Moodle Partner Catalyst IT shares the User Key Authentication plugin, that will allow SSO (Single Sign On) for Moodle, from third party applications.
SSO is a mechanism that validates a user between different online services to avoid repeat logins. It usually works by storing identifying keys on a cookie, readable by each authorized service.
With the plugin set up in Moodle, an external application makes a “web call” to Moodle. On the URL of the call, input to required fields are included, along with a one-time user key. This authenticates the user and its origin. The user will remain logged in according to the Moodle configurations and the service’s permissions, which usually allow a small period of inactivity before logging out. In short, it’s automatic Moodle log in, without typing username and password.
The September update adds specific Moodle pages as fields of the URL web call. That way users can be automatically logged into specific Moodle pages and content. This is a key feature in the next generation of mobile apps, where a URL can not only access an app but open a specific page or resource within the app. This is called as “deep linking” and is expected to grow as a practice in mobile development.
User Key Authentication is maintained by Catalyst IT’s Dmitrii Metelkin at the lead, with help from Brendan Heywood, Marcus Boon and Adam Riddell. It’s compatible with Moodle 2.9, 3.0 and 3.1. They expect to add user provisioning and logout from the webservice, in upcoming versions.