Error setting up integration "Could not get app or system token"

[kkiiskin]

Hi

trying to set up the integration in Moodle 4.1.9. The Entra ID side is configured with necessary permissions but
we get errors:

• local_o365\page\ajax::mode_checksetup (unified): Could not get app or system token Data: Array ( [file] => /.../moodle/local/o365/classes/utils.php [line] => 113 [message] => Could not get app or system token )
• local_o365\oauth2\token::instance:103: Cannot retrieve a token for the base resource. Data: (null)
• local_o365\oauth2\apptoken::get_app_token: Problem encountered getting a new token. Data: Array ( [tokenresult] => [resource] => https://graph.microsoft.com )

Could firewall be an issue? Because outpund connections are only opened to https://login.microsoftonline.com/ and https://graph.microsoft.com/

Plugin versions are 4.1.3 (2022112815)

[kkiiskin]

@weilai-irl do you have any view on this?

[weilai-irl]

Hi @kkiiskin

It looks like the error suggesting the integration cannot get a token from the configured token endpoint. Assuming the token endpoint configured is in the https://login.microsoftonline.com/ domain, allowing outgoing traffic to it should be enough to get a token. There is no request to other domains AFAIK in this process. Requests to https://graph.microsoft.com/ should only be made after an application token is fetched and stored successfully.

The request to get token is made at

o365-moodle/local/o365/classes/oauth2/token.php

Line 168 in cff3d93

$token = static::get_for_new_resource($userid, $tokenresource, $clientdata, $httpclient);

. I'd suggest you printing the parameters and return values of this function call and try to work out what went wrong.

Hope this helps.

Regards,
Lai

[kkiiskin]

Hi @weilai-irl

turned out that Moodle didn't manage to get connection to login.microsoftonline.com after all. This was examined again and fixed, and now the token can be recieved.

This issue can be closed, thank you!