o365-moodle icon indicating copy to clipboard operation
o365-moodle copied to clipboard

Published 20 hours ago verified publisher icon microsoft

Inconsistent photo sync issue

Open Denis-WUAS opened this issue 3 years ago • 6 comments

Hello, I'd like to ask for directions regarding an issue with our photo sync. Please see attached image.

A confusing thing for us is that the photo is present on some accounts and can sometimes be "pushed" into moodle by uploading a new image. But not always.

The only place I could find the "refresh token" issue is the usersync task log related to photos.

We tried to switch between full and delta sync as well, don't seem to be a difference, "cleaned up" the openid and sync delta token. No changes.

Any ideas how we can fix this? :)

Thank you very much for the plugin!

Greetings, Ras user create task log

Denis-WUAS avatar Nov 09 '21 09:11 Denis-WUAS

Hi @Raswayare,

A few reasons could have caused what you see. I'll try to be general in my answer.

  1. At high level, the frequency of photo sync is controlled by the "Profile photo refresh time" setting (local_o365 | photoexpire) in the "Advanced" tab of the local_o365 configuration page, with a default value of 24 hrs. So if a user's profile photo was updated less than 24 hrs ago, the user sync task will not try to update it.
  2. The last time when the photo was updated is stored in mdl_local_o365_appassign table in the database.
  3. You probably need to troubleshoot the error "Could not refresh token" yourself, as it will heavily depend on your plugin configuration. Function assign_photo() in /local/o365/classes/feature/usersync/main.php throws this error, you will need to see where in this function it happened.

I hope this helps.

Regards, Lai

weilai-irl avatar Nov 11 '21 11:11 weilai-irl

Hello Lai, thank you for you pointers!

Continued to investigate and found some new log entries, I’ll leave them here in case you’ve seen it before or someone else did.

Debug Log

Thank you!

Greetings, Ras

Denis-WUAS avatar Nov 12 '21 09:11 Denis-WUAS

Hi @Raswayare,

First of all, please confirm your Moodle version and Microsoft plugin versions (at least for auth_oidc and local_o365).

Assuming you are using "Application access" connection method, could you try to provide admin consent from the "Microsoft 365 Integration" configuration page in Moodle again, and verify the setup again please to see if there's any error/warning please. It looks to me that your system token restored in Moodle has expired, but the other parts of your user sync task run still works as you received users, which is strange.

After the steps above, and confirm the verify setup action returns no error, please try to run the user sync tasks again and see if you still see the same errors please.

Regards, Lai

weilai-irl avatar Dec 10 '21 12:12 weilai-irl

Hello @weilai-irl

We are currently running moodle and plugins with the following versions:

Moodle 3.11.3+ (Build: 20211029)

Microsoft 365 Integration local_o365 3.11.1

OpenID Connect auth_oidc 3.11.1

Microsoft 365 repository_office365 3.11.1

We used to use the System API user but switched to Application access a 2 years or so ago.

I went through the Graph API permission meticulously twice, I granted permission and ran the Update button on the Verify Setup page. image

image

The individual task logs like this: image

Manually Triggered: image

I have also found lots of errors like these but they don't seem to cause any issue for the people. image

And this is still here too: image

It's amazing how despite all of that logins works, Teams integrations, every thing, just the Images are not synced consistently and regress to the default image seemingly by chance.

Thank you for giving my problems with it a shot! :)

Greetings, Ras

Denis-WUAS avatar Dec 13 '21 12:12 Denis-WUAS

Hi @Raswayare,

Could you run the following script on your database please. DELETE FROM mdl_config_plugins WHERE plugin = 'local_o365' AND name = 'systemtokens'; It looks like you still have old system API user tokens littering around. I'm not sure if this is 100% related, but it worths a try. Could you do the following:

  • Run the script in DB.
  • Go to Moodle and purge all cache.
  • Go back to the Microsoft 365 integration settings page, in the "Setup" tab, you should see the "System API User" field empty now.
  • On the page, provide admin consent again, save settings, and verify settings again.
  • Run the task so see if the issue persists.

FYI, the "web service login failure" errors in your second last screenshot doesn't seem to be related to the Microsoft plugins. They are errors thrown by the Moodle core web services features, e.g. for Moodle mobile app.

Regards, Lai

weilai-irl avatar Dec 14 '21 15:12 weilai-irl

@Denis-WUAS @weilai-irl greetings.

I believe that this happens because the assign_photo method first tries authenticate with user token instead of system or app token, even during cron. See below:

https://github.com/microsoft/o365-moodle/blob/f796d9dfc27fdede24225cbc1ce445fb417fc1cb/local/o365/classes/feature/usersync/main.php#L204

Other syncs uses the app auth method first:

https://github.com/microsoft/o365-moodle/blob/f796d9dfc27fdede24225cbc1ce445fb417fc1cb/local/o365/classes/feature/usersync/main.php#L265

joaop221 avatar Dec 04 '23 18:12 joaop221

Hi all,

The problem reported in this issue should have been fixed by the releases from today now.

Thank you very much for reporting the issue and providing the solution.

Regards, Lai

weilai-irl avatar Mar 11 '24 14:03 weilai-irl