. For OAuth 2 authentication, there is no need to connect to a system account.

Next:

  1. Go to 'Manage authentication' in Site administration and enable the OAuth 2 authentication plugin.
  2. Optional: In the OAuth 2 settings, lock selected user data fields and save changes.

Preventing new account creation

If you don't want new accounts to be created when users log in with an OAuth 2 service:

  1. Go to 'Manage authentication' in Site administration and tick the box 'Prevent account creation when authenticating' (authpreventaccountcreation).
  2. Click the 'Save changes' button.

Troubleshooting

On the 'OAuth 2 services' page, there is a red cross for 'Allow login'

To get a green tick for Allow login, edit the OAuth 2 service and make sure that the setting 'Show on login page' is ticked.

I obtain a coding error after enabling OAuth 2 authentication

Have you any OAuth 2 plugins for earlier versions installed on your site? If so, you will need to uninstall them in order to use the standard OAuth 2 authentication.

I obtain an error message when attempting to log in using Facebook

The error message 'The user information returned did not contain a username and email address. The OAuth 2 service may be configured incorrectly.' is most likely because the user's Facebook account was created using a mobile number.

The solution is for the user to first log in to Facebook and add a username and email address there.

I see a "required paramenter (code) was missing" error after logging into the OAuth 2 service

The error message 'A required parameter (code) was missing' can be caused by a mis-configured webserver. OAuth 2 relies on long tokens passed as url parameters, and some webserver configurations will prevent this from working. See http://www.php.net/manual/en/reserved.variables.get.php#101469 for one possible solution.

I have all green checkmarks on my /admin/tool/oauth2/issuers.php page for Google & Facebook but no buttons show on my servers login page

It was discovered that in a fresh install of Moodle 3.4 (probably for security reasons) that the plugin configuration for OAuth2 was in a disabled state. Go to your page for Site Administration - Plugins - Authentication - Manage authentication (/admin/settings.php?section=manageauths), and enable the record for OAuth2, then optionally tweak your settings for that record.

Retrieved from "https://docs.moodle.org/38/en/index.php?title=OAuth_2_authentication&oldid=130909"
Powered by MediaWiki