Jérôme Mouneyrac edited this page Sep 2, 2015 · 9 revisions

How does work the plugin?

  1. The user clicks on the Google button. The user is redirected on the Google page to allow authentication.
  2. The user allows your site to know about his/her email and his/her basic information.
  3. Google redirect the user to the login page. In the redirection url there is a private token parameter.
  4. The plugin use this private token to access the user information on the Google server, especially the user's email.
  5. The plugin try to match the user's email address with a Moodle account. If an account is matched, the user is logged in. If no account is matched, a new user is created.

What if the user usually connect to Moodle with the common login/password method, and his/her existing Moodle account matches the Google's user's email address?

The user will not be able to connect. Unhappily multiple authentication method is not currently supported by Moodle. It means it's possible to connect on the same Moodle account with Google and Facebook (if the user use the same email address for both service), but it is not possible to connect on a same Moodle account with the Oauth2 plugin and the manual authentication method (login/password).

What if the user already have an existing Oauth2 account but with a different email?

If Moodle allows user creation, then a new user will be automatically created. It can look bad, a user can end up to have multiple Moodle accounts but if you check all internet sites, it is the standard. It is the user's role to know/remember what authentication method he used.

PS: if ever you have a nice design solution, please create an issue.

What if the user don't remember the authentication method (s)he first picked?

The user needs to try all Oauth2 provider until (s)he finds the relevant one.

How can a user link an existing account to a provider?

Unhappily it is not supported currently. Personally I don't think it's going to impact many users, but here again create an issue for that if you want it.

Are the user's email addresses verified?

When the plugin requests the user information, Google and Facebook return a field saying if they verified the user's email address. Microsoft doesn't. So there could be a possibility for a user to own a Microsoft account with an email address (s)he doesn't own. As Moodle doesn't support multiple authentication it's n ot a big problem - just be aware that some user authenticating with Windows Live could not be owning the email address they say they own. I suppose it concern old account but I don't know much more. More information at http://social.msdn.microsoft.com/Forums/en-US/messengerconnect/thread/515d546d-1155-4775-95d8-89dadc5ee929 Github will send verified emails in the finalized v3 of their API. Note that an alternative to know github verified emails has been implemented by github but is not yet supported by the plugin. If it's any concern for you please write an issue.

Stuff to check when you have a problem

  • check that your domain name is not an IP address. It doesn't work with Google.

Authentication with Google doesn't work on my localhost.

Note about debugging: the plugin works in local. For Google you need to have a valid url (for example in your /etc/hosts add 127.0.0.1 mymoodletest.net)

I receive the error "couldnotgetuseremail" with Google

As mention in the settings page, check that you enabled the Google+ API.

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.