Obtain a Token - C0D3D3V/Moodle-DL GitHub Wiki

The Moodle REST server accepts GET/POST parameters and return XML/JSON values.

The official documentation describes how to get a token for a normal login.

On most instances of Moodle, only one external service, if any, is enabled, and that is the Moodle app with the identifier moodle_mobile_app.

The following data are required as post data:

    'username': username,
    'password': password,
    'service': 'moodle_mobile_app'

These data are sent to: https://www.yourmoodle.com/login/token.php

As an answer you get the token as JSON or an error message also as JSON:

{
    "token": "9859148a89546f0efe716a58e340849b",
    "privatetoken": "8RpHJevJ42W7QN23OMkeYcdOYw3YfWgWGKsak7WB3Z88wcApSCVZ9TgY6M5fEO1m"
}

Get a token, with SSO login

Up to version 3.8.1 the downlaoder can automatically copy a token from moodle if you have logged in with SSO. For newer versions this must be done manually. There are two methods:

After you are logged in to your Moodle, visit this website: https://www.yourmoodle.com/admin/tool/mobile/launch.php?service=moodle_mobile_app&passport=12345&urlscheme=moodledownloader

If you open the link in your browser, no web page should load, instead an error will occur because your browser tries to redirect you, to a none existing website. You browser tries to open moodledownloader://token=$apptoken. Open the developer console (press [Ctr + Shift + I]) and go to the Network Tab, if there is no error, reload the web page. Take a closer look at the error. $apptoken is not quite the token we need. According to the source code the token is base64-encoded and contains the passed passport parameter. You have to decode the token, for example with this tool. Then the decoded should consist of two or three sections, which are divided with ::::. The normal token is in the second section and privatetoken is in the third section.

The always working method

You can also extract a token directly from the Moodle app, this works whenever the Moodle app is working.