I have moodle working fine with this plugin, but then migrated to a new server.

Now, when I use the function 'auth_userkey_request_login_url' it gives an good looking url, but when trying to access, Moodle says 'invalid key'.

What could be wrong?

Thanks!!!

Add a privacy provider to make plugin inline with GDPR.

As I see, the plugin supports Moodle v3.8, which was released on 18 November 2019. So the plugin almost has no support for 3 years. Any update on your agenda?

I'm really new to Moodle environment. I wish to make PR but I don't have any idea about Moodle development.

Because it takes to enter moodle, it shows error after 30 seconds. How can I solve it, will it be the curl?

/**

• @param string $useremail Email address of user to create token for.
• @param string $firstname First name of user (used to update/create user).
• @param string $lastname Last name of user (used to update/create user).
• @param string $username Username of user (used to update/create user).
• @param string $ipaddress IP address of end user that login request will come from (probably $_SERVER['REMOTE_ADDR']).
• @param int $courseid Course id to send logged in users to, defaults to site home.
• @param int $modname Name of course module to send users to, defaults to none.
• @param int $activityid cmid to send logged in users to, defaults to site home.
• @return bool|string
  */

function getloginurl($useremail, $firstname, $lastname, $username, $courseid = null, $modname = null, $activityid = null) {
require_once('curl.php');

$token        = 'mytoken';//editar token que generamos
$domainname   = 'myurl';//colocar la url de la plataforma
$functionname = 'auth_userkey_request_login_url';

$params = Array('user' => Array('email' => $useremail) );

/*
$param = [
'user' => [
'email' => $useremail
]
];
*/

$serverurl = $domainname . '/webservice/rest/server.php' . '?wstoken=' . $token . '&wsfunction=' . $functionname . '&moodlewsrestformat=json';

// $serverurl = $domainname . '/webservice/rest/server.php' . '?wstoken=' . $token . '&wsfunction=' . $functionname;
// echo $serverurl;
$curl = new curl; // The required library curl can be obtained from https://github.com/moodlehq/sample-ws-clients

try {

$resp = $curl->post($serverurl, $params);

    echo $resp."<br><br>";
    $resp     = json_decode($resp);
    print_r($resp);
   
    if ($resp && !empty($resp->loginurl)) {
        $loginurl = $resp->loginurl;
        echo "<br><br>$loginurl<br><br>";
     //   exit;
    }

} catch (Exception $ex) {
    return false;
}

if (!isset($loginurl)) {
    return false;
}

$path = '';
if (isset($courseid)) {
    $path = '&wantsurl=' . urlencode("$domainname/course/view.php?id=$courseid");
    
    $path=str_replace("%3A", ":", "$path");
    $path=str_replace("%2F", "/", "$path");
    $path=str_replace("//course", "/course", "$path");
    $path=str_replace("%3F", "?", "$path");
    $path=str_replace("%3D", "=", "$path");

// echo "$path

";
}
/*
if (isset($modname) && isset($activityid)) {
$path = '&wantsurl=' . urlencode("$domainname/mod/$modname/view.php?id=$activityid");
}

echo "$path<br><br>";
echo $loginurl.$path;

*/
return $loginurl.$path;
}

$mail=$_GET['email'];
$cid=$_GET['courseid'];
$url = getloginurl("$mail", 'Carlos', 'Legorreta Garcia', 'carlos.legorreta', $cid, null, null);

header('Location: '.$url);
die();

Hello Team,

I have added the plugin and enabled web services. Plugin setup is done. i have setup the email field on moodle. How can i match the email address from asp.net to moodle or does that work automatically from uniquekey. Can you please suggest more on this.

In the README.md file, "Using" section,
perhaps a step is missing before creating the token (step 5):
Authorise the webservice user

Many thanks.

Confirmed in both Totara 12 and Moodle 3.8. If a user's profile has the suspended flag set, the flag is ignored and the user is able to login.

The intent is probably to pair this call with core_user_get_users and check the suspended flag and never make the API call to log the user in in the first place, however, it makes sense to make sure the user is not suspended when following the login URL. There could be a scenario where the user is suspended between the time that core_user_get_users is called and then auth_userkey_request_login_url and the login URL is followed.

Hey guys

Im trying to get the loginURL using the function auth_userkey_request_login_url but I get the error: Invalid parameter value detected.

My goal is authenticate the moodle user in a external app and redirect the user to moodle.

This my way to get the url:

async function getLoginUrl(email, username) {
  const TOKEN = "MY TOKEN";
  const functionName = "auth_userkey_request_login_url";

  const users = {
    username: username,
    email: email
  };

  const serverUrl = `${MOODLE_URL}/webservice/rest/server.php?wstoken=${TOKEN}&moodlewsrestformat=json&wsfunction=${functionName}`;

  try {
    const request = await axios.post(serverUrl, users);
    const response = request.data;
    console.log(response);
  } catch (error) {
    console.log(error);
  }
}

getLoginUrl("[email protected]", "admin");

Data output:

INFO
PHP VERSION: 7.0.10
MOODLE VERSION: 3.5.16
PLUGIN VERSION: 2020050801

Hi.
I think i misunderstand something in the use of this great plugin.

Perhaps, my use context can help.

I make an mobile app, i want that my user can acces to their moodle account.
The use flow is this one:

1- on the app, the user fill is email and password of his moodle account.
2- This fields are send to my php file which call the getloginurl() method.
3. If the method return a loginurl, i store his email and password on the app, then i log him in.
4. The next time the user launch the app on his device, i'm automaticaly send his registered email and password to automaticaly log him in his moodle account.

What i miss understood, is that his only need his email to auto log himself in moodle... So if another user know another user's email, he can use his account...

How i can also use the password of an account to generate the loginurl ?

Hope i'm being clear.

Thank you

Is this a bug or a feature?

When sending a POST with

'user[firstname]'
'user[lastname]'
'user[email]'
'user[city]'
'user[username]'

Works but if I add department or city I get invalid_parameter_exception invalid value.

'user[department]'
'user[city]'

I'm making the request on nodejs with native https request.
If someone can help I greatly appreciate it.

We are using userkey authentication to authenticate users. However, when a new user email is provided it does not create a new user. I have enabled create_user from plugin settings.

Is there something I am missing? Or is it a bug? Or is it how it is expected to work?

Moodle version: Moodle 3.9.1+ (Build: 20200807)

I can generate an access url, with this plugin.

My problem is that I need to give users access to a url, without registering their access data.

If possible, how can I configure it?
Thank you

Would it be in scope of this module (have changes to be merged) if we make a pull request that allows to set a cohort und user creation / update, similar like email and username can be set or would you suggest to do this on another place?

Hello, could you help me with the following problem I am trying to connect the plugin using Java, I have this example https://github.com/moodlehq/sample-ws-clients/blob/master/JAVA-REST/RestJsonMoodleClient.java but not wok wtih auth_userkey

public static void main(String[] args) throws ProtocolException, IOException {

    /// NEED TO BE CHANGED
    String token = "5c8f98ad33e867ff524096c8a93";
    String domainName = "http://localhost/examenesmor";

    /// REST RETURNED VALUES FORMAT
    String restformat = "json"; //Also possible in Moodle 2.2 and later: 'json'
    //Setting it to 'json' will fail all calls on earlier Moodle version
    if (restformat.equals("json")) {
        restformat = "&moodlewsrestformat=json";
    } else {
        restformat = "";
    }

    /// PARAMETERS - NEED TO BE CHANGED IF YOU CALL A DIFFERENT FUNCTION
    String functionName = "auth_userkey_request_login_url";
    String urlParameters = "user[0][username]=" + URLEncoder.encode("sistemasadmin", "UTF-8");

    /// REST CALL
    // Send request
    String serverurl = domainName + "/webservice/rest/server.php" + "?wstoken=" + token + "&wsfunction=" + functionName + restformat;
    System.out.println(serverurl);
    HttpURLConnection con = (HttpURLConnection) new URL(serverurl).openConnection();
    con.setRequestMethod("POST");
    con.setRequestProperty("Content-Type","application/x-www-form-urlencoded");
    con.setDoOutput(true);
    con.setUseCaches(false);
    con.setDoInput(true);
    con.setInstanceFollowRedirects(false);
    DataOutputStream wr = new DataOutputStream(con.getOutputStream());
    wr.writeBytes(urlParameters);
    wr.flush();
    wr.close();

    //Get Response
    InputStream is = con.getInputStream();
    BufferedReader rd = new BufferedReader(new InputStreamReader(is));
    String line;
    StringBuilder response = new StringBuilder();
    while ((line = rd.readLine()) != null) {
        response.append(line);
        response.append('\r');
    }
    rd.close();
    System.out.println(response.toString());
}

and I get this exception

{"exception":"invalid_parameter_exception","errorcode":"invalidparameter","message":"Valor de par\u00e1metro inv\u00e1lido detectado"}

The documentation lists mapping to username, email address, or ID number. However the Webservice API states that the function auth_userkey_request_login_url only accepts an idnumber as a parameter. I have tried passing the others and get an incorrect parameter error. In the example client at the bottom of the intro screen, idnumber is not even included in the code as an option. Is this just something wrong in the documentation or is there a way to include userid as one of the possible parameters?
I am passing the correct moodle user id but continue to get an error "user is not exist." Which makes me think idnumber is missing from the code. . .

FOUND IT: in auth.php, at and following line 384, the script uses a mapping field of "idnumber" as a search parameter in the users DB. This is the parameter name required by the API. But to search the database you must search for "id". So simple fix:
if ($mappingfield == "idnumber") {$searchfield="id";};
$params = array(
$searchfield => $data[$mappingfield],
'mnethostid' => $CFG->mnet_localhost_id,
);

In settings, if you set "Create User" to "On" and login in using the link below the user is created but not confirmed.

http://yourmoodle.com/auth/userkey/login.php?key=uniquekey&wantsurl=http://yourmoodle.com/course/view.php?id=1

Would it be possible confirm the user during creation, similar to the external authentication plugin?

Hi - thanks for providing this plugin. I am new to Moodle and I think I am struggling to get all the setup steps complete in order to get the plugin working.

When I access the endpoint through postman, I get the following returned:

{ "exception": "webservice_access_exception", "errorcode": "accessexception", "message": "Access control exception", "debuginfo": "You are not allowed to use the {$a} protocol (missing capability: webservice/rest:use)" }

It looks like a config/permissions issue on my end, but I cannot figure it out. What I am missing?

Any help greatly appreciated

From my understanding, this capability is supposed to be granted to the user that represents the external app using this auth method. Just wondering what is the use case for granting this to managers (or actually any human users).

Hi,

I hope this plugin can be expand into enrollment. (auto-enrollment based-on external data).

Hi,

I’m trying to authenticate users through our web application. So far I have been successful in authenticating a user the first time however when the user token is created and they are authenticated, Moodle changes the student’s authentication method from Manual to User key authentication.

This in turn disables the password so next time the web app tries to receive a token, it fails as the password is sent but since it’s disabled (no longer Manual) it fails to authenticate and return the token.

From the looks of it, a token is not stored and I receive Missing capabilities: auth/userkey:generatekey

However I have set Authenticated Users with the permission auth/userkey:generatekey

<?php
/**
* @param string $useremail Email address of user to create token for.
* @param string $firstname First name of user (used to update/create user).
* @param string $lastname Last name of user (used to update/create user).
* @param string $username Username of user (used to update/create user).
* @param string $ipaddress IP address of end user that login request will come from (probably $_SERVER['REMOTE_ADDR']).
* @param int $courseid Course id to send logged in users to, defaults to site home.
* @param int $modname Name of course module to send users to, defaults to none.
* @param int $activityid cmid to send logged in users to, defaults to site home.
* @return bool|string
*/
function getloginurl($useremail, $firstname, $lastname, $username, $password, $ipaddress, $courseid = null, $modname = null, $activityid = null) {

require_once('../include/curl.php');

$serverurl = "https://myonline.phoenix.wa.edu.au/login/token.php?username=" . $username . "&password=" . $password . "&service=auth_userkey";

$param = null;
$curl = new dcai\curl;

try {
    $resp = $curl->post($serverurl, $param);
    $resp = json_decode($resp, true);
} catch (Exception $ex) {
    return false;
}

$token = $resp['token'];

// define variables and parameters for authentication service call 
$domainname = 'https://myonline.phoenix.wa.edu.au';
$functionname = 'auth_userkey_request_login_url';

$serverurl = $domainname . '/webservice/rest/server.php' . '?wstoken=' . $token . '&wsfunction=' . $functionname . '&moodlewsrestformat=json' . '&user[username]=' . $username . '&user[email]=' . $useremail;

$curl = new dcai\curl;

try {
    $resp = $curl->post($serverurl, $params);
    $resp = json_decode($resp);
    $loginurl = $resp->loginurl;
} catch (Exception $ex) {
    return false;
}

if (!isset($loginurl)) {
    return false;
}

$path = '';
if (isset($courseid)) {
    $path = '&wantsurl=' . urlencode("$domainname/course/view.php?id=$courseid");
}
if (isset($modname) && isset($activityid)) {
    $path = '&wantsurl=' . urlencode("$domainname/mod/$modname/view.php?id=$activityid");
}

    return $loginurl . $path;
}

$loginUrl = getloginurl($_SESSION["loginEmail"], $_SESSION["loginFirstname"], $_SESSION["loginLastname"], $_SESSION["loginUsername"], 
crypter($_SESSION["loginPassword"], 'd'), '', null, null, null);

if ($loginUrl) {
    // redirect to portal
    echo $loginUrl; 
} else {
    echo 'There was an error connecting to the Portal.';
}
?>

It is probably my lack of knowledge on how the plugin works so if you could please help me understand the process then that would help greatly.

Thanks.

Hallo,

we are trying to use your plugin in order to apply a one time login to our Moodle platform (https://athenaeumtest.gruppoallconsulting.com) from our management system.

We have tried to run the PHP script we have found on GitHub like an example, after adjusting it with our parameters.
We have also changed the CURL library, using the native CURL of PHP instead of external library.

In attachment you can see our script that doesn't work and following you can see the error message which is always sent back.
{"exception":"invalid_parameter_exception","errorcode":"invalidparameter","message":"E' stato rilevato un parametro non valido"}

The webservice is called correctly but there is an invalid parameter that we cannot understand what is it.

Thanks for your support

Digital Praesidium

funzione PHP.txt

Array ( [user] => Array ( [username] => admin ) ) stdClass Object ( [exception] => invalid_parameter_exception [errorcode] => invalidparameter [message] => مقدار نامعتبر در پارامتر )

Moodle 3.11.5+ (Build: 20220311)

stdClass Object
(
[exception] => webservice_access_exception
[errorcode] => accessexception
[message] => Access control exception
)

getting this error follow all instructions but did not get login url kindly help me my moodle version is 3.11

I have auto create on and creating the user is working.

But the direct userkey login isn't.

If I put a delay of 10 seconds between creation an calling the moodle link, it works

Edit:

• Moodle version is 3.9 (Build: 20200615)

Would it make sense to add the id as matching field?

\auth_plugin_userkey::get_allowed_mapping_fields

Is it as simple as adding?

public function get_allowed_mapping_fields() {
    return array(
        'username' => get_string('username'),
        'email' => get_string('email'),
        'idnumber' => get_string('idnumber'),
        'id' => get_string('id'),
    );
}

Hi
this is my code
` $token = '1----------------9';
$domainname = 'https://rijisoft.ir/lms';
$functionname = 'auth_userkey_request_login_url';
$param = [

            'user'=>['firstname'=>'First','lastname'=>'Last','username'=>'admin','email'=>'[email protected]','idnumber'=> '2', ]
        ];


        $serverurl = $domainname .
            '/webservice/rest/server.php' . '?wstoken=' .
            $token . '&wsfunction=' . $functionname . '&moodlewsrestformat=json';



        try {


            $p = http_build_query($param);

            $curl = curl_init();
            curl_setopt($curl, CURLOPT_POST, 1);

            curl_setopt($curl, CURLOPT_POSTFIELDS, $p);

            curl_setopt($curl, CURLOPT_URL, $serverurl);

            /*curl_setopt($curl, CURLOPT_HTTPHEADER, array(
                'ApiKey: b10cb281-7264-42d2-9c9b-cb3122dad9a6',

            ));*/

            curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);

            curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);

            $result = curl_exec($curl);

} catch (\Exception $ex) {
dd($ex);
}`

and give this error
"exception":"webservice_access_exception","errorcode":"accessexception"
If i change token string to invalid token it says
"{"exception":"moodle_exception","errorcode":"invalidtoken","message":"Invalid token - token not found"}"
and its show to me something right and something wrong , I don't know what is wrong with me.

This seems to have happened sometime between 2016092600 and 2017051503.

Steps to reproduce:
In the 2016092600 version of the plugin installed to Moodle 3.1:

1. Log User A into Moodle (GUI or via auth_userkey, both work)
2. Call auth_userkey_request_login_url with username = User B
3. Follow URL returned in step 2
4. You are logged in as User B, as expected

In the 2017051503 version of the plugin installed to Moodle 3.1 OR the 2018050200 version on Moodle 3.5:

1. Log User A into Moodle (GUI or via auth_userkey, both work)
2. Call auth_userkey_request_login_url with username = User B
3. Follow URL returned in step 2
4. You are logged in as User A instead of User B, without the standard prompt you would get if visiting the login page when a user is already logged in within Moodle: "You are already logged in as User A, you need to log out before logging in as different user."

We are using auth_userkey on moodle 3.5 Linux (ubuntu) and it is working great. One issue that we are facing is that when a user on our site clicks on a link to the moodle site, the site successfully gets a token and logs in but when the user account is then created on that moodle site, "auth_forcepasswordchange" is set as a user preference which then results in an error message: "You cannot proceed without changing your password, however there is no available page for changing it.". Have you had other reports of this issue? Any recommendations on resolving ? One way to kind of hack past the issue is to edit several file on the moodle server that have "set_user_preference(‘auth_forcepasswordchange', 1, $user)" and hard code that to "set_user_preference(‘auth_forcepasswordchange', 0, $user)". I cannot find a moodle setting that turns off setting "auth_forcepasswordchange" to true in the mdl_user_preferences table.

Ideas/recommendations would be super helpful and thank you so much in advance for any help you might be able to provide.

        if (!empty($wantsurl)) {
            return $wantsurl;
        } else {
            return '/';
        }

I found this not expected behaviour if the Moodle is not installed in the root of the web server. It seems it should better be like

return new moodle_url('/');

Issue to investigate and solve possible issues when $CFG->allowaccountssameemail is enabled and we select matching field as email.

@dmitriim Thanks for the plugin, working great for me.
I am trying to assign role to the newly created user, is it possible through this plugin ?

Would there be any reason this plugin would not be supported by Moodle 3.6+
As of now the support is only listed up to 3.5 on https://moodle.org/plugins/auth_userkey

Like the SAML2 plugin, it would be nice to send a user directly to a specific page within Moodle after the login using the wants parameter so you can log a user directly. I think it would make the most sense to append this to the end of the login key/url vs the API call, but either could work.

Workflow:

1. Call wsfunction=auth_userkey_request_login_url
2. Receive loginurl in response
3. Redirect user to loginurl?wants=https://mymoodlesite.com/course/view.php?id=10
4. User is logged in and sent to course id 10

I downloaded the latest (version 2017051500) of the User Key Authentication plug-in and installation was successful on Moodle 3.3 with no error messages. However, the Settings page is missing from the "Authentication" Plug-in menu, so I am unable to configure & use the plugin.

See also similar comment from other user on #13.

I can provide screen shots or other details, please ask.

Would be useful to be able to populate all available user fields (including custom user profile fields) on user creation.

Hi I am unable to redirect to login page after geting url.

Suggestion: create settings and change function loginpage_hook to send wantsurl as parameter to return in API login URL.

    public function loginpage_hook() {
        global $SESSION;

        if ($this->should_login_redirect()) {
            $this->redirect($this->config->ssourl . "?wantsurl=" . $SESSION->wantsurl );
        }

        return true;
    }

Thanks for this plugin!

Hi, I get for a user the error 'expiredkey'; the user account was suspend; but after removeing the suspension I still get the error 'expiredkey'; how can I reinstate the key again? Thanks, Hans

is it possible to relogin again the user when session is expired without showing the login page?

To be able to create access tokens it's needed to call this:

https://yourmoodlesite.com/login/token.php?username=foo&password=bar&service=auth_userkey

The variable service points to the webservice shortname, so I need to set it manually on moodle database by using this query:

update mdl_external_services set shortname = 'auth_userkey' where component = 'auth_userkey';

I am urgently in need of some help to get this plugin working for me. I have tried the examples in #15 but still getting the error above. I am using this on Moodle 3.4 if that helps. Also I have set the mapping field to username and also tried it on email. I also tried passing just one param.

Am not sure if I don't understand this plugin properly but here is part of my code below:

function getloginurl($username, $idnumber, $firstname = null, $lastname = null, $useremail = null, $ipaddress = null, $courseid = null, $modname = null, $activityid = null) {
require_once('./curl.php');

$data = get_config('block_userkeysso');
$token        = $data->token;
$domainname   = $data->domain ? $data->domain : 'http://edu.esparanza.co.uk';
$functionname = 'auth_userkey_request_login_url';
$param = [
    'user' => [
        'firstname' => $firstname,
        'lastname' => $lastname,
        'username' => $username,
        'email' => $useremail,
        'ip' => $ipaddress
    ]
];

$serverurl = $domainname . '/webservice/rest/server.php' . '?wstoken=' . $token . '&wsfunction=' . 
        $functionname . '&moodlewsrestformat=json';
$curl = new curl;

try {
    $resp     = $curl->post($serverurl, $param);
    $resp     = json_decode($resp);
    print_r($resp);
    $loginurl = $resp->loginurl;
} catch (Exception $ex) {
    return false;
}

if (!isset($loginurl)) {
    return false;
}

Hi, I need help to correctly configure the plugin, I have already carried out the steps marked in the readme but when testing I get the error 'invalidtoken', it activated the web services assigned the permissions to the user and generated the token.
The function I am looking for is to generate a url for my users previously registered as manual accounts and obtain a unique url for each user that can loggin without a username and password, the moodle version used is 3.6.10

Can the admin user with the token generate the urls for multiple users to login?