troble with new version of Open Id connect

[Cristianbodda]

Good morning everyone, I have a problem that I can't solve with Open Id connect, could you help me? I'm trying to make open Id connect work in our school, in a Moodle 3.2 platform with the old version 4.0.1 2022041905 of open id connect everything works perfectly. With the new version of Moodle 4.2 and the specific open id connect plugin for Moodle 4.2 nothing works anymore. The version of the Opne Id connect Plugin that does not work is this: 4.2.2 ; 2023042410

Activity ID: 55b79301-a33f-43fa-0646-0080010000ad
Relying party: test.formazione-polizia.ti.ch
Error details: MSIS9223: Received invalid OAuth authorization request. The received 'client_id' is invalid as no registered client was found with this client identifier. Make sure that the client is registered. Received client_id: 'https://test.formazione-polizia.ti.ch/auth/oidc/'.
Node name: f7ab8949-9558-457d-8280-11bf8f605f8d
Error time: Tue, 14 Nov 2023 18:45:35 GMT
Cookie: enabled
User agent string: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0

Can anyone help me? Thank you

[joaop221]

Probably you've registered this 'https://test.formazione-polizia.ti.ch/auth/oidc/' at client id field.

You can check that config by access 'Site admin' > 'Plugins' > 'Authentication' > 'OpenID Connect' > 'IdP and authentication':

[Cristianbodda]

Hi Joaop221 ! very thanks, i change a set up and all is ok now with this configuration . Unfortunately, after changing the configuration which was wrong, I find this new error.

With this http_accss_log

CSI_ELK_01 "10.44.11.26" 10.44.67.242 - [28/Nov/2023:12:53:55 +0100] "POST /lib/ajax/service.php?sesskey=cScEQ7pKZJ&info=core_session_time_remaining&nosessionupdate=true HTTP/1.1" 1028 2526780 200 550 857 "https://test.formazione-polizia.ti.ch/?" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36" "application/json" test.formazione-polizia.ti.ch 10.44.67.196 443 svv01200 CSI_ELK_01 "10.44.11.26" 10.44.67.242 - [28/Nov/2023:12:55:21 +0100] "GET /login/index.php HTTP/1.1" 896 3111249 200 23248 23737 "https://test.formazione-polizia.ti.ch/?" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36" "text/html" test.formazione-polizia.ti.ch 10.44.67.196 443 svv01200 CSI_ELK_01 "10.44.11.26" 10.44.67.242 - [28/Nov/2023:12:55:25 +0100] "GET /lib/jssourcemap.php/core_form/events.js HTTP/1.1" 540 1280667 200 13462 13671 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36" "text/html" test.formazione-polizia.ti.ch 10.44.67.196 443 svv01200 CSI_ELK_01 "10.44.11.26" 10.44.67.242 - [28/Nov/2023:12:55:26 +0100] "GET /auth/oidc/ HTTP/1.1" 905 1514956 303 1828 2567 "https://test.formazione-polizia.ti.ch/login/index.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36" "text/html" test.formazione-polizia.ti.ch 10.44.67.196 443 svv01200 CSI_ELK_01 "10.44.11.26" 10.44.67.242 - [28/Nov/2023:12:55:28 +0100] "POST /auth/oidc/ HTTP/1.1" 1392 1580000 200 29565 29884 "https://sso.ti.ch/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36" "text/html" test.formazione-polizia.ti.ch 10.44.67.196 443 svv01200 CSI_ELK_01 "10.44.11.26" 10.44.67.242 - [28/Nov/2023:12:55:30 +0100] "GET /favicon.ico HTTP/1.1" 776 236 302 219 464 "https://test.formazione-polizia.ti.ch/auth/oidc/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36" "text/html" test.formazione-polizia.ti.ch 10.44.67.196 443 svv01200 CSI_ELK_01 "10.44.11.26" 10.44.67.242 - [28/Nov/2023:12:55:30 +0100] "GET /lib/jssourcemap.php/core_form/events.js HTTP/1.1" 540 1255799 200 13462 13671 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36" "text/html" test.formazione-polizia.ti.ch 10.44.67.196 443 svv01200

and in the debug mode i have this :

Please can you help me ? Very thanks.

[joaop221]

@Cristianbodda I really recommend a full check of Microsoft 365 Setup guide: https://docs.moodle.org/402/en/Microsoft_365

The problem can happen due to lot of miss configurations.

[weilai-irl]

Hi @Cristianbodda

Let me confirm something first - you are using Moodle 4.2, not 3.2 right? 3.2 release has been out of support very long time ago and I'd expect many compatibility issues if any of the recent versions of plugins are used on it.

Assuming you are using Moodle 4.2 - the error basically suggests the token request response you received doesn't contain expected value or structure. You have two options:

• Enable debugging in auth_oidc plugin "Other options" configuration page. It's the last option on that page. After this is enabled, try to recreate the issue, and when it happens, the details of the received would be logged as a Moodle event, with class name auth_oidc\event\action_failed. You will need to find the event the look for response details in the "other" column.
• Alternatively, if you are comfortable making code changes, you can go directly to /auth/oidc/classes/utils.php, and add the following code snippets to line 45, right after the first line in function process_json_response(). This will print out the raw and decoded response on the page, which should point you to the issue. Remember to remove the code snippet after debugging.

  echo '<pre>';
  var_dump($response);
  var_dump($result);
  die;

Either way, the issue should be in the response details, and you will need to action accordingly based on what you see.

Regards, Lai