Authentication

Log in to your development Moodle as an administrator and, from the Site administration menu, slide down to Plugins, then Authentication, and then click on Manage authentication:

The Manage authentication page lists the available authentication plugins (together with general configuration settings further down the page):

Check out the Moodle docs for details of the authentication process at https://docs.moodle.org/dev/Authentication_plugins#Overview_of_Moodle_authentication_process. What is important to realize about the authentication process is that it isn't simply a question of either creating a new user account in Moodle or verifying user credentials against a third-party system.

Let's spend a little time studying the authentication process in detail. Open Eclipse and navigate to login/index.php:

Authentication begins and the Moodle login page is displayed. It requests the user's credentials:

When the login form is submitted, login/index.php loops through the enabled authentication plugins, in order, to fire the login event to each plugin's login hook:

An authentication plugin hook may return user details at this point--typically preventing the user logging in as part of a debugging process or because of a configuration error of some kind. The authentication plugins are called from the authenticate_user_login() function in lib/moodlelib.php. The auth_login() function is called on each authentication plugin:

The authentication plugins themselves are to be found in the auth folder; for example, the default authentication method is manual accounts:

Feel free to take a look now at the structure of the manual authentication plugin. Authentication plugins have the same general structure:

The script that actually authenticates, and each plugin contains one, is auth.php. The auth.php file contains a declaration of a class based on auth_plugin_base, the authentication base class declared in /lib/authlib.php. We will be studying the structure and operation of authentication plugins in general (as well as developing our own) in Chapter 6, Managing Users - Letting in the Crowds.