Provide a userinfo endpoint

[Dagefoerde]

If you add ownCloud(+oauth2) as an OAuth 2 service provider to a Moodle (3.3) installation, Moodle's OAuth API queries a userinfo_endpoint in order to obtain information about the authorising ownCloud user. This fails since such an endpoint does not exist. Although actually from the OpenID spec, such an endpoint is useful to find out who was just logged in. It is also useful to check whether an access token is still valid without actually performing an operation on files. :)

Specs for the userinfo endpoint: https://openid.net/specs/openid-connect-core-1_0.html#UserInfo (general) and https://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse (response).

Elements of the response can be: https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims, of which sub is a MUST (identifier of an ownCloud user; what do you suggest? ID or username?). Moodle currently relies on a username and an email being present in the userinfo response. I already found out that you do not necessarily know an email adress, so I reported this there: https://tracker.moodle.org/browse/MDL-59511. I would suggest that you add an email address if it is known, instead of mocking one.

[Dagefoerde]

...or is there an existing endpoint (e.g. in OCS) that can provide information about the authenticated user?Ideally JSON-formatted, other things might be problematic :)

[DeepDiver1975]

OCS route:

[DeepDiver1975]

another option is to use the webdav capabilities to get information about the current user - but this might be a bit overkill - this requires xml parsing ;-)

[Dagefoerde]

cloud/user looks (nearly) fine, will check! 👍

[Dagefoerde]

Awesome, that'll do. No further endpoint required (for me). This should be sufficient, unless you'd ever want to be an OpenID provider. Thank you!

For future reference, this is my Moodle configuration. Accessing nested JSON values works with - as a path delimiter (not my idea ;) ).

Thanks for your help, this is resolved IMO.