FAQ

How does work the plugin?

1. The user clicks on the Google button. The user is redirected on the Google page to allow authentication.
2. The user allows your site to know about his/her email and his/her basic information.
3. Google redirect the user to the login page. In the redirection url there is a private token parameter.
4. The plugin use this private token to access the user information on the Google server, especially the user's email.
5. The plugin try to match the user's email address with a Moodle account. If an account is matched, the user is logged in. If no account is matched, a new user is created.

What if the user usually connect to Moodle with the common login/password method, and his/her existing Moodle account matches the Google's user's email address?

The user will not be able to connect. Unhappily multiple authentication method is not currently supported by Moodle. It means it's possible to connect on the same Moodle account with Google and Facebook (if the user use the same email address for both service), but it is not possible to connect on a same Moodle account with the Oauth2 plugin and the manual authentication method (login/password).

What if the user already have an existing Oauth2 account but with a different email?

If Moodle allows user creation, then a new user will be automatically created. It can look bad, a user can end up to have multiple Moodle accounts but if you check all internet sites, it is the standard. It is the user's role to know/remember what authentication method he used.

PS: if ever you have a nice design solution, please create an issue.

What if the user don't remember the authentication method (s)he first picked?

The user needs to try all Oauth2 provider until (s)he finds the relevant one.

How can a user link an existing account to a provider?

Unhappily it is not supported currently. Personally I don't think it's going to impact many users, but here again create an issue for that if you want it.

Are the user's email addresses verified?

When the plugin requests the user information, Google and Facebook return a field saying if they verified the user's email address. Microsoft doesn't. So there could be a possibility for a user to own a Microsoft account with an email address (s)he doesn't own. As Moodle doesn't support multiple authentication it's n ot a big problem - just be aware that some user authenticating with Windows Live could not be owning the email address they say they own. I suppose it concern old account but I don't know much more. More information at http://social.msdn.microsoft.com/Forums/en-US/messengerconnect/thread/515d546d-1155-4775-95d8-89dadc5ee929