Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-75171

Auth: extend user logged in event

XMLWordPrintable

    • MOODLE_400_STABLE, MOODLE_401_STABLE
    • MOODLE_401_STABLE
    • MDL-75171_master
    • Hide
      1. Like any Oauth testing/setup, it's much easier with a Moodle site that has a public FQDN.  It's hard to test with dev boxes that don't have a "proper" publicly accessible URL. Alternatively, use ngrok
        1. To use ngrok in console run 

          curl -s https://ngrok-agent.s3.amazonaws.com/ngrok.asc | sudo tee /etc/apt/trusted.gpg.d/ngrok.asc >/dev/null && echo "deb https://ngrok-agent.s3.amazonaws.com buster main" | sudo tee /etc/apt/sources.list.d/ngrok.list && sudo apt update && sudo apt install ngrok

        2. Start ngrok with 

          ngrok http 80

        3. Copy a link that will be redirected to localhost - looks like 

          https://0423-94-43-143-216.eu.ngrok.io

        4. Edit config.php and replace url in wwwroot. So http://localhost/m/integration_master becomes smth like https://0423-94-43-143-216.eu.ngrok.io/m/integration_master
        5. Add this line to use https: 

          $CFG->sslproxy = 1;

      2. Enable OAuth2 authentication plugin (Site administration > plugins > manage authentication)
      3. Set up an OAuth2 issuer
        1. Setting up OAuth2 can be tricky, it is recommended to review the documentation here: https://docs.moodle.org/311/en/OAuth_2_services
        2. Create a client ID and secrtet in Google developer console, using the guide here: https://docs.moodle.org/311/en/OAuth_2_Google_service - you will need a Google account for that
        3. Create Google service at admin/tool/oauth2/issuers.php using client ID and secret from previous step
        4. When setting up the Google service unselect the "Require email validation" checkbox. (This makes testing steps easier)
      4. Log out as the administrator
      5. Log in with an Google test account.
      6. Confirm that the user has logged in successfully.
      7. In a vanilla Moodle install there is no way to view the raw data raised by an event, you need to check the logstore data directly in the database.
      8. Access the Moodle instance database (using psql cli etc)
      9. Run the following SQL statement: 

        SELECT other FROM mdl_logstore_standard_log mls
        		 
        JOIN mdl_user mu ON mu.id = mls.userid
        		 
        WHERE action = 'loggedin' AND auth = 'oauth2';

      10. Confirm the `other' db field contains JSON with an extrauserinfo values.  

        {"username":"mattp","extrauserinfo":{"sub":"5tqhcY","name":"mattp","family_name":"Porritt","given_name":"Matthew",""email":"hmm_fake@gmail.com"}}

         

      Show
      Like any Oauth testing/setup, it's much easier with a Moodle site that has a public FQDN.  It's hard to test with dev boxes that don't have a "proper" publicly accessible URL. Alternatively, use ngrok To use ngrok in console run curl -s https: //ngrok-agent.s3.amazonaws.com/ngrok.asc | sudo tee /etc/apt/trusted.gpg.d/ngrok.asc >/dev/null && echo "deb https://ngrok-agent.s3.amazonaws.com buster main" | sudo tee /etc/apt/sources.list.d/ngrok.list && sudo apt update && sudo apt install ngrok Start ngrok with ngrok http 80 Copy a link that will be redirected to localhost - looks like https: //0423-94-43-143-216.eu.ngrok.io Edit config.php and replace url in wwwroot. So http://localhost/m/integration_master becomes smth like https://0423-94-43-143-216.eu.ngrok.io/m/integration_master Add this line to use https: $CFG->sslproxy = 1 ; Enable OAuth2 authentication plugin (Site administration > plugins > manage authentication) Set up an OAuth2 issuer Setting up OAuth2 can be tricky, it is recommended to review the documentation here: https://docs.moodle.org/311/en/OAuth_2_services Create a client ID and secrtet in Google developer console, using the guide here: https://docs.moodle.org/311/en/OAuth_2_Google_service - you will need a Google account for that Create Google service at admin/tool/oauth2/issuers.php using client ID and secret from previous step When setting up the Google service unselect the "Require email validation" checkbox. (This makes testing steps easier) Log out as the administrator Log in with an Google test account. Confirm that the user has logged in successfully. In a vanilla Moodle install there is no way to view the raw data raised by an event, you need to check the logstore data directly in the database. Access the Moodle instance database (using psql cli etc) Run the following SQL statement: SELECT other FROM mdl_logstore_standard_log mls JOIN mdl_user mu ON mu.id = mls.userid WHERE action = 'loggedin' AND auth = 'oauth2' ; Confirm the `other' db field contains JSON with an extrauserinfo values.  { "username" : "mattp" , "extrauserinfo" :{ "sub" : "5tqhcY" , "name" : "mattp" , "family_name" : "Porritt" , "given_name" : "Matthew" , "" email ":" hmm_fake @gmail .com"}}  

      Several authentication plugins such as auth_oauth2 and auth_saml2 receive additional information from the authentication provider when a user authenticates. This can include additional user information, as well as enrolment information and organisational information.

      The only option to store this information is via user profile fields at authentication time, otherwise it is lost. Not all data received from the authentication provider is suitable to be saved in user profile fields (it may also need processing) .

      This tracker allows authentication plugins to provide this authentication provider information to event observers by adding additional information to the user_loggedin event.

      This tracker also extends the core auth_oauth2 plugin to implement this functionality.

        1. MDL-7517_testing_2.png
          144 kB
          Angelia Dela Cruz
        2. MDL-75171_testing_1.gif
          485 kB
          Angelia Dela Cruz

            tomotsuyuki Tomo Tsuyuki
            mattp@catalyst-au.net Matt Porritt
            Brendan Heywood Brendan Heywood
            Ilya Tregubov Ilya Tregubov
            Angelia Dela Cruz Angelia Dela Cruz
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - 0 minutes
                0m
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 3 hours, 15 minutes
                3h 15m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.