× Joomdle 2.x Installation

[2.x] User not logged into Moodle, invalid JWT token

1 month 1 week ago
Perfect Web Team
Posts: 3
More
Topic Author
[2.x] User not logged into Moodle, invalid JWT token #1
Hello,

I do not see any version 2 board, so posting it here.

Currently I am testing Joomdle 2.0.0 as we have not brought the integration live yet and decided to go with 2.0.0 instead of 1.3.0 :) Now the installation goes all fine, all checks are green in the System Check.

I am using cURL with REST and no redirectless SSO since Joomla and Moodle are on different domains.

Since version 2 supports REST I decided to give that a try as going forward this is more futureproof. While testing the login in Joomla and then automatically logged-in into Moodle, it fails. So I started to debug the process and found out the following:
  • Joomdle is calling the URL https://xxx/auth/joomdle/land.php?username=xxx&token=db624f3c77eacc72f96f8953ec67b9fe&use_wrapper=0&create_user=0&wantsurl=/
  • In the response I see the following message The token "db624f3c77eacc72f96f8953ec67b9fe" is an invalid JWT
  • I also tested this URL https://xxx/index.php?option=com_joomdle&task=ws.server&format=json&token=UcWMKMf7IPHqSaGk3yO9jS01OCeg2ugh&PageSpeed=Off&wsfunction=confirmJoomlaSession with the correct parameters and that works fine.
Is there something wrong with the REST implementation? Am I missing something?

Let me know if there is anything further I need or can test.

Kind regards,

RolandD

Please Log in or Create an account to join the conversation.

1 month 1 week ago
Antonio Durán
Posts: 7331
More
[2.x] User not logged into Moodle, invalid JWT token #2
Hi.

Thanks for the bug report, sorry about the missing forum. I'll add that.

Are you using Joomla 3.x or Joomla 4.x?

I just tested with both, and SSO worked fine.
Also, which Moodle version?


As for the JWT error: Joomdle does not use JWT... I am not sure if it is used by Moodle in the web services area, although I don't think it does, so I don't know where that message is coming from.
Is this a new clean Joomla and Moodle installation or do you have more stuff installed? I am just thinking that it may be a conflict with some other software...

If you prefer, we take a look by email, so you can send me log of the requests in case I see something there. You can write to antonio at joomdle

Please Log in or Create an account to join the conversation.

1 month 6 days ago
Perfect Web Team
Posts: 3
More
Topic Author
[2.x] User not logged into Moodle, invalid JWT token #3
Hello Antonio,

Thank you for your feedback. While I was writing out the email to you I was reproducing my steps to show you what happens. During this process I just happened to find where that error message "The token "13e90b1b8540bef5eaf8fe115706bde4" is an invalid JWT"" comes from. It is Docman and there seems to be a conflict between Joomdle and Docman.

What happens is when the POST call is made to "https://x/index.php?option=com_joomdle&task=ws.server&format=json&token=UcWMKMf7IPHqSaGk3yO9jS01OCeg2ugh&PageSpeed=Off&wsfunction=confirmJoomlaSession" Koowa (Docman Framework) picks up the trigger "onAfterApplicationInitialise". If you are not logged-in this calls a getAuthToken() on their authenticator. The getAuthToken() checks for a parameter called "auth_token" in the request. Since Joomdle also uses the parameter with the same name it fails the JWT check of Docman because the Joomdle value is not a JWT token. This throws the fatal error of an invalid JWT token.

At this point I see no way around this because it is picked by the JoomlaTools system plugin and they offer no options to except certain URLs.

For now I switched back to XML-RPC but was hoping we could use REST.

Let me know if you need any more information.

Please Log in or Create an account to join the conversation.

1 month 6 days ago
Antonio Durán
Posts: 7331
More
[2.x] User not logged into Moodle, invalid JWT token #4
Thanks for the info.

If you can send me the Docman package, I could test and see if I can think of a solution.

Please Log in or Create an account to join the conversation.

1 month 2 days ago
Perfect Web Team
Posts: 3
More
Topic Author
[2.x] User not logged into Moodle, invalid JWT token #5
Hello Antonio,

I have sent you the Docman package. Hopefully you can think of a solution :)

Please Log in or Create an account to join the conversation.

4 weeks 14 hours ago
Antonio Durán
Posts: 7331
More
[2.x] User not logged into Moodle, invalid JWT token #6
Thanks for sending the package. With it and your notes, I could see where the issue was happening.

It seems the fix for it is simple: we just need to change the parameter name in 2 places, in case you want to test before we release the next version:

File: moodle/auth/joomdle/classes/joomlaws.php
Function: confirmJoomlaSession_parameters
Change auth_token by joomdle_auth_token

File: components/com_joomdle/controllers/ws.json.php
Function: confirmJoomlaSession
Change auth_token by joomdle_auth_token

Please Log in or Create an account to join the conversation.