Summary
Using the OAuth 2.0 authentication method allows users to access Moodle using their credentials from popular service providers like Google, Microsoft, Facebook, and LinkedIn. This guide will show you how to set up OAuth 2.0 as a method of authentication on your platform, as well as enabling Google Single Sign On.
Step 1 - Google service setup
In order to set up Google as a method of authentication, the first step is to set up your Google Service based on the requirements outlined below:
Create a new project on Google Developers Console
- Login to your Google Developers Console
- Click the arrow next to “Select a project” and then click “Create a new project”
- Give the project a relevant name (this is not visible to users)
Setup consent screen
- Select your newly created project from within the Google Developers Console
- Click the “Credentials” from the left menu
- Setup the consent screen by providing public information for user authorisation. At a minimum, set a product name
Create OAuth 2 Client Credentials
- Within the “Credentials” area, click “+ Create Credentials” and select “OAuth client ID”
- Choose “Web application” as the Application type
- Add an authorised redirect URI, set it to “your Moodle site URL + /admin/oauth2callback.php.”
- For example, https://test.clcmoodle.org/admin/oauth2callback.php
- Click “Create”
Get Client ID and Client Secret
- Google will provide you with the client ID and client secret. These will be needed for a later step within Moodle itself
Enable Google Drive API
- In the Google Developers Console, click “Library” from the left menu
- Search for “drive” and select “Google Drive API”
- Click the “Enable” button to enable the API
Step 2 - Moodle integration
Configure OAuth 2 Services
- Log in to your Moodle platform as a Site Administrator
- Go to: Site administration > Server > OAuth 2 services
- Follow the instructions provided below to configure the settings within the OAuth 2 services page: https://docs.moodle.org/401/en/OAuth_2_services
Enable OAuth 2
- In Moodle, go to: Site administration > Plugins > Authentication > Manage authentication
- Enable OAuth 2 authentication by clicking the small “eye” icon in the “Enable” column
Configure OAuth 2 Lock User Fields (Optional)
- Within the Manage authentication area highlighted above, click on the settings link to the right of the OAuth 2 authentication method
- Here you’ll be able to configure the locked user fields to control how certain user data fields are populated
Prevent account creation (Optional)
- By default, account creation is enabled. To prevent account creation, go to: Site administration > Plugins > Authentication > Manage authentication
- Within the “Common settings” area tick the box to “Prevent account creation when authenticating”
Step 3 - Testing integration
After following each of the steps above you’ll have set up Google OAuth 2.0 authentication for Moodle, allowing your users to log in with their Google accounts. This can now be tested via the following method:
- To verify your OAuth 2 configuration, go to: Site administration > Plugins > Authentication > Manage authentication
- Click on the “Test settings” link to the right of the OAuth 2 authentication method
- Select the Google service to test its connection.