[2.x] User not logged into Moodle, invalid JWT token

Hello,

I do not see any version 2 board, so posting it here.

Currently I am testing Joomdle 2.0.0 as we have not brought the integration live yet and decided to go with 2.0.0 instead of 1.3.0 Now the installation goes all fine, all checks are green in the System Check.

I am using cURL with REST and no redirectless SSO since Joomla and Moodle are on different domains.

Since version 2 supports REST I decided to give that a try as going forward this is more futureproof. While testing the login in Joomla and then automatically logged-in into Moodle, it fails. So I started to debug the process and found out the following:

• Joomdle is calling the URL https://xxx/auth/joomdle/land.php?username=xxx&token=db624f3c77eacc72f96f8953ec67b9fe&use_wrapper=0&create_user=0&wantsurl=/
• In the response I see the following message The token "db624f3c77eacc72f96f8953ec67b9fe" is an invalid JWT
• I also tested this URL https://xxx/index.php?option=com_joomdle&task=ws.server&format=json&token=UcWMKMf7IPHqSaGk3yO9jS01OCeg2ugh&PageSpeed=Off&wsfunction=confirmJoomlaSession with the correct parameters and that works fine.

Is there something wrong with the REST implementation? Am I missing something?

Let me know if there is anything further I need or can test.

Kind regards,

RolandD

Hi.

Thanks for the bug report, sorry about the missing forum. I'll add that.

Are you using Joomla 3.x or Joomla 4.x?

I just tested with both, and SSO worked fine.
Also, which Moodle version?


As for the JWT error: Joomdle does not use JWT... I am not sure if it is used by Moodle in the web services area, although I don't think it does, so I don't know where that message is coming from.
Is this a new clean Joomla and Moodle installation or do you have more stuff installed? I am just thinking that it may be a conflict with some other software...

If you prefer, we take a look by email, so you can send me log of the requests in case I see something there. You can write to antonio at joomdle

Hello Antonio,

Thank you for your feedback. While I was writing out the email to you I was reproducing my steps to show you what happens. During this process I just happened to find where that error message "The token "13e90b1b8540bef5eaf8fe115706bde4" is an invalid JWT"" comes from. It is Docman and there seems to be a conflict between Joomdle and Docman.

What happens is when the POST call is made to "https://x/index.php?option=com_joomdle&task=ws.server&format=json&token=UcWMKMf7IPHqSaGk3yO9jS01OCeg2ugh&PageSpeed=Off&wsfunction=confirmJoomlaSession" Koowa (Docman Framework) picks up the trigger "onAfterApplicationInitialise". If you are not logged-in this calls a getAuthToken() on their authenticator. The getAuthToken() checks for a parameter called "auth_token" in the request. Since Joomdle also uses the parameter with the same name it fails the JWT check of Docman because the Joomdle value is not a JWT token. This throws the fatal error of an invalid JWT token.

At this point I see no way around this because it is picked by the JoomlaTools system plugin and they offer no options to except certain URLs.

For now I switched back to XML-RPC but was hoping we could use REST.

Let me know if you need any more information.

Thanks for the info.

If you can send me the Docman package, I could test and see if I can think of a solution.

Hello Antonio,

I have sent you the Docman package. Hopefully you can think of a solution

Thanks for sending the package. With it and your notes, I could see where the issue was happening.

It seems the fix for it is simple: we just need to change the parameter name in 2 places, in case you want to test before we release the next version:

File: moodle/auth/joomdle/classes/joomlaws.php
Function: confirmJoomlaSession_parameters
Change auth_token by joomdle_auth_token

File: components/com_joomdle/controllers/ws.json.php
Function: confirmJoomlaSession
Change auth_token by joomdle_auth_token