0

I am trying to figure out a solution on how to login into Moodle from an external API service. I have web services enabled on Moodle. My application uses a API build with Laravel which contains a method to login in directly to Moodle from another webpage. Right now I am able to get the token using GuzzleHTTP POST request like below:

$tokenBody = [
        'username' => $userNameString,
        'password' => $userNamePassString,
        'service' => 'moodle_mobile_app'
    ];

    $getToken = json_decode($callFedAuth->PostApi(env('TOKEN_URL'), $tokenBody));

Here I am able to get a token and private token like below:

{
  "token": "59a30c31b009e8330f175e7c308c8e25"
  "privatetoken": "4iFZzVhhEZF2blYZXLOhLAr2uEjka8kuHxD9lQd9EQpwFEsNZiyoVcpTPwlfNF2j"
}

Now how can I use this token to redirect from my API or navigate to the users Moodle home page directly? I can make a post request to Moodle login page, but that will only dump the html content back to me and not redirect.

Improve this question

1 Answer 1

Reset to default
0

I'm not sure if you're having trouble with the redirect itself or the authentication part. In any case I'll go ahead and write down a couple of pointers you can take a look at and see if that's the right direction.

The login part you should be able solve by hitting the authentication_endpoint through a POST with the credentials (I do assume you have them available through $tokenBody, always). I'm not versed into Laravel libraries but here's a PHP example you should be able to transpose if you wished to:

$postData = array('username' => $username, 'password' => $password);
$post = http_post_fields('http://moodle.example.com/login/index.php', $postData);
$headers = http_parse_headers($post);
foreach($headers['Set-Cookie'] as $cookie)
{
    $details = http_parse_cookie($cookie);
    foreach ($details->cookies as $name => $value)
        setcookie($name, $value, $details->expires, $details->path, 'example.com');
}

That should work as long as you're under the same domain/subdomains without too much hassle; if they're on a different one you might run into trouble and should adopt one of these solutions trying not to run into a security hole, but that's a different issue.

Most important part would be parsing the cookies on the response and setting them properly. As I said I'm not into Laravel but I take it these one should do:

Improve this answer
5
  • Yes I have edited my question, I am able to get a response back from Moodle login page when I do a post request using the token and setting the cookies as true, however its not a redirect or a navigation, it just dumps the html content of the homepage directly in the response.
    – Karan
    Commented Sep 8, 2021 at 15:36
  • I'm not entirely sure I'm following the flow you're going through then. A user is hitting your API Laravel-handled endpoint through a browser, right? You're then doing all of the above, setting the cookie and then issuing a redirect? If not, I'll need some clearing up on the "My application uses a API build" part, stack-wise.
    – Nelloverflow
    Commented Sep 8, 2021 at 15:50
  • Yes so the user is hitting the API, does the authentication, the cookie is being inserted however my question is how do I redirect to a Moodle homepage where a user is already logged in. Can this be done, is it a GET request and do I need to pass params with that and yes Moodle is hosted on another domain and I am running my API on my localhost
    – Karan
    Commented Sep 8, 2021 at 17:06
  • Please @Karan, had you succed to login user on moodle homepage using moodle access token
    – DONGMO BERNARD GERAUD
    Commented Jun 7 at 10:55
  • I have the same requirement, any help will be appreciated.
    – DONGMO BERNARD GERAUD
    Commented Jun 7 at 11:02

Not the answer you're looking for? Browse other questions tagged or ask your own question.