Getting a 403 error when the super user activates an account from the frontpage.

I'm having an issue with my Joomdle installation, for some reason the page displays a 403 error when the super user tries to activate an account from the link from their email account.

This issue doesn't affect the end user, only when the user activates an account in the frontpage.

This are the steps that lead to the 403 error.

The end user register to the site.
The user confirms his email and a message is sent to the administrators.
The admin receives the message that includes the link to activate the users account from the frontpage.
The website asks to login.
Just after you log into your account, a 403 error appears with the message "The most recent request was denied because it contained an invalid security token. Please refresh the page and try again."

Even so, the system logs in the admin in the frontpage, you just have to click the link in the message again to activate the account.

This only happens when I Joomdle is enabled, if I disable the component and any other related plugins, the error don't appear.

Joomla 4.2.7
Joomdle 2.1.0

Hi.

Thanks for the bug report.

I have tested, and this seems to be caused by the redirection used to perform SSO to Moodle.
I set my site to use redirect-less SSO, and the problem does not happen.

So, if you can use redirect-less SSO (Joomla and Moodle must be on the same domain) you can switch to it and it should work fine.

I'll try to investigate more to see if there is some way to make it work with redirect-based SSO.