danmarsden
commented
3 months ago same thing with groups and cohorts.
Closed danmarsden closed 1 month ago
danmarsden
commented
3 months ago same thing with groups and cohorts.
SwayzeD
commented
1 month ago This has now been resolved
https://github.com/Oomaxpro/moodle-auth_cognito/blob/oomaxpro/index.php#L40
it looks like when a user obtains a token - they can then pass a courses array to the script and triggeer a manual enrolment into any course they want - I haven't had a good look at the workflow here, but if this happens within the browser session it looks like it presents a security risk.