「OAuth 2トラブルシューティング」の版間の差分

提供:MoodleDocs
移動先:案内検索
(ページの作成:「{{認証}} 作成中です - ~~~ == Overview == OAuth 2.0 is the de facto industry standard protocol for user authorisation. OAuth 2 authentication enables users to acc…」)
 
編集の要約なし
1行目: 1行目:
{{認証}}
作成中です - [[利用者:Mitsuhiro Yoshida|Mitsuhiro Yoshida]] ([[利用者・トーク:Mitsuhiro Yoshida|トーク]])
作成中です - [[利用者:Mitsuhiro Yoshida|Mitsuhiro Yoshida]] ([[利用者・トーク:Mitsuhiro Yoshida|トーク]])


== Overview ==
==Troubleshooting==
OAuth 2.0 is the de facto industry standard protocol for user authorisation. OAuth 2 authentication enables users to access Moodle via buttons on the login page using their credentials from popular service providers, such as Google, Microsoft, Facebook, and LinkedIn.
===On the 'OAuth 2 services' page, there is a red cross for 'Allow login'===
[[File:OAuth Login.png|border|center|frameless|600x600px]]
To get a green tick for Allow login, edit the OAuth 2 service and make sure that the setting 'Show on login page' is ticked.
The following high-level interaction process illustrates how OAuth 2 authentication works in a Moodle context:
===I obtain a coding error after enabling OAuth 2 authentication===
[[File:OAuth - Service Provider Authentication.png|border|center|frameless|600x600px]]
Have you any OAuth 2 plugins for earlier versions installed on your site? If so, you will need to [[Installing plugins|uninstall them]] in order to use the standard OAuth 2 authentication.
===I obtain an error message when attempting to log in using Facebook===
The error message 'The user information returned did not contain a username and email address. The OAuth 2 service may be configured incorrectly.' is most likely because the user's Facebook account was created using a mobile number.


The solution is for the user to first log in to Facebook and add a username and email address there.
===I see a "required paramenter (code) was missing" error after logging into the OAuth 2 service===
The error message 'A required parameter (code) was missing' can be caused by a mis-configured webserver. OAuth 2 relies on long tokens passed as url parameters, and some webserver configurations will prevent this from working. See http://www.php.net/manual/en/reserved.variables.get.php#101469 for one possible solution.
===I have all green checkmarks on my /admin/tool/oauth2/issuers.php page for Google & Facebook but no buttons show on my servers login page===
It was discovered that in a fresh install of Moodle 3.4 (probably for security reasons) that the plugin configuration for OAuth2 was in a disabled state. Go to your page for Site Administration - Plugins - Authentication - Manage authentication (/admin/settings.php?section=manageauths), and enable the record for OAuth2, then optionally tweak your settings for that record.


An OAuth service provider is an external system (“in the cloud”) that provides identity (via the authorisation server) and API access (via the resource server) by issuing OAuth access tokens to a client (Moodle). Let’s go through the interactions from top to bottom:
# A user sends an authorisation request; that is, a user logs in to the service provider via the client. This step is initiated via the service provider buttons on the Moodle login screen.
# The authorisation server issues an authorisation code if the entered credentials are valid. Once this has taken place, the user is authenticated with Moodle. If account creation is enabled (the Prevent account creation when authenticating setting), a new account will be created. Otherwise, the user will be prompted to link the authorisation to an existing account with the same email address. An entry can be found in the [[Linked logins]] section in the user’s preferences.
# An access token will be issued when the user logs in using the stored authorisation code. A scheduled task exists to regularly update the OAuth 2 tokens (\core\oauth2\refresh_ system_tokens_task).
# Moodle uses this access token for any internal services that require a resource from the service provider, for instance, a link to files in a repository. Some internal services require a system account to be connected.
==Setting up OAuth 2 authentication==
To use OAuth 2 authentication, an administrator must follow the following steps:
# Configure OAuth 2 services: Go to '''Site administration > Server > OAuth 2 services''', and following the instructions on the [[OAuth 2 services]] page.
# Enable OAuth 2: Go to '''Site administration > Plugins > Authentication''', enable '''OAuth 2'''.
# Configure OAuth 2 lock user fields: To control if and how certain user data fields are being populated, click on the '''Settings''' link and configure your '''Lock user fields'''.
# Prevent account creation: By default, account creation is enabled. If you wish to prevent account creation, go to '''Site administration > Plugins > Authentication''' and enable the setting "authpreventaccountcreation".
# Testing, testing, testing: To verify that your OAuth 2 configuration is working, go to '''Site administration > Plugins > Authentication''' and click on the '''Test settings''' link in the '''OAuth 2''' row. Here, you can select a service and test its connection.
OAuth 2 authentication is supported by the following Moodle features:
* Repositories: [[Dropbox repository]], [[Google Drive repository]], Microsoft [[OneDrive repository]], and [[Nextcloud repository]]
* Portfolios: [[Google Drive portfolio]]
* Badges: [[Backpacks|Open Badges 2.1]]
* Mail: Incoming and outgoing [[Mail configuration|mail configuration]]
* Document converters: [[Google Drive converter]]
==See also==
* [[OAuth 2 Troubleshooting|OAuth 2 troubleshooting]]
[[Category:OAuth 2]]
[[Category:OAuth 2]]
[[en:OAuth 2 Troubleshooting]]
[[en:OAuth 2 Troubleshooting]]
[[es:Autenticación OAuth 2]]
[[de:OAuth2 Authentifizierung]]

2023年12月3日 (日) 09:26時点における版

作成中です - Mitsuhiro Yoshida (トーク)

Troubleshooting

On the 'OAuth 2 services' page, there is a red cross for 'Allow login'

To get a green tick for Allow login, edit the OAuth 2 service and make sure that the setting 'Show on login page' is ticked.

I obtain a coding error after enabling OAuth 2 authentication

Have you any OAuth 2 plugins for earlier versions installed on your site? If so, you will need to uninstall them in order to use the standard OAuth 2 authentication.

I obtain an error message when attempting to log in using Facebook

The error message 'The user information returned did not contain a username and email address. The OAuth 2 service may be configured incorrectly.' is most likely because the user's Facebook account was created using a mobile number.

The solution is for the user to first log in to Facebook and add a username and email address there.

I see a "required paramenter (code) was missing" error after logging into the OAuth 2 service

The error message 'A required parameter (code) was missing' can be caused by a mis-configured webserver. OAuth 2 relies on long tokens passed as url parameters, and some webserver configurations will prevent this from working. See http://www.php.net/manual/en/reserved.variables.get.php#101469 for one possible solution.

I have all green checkmarks on my /admin/tool/oauth2/issuers.php page for Google & Facebook but no buttons show on my servers login page

It was discovered that in a fresh install of Moodle 3.4 (probably for security reasons) that the plugin configuration for OAuth2 was in a disabled state. Go to your page for Site Administration - Plugins - Authentication - Manage authentication (/admin/settings.php?section=manageauths), and enable the record for OAuth2, then optionally tweak your settings for that record.

https://docs.moodle.org/3x/ja/index.php?title=OAuth_2トラブルシューティング&oldid=34042」から取得
Powered by MediaWiki