1. `response_type` should just be `code` ... `code id_token token` = hybrid flow. I think you want code flow. 2. Also remove `implicit_grant` 3. Make sure `redirect_uri` on Moddle is https To further assist, it would be helpful if you can post anything interesting in the oxauth logs or in your client logs. Also, we have no idea if the Moodle client actually works. What's the url of the client home page.

Thanks Michael for a quick response. I actually tried all options here. As you mentioned above... 1) I added response type only as code 2) Grant Type only as authorization_code and refresh_token 3) Redirect_URI is https Is there a private channel where I can communicate with you directly and send u the exact request going with the client id or other details. Please let me know. This is really urgent. I checked the oxauth logs and moodle logs. The oxauth logs just says authentication successfull and moodle docs just throws the error. Thanks Sumeen

Hi Michael I have send you the screenshots of the plugin used as RP on moodle with the settings done, Client settings added in gluu, and oxauth log. Please see the google drive link attached. If you can send us an email with your IP, we can whitelist you and give access to the gluu and moodle urls set up for more details. We are still in development stage and kind of struggling on it. Any help is appreciated. Thanks Sumeen

1. I have no idea what moodle means by "Resource" 2. You may want to use `public` not `pairswise` subject identifier 3. `redirect_uri` looks right 4. The oxauth log that you showed has no error (only INFO) 5. We will not access your system, even if you were to buy commercial support. 6. Is the `redirect_uri` being called? 7. Are you sure Moodle supports form-post response type?

Thanks Michael for the response. Point 2 - I tried both public and 'pairwise' subject identifier. Point 6 - Yes, the redirect_uri is being called and sent as a post request and thats where it threw a 404 error with the response error message of 'invalid_client'. I will investigate on the other points and get back to you with more details. Thanks Sumeen

The Gluu Server throws invalid client? Or the application?

Looks Gluu server to me. I am sure I am missing something here. I attached two more screenshots - network trace 1 and 2 in the same link as above. The plugin on the client side is PHP. So all I did is just print the json response I get back from the last redirect uri request sent as POST request from the client and exit the program. The program if not exited throws an exception as 404 with a web page which is plugin related. This is the printed response : Array ( [error] => invalid_client [error_description] => Client authentication failed (e.g. unknown client, no client authentication included, or unsupported authentication method). The authorization server MAY return an HTTP 401 (Unauthorized) status code to indicate which HTTP authentication schemes are supported. If the client attempted to authenticate via the Authorization request header field, the authorization server MUST respond with an HTTP 401 (Unauthorized) status code, and include the WWW-Authenticate response header field matching the authentication scheme used by the client. ) Also, point 1) I have no idea what moodle means by "Resource"- the tooltip on it says - "The OpenID Connect resource for which to send the request.". Does that give any idea? Again, I appreciate your help on this. Thanks Sumeen

Hi Sumeen, I wanted to follow up with you on this.Please let us know if issue was resolved? If not, Can you please inform if you see error from Gluu side or application side? Do you see user authentication successful in oxauth logs?