Jan 6 2021
Exciting update: Turns out that I never properly tested the "mwoauth-authonlyprivate" option, because of that silent clearing of the custom endpoints config. I have now done that, and seem to have gotten a proper OAuth handshake completed!
Confusing indeed! Turns out that the custom endpoints definitions were silently deleted (reset to empty) when I made changes to the scopes field. I have now re-populated the custom endpoints, and we're back to the "The requested scope is invalid, unknown, or malformed" error.
No luck with authonlyprivate either.
Thank you. The scope parameter is not optional on the Moodle side, so I'm forced to put some value in there. Trying both "mwoauth-authonlyprivate" and "openid mwoauth-authonlyprivate", I did not even get as far as Meta's error message (instead getting an apparently spurious 403 Forbidden on the Moodle server itself, like the one described in https://phabricator.wikimedia.org/T271078#6723663
Jan 5 2021
Thank you! Using the correct manual endpoints seems to have taken me a step further. I now get a Moodle error "The requested scope is invalid, unknown, or malformed", presumably referring to one or more of the three "scopes" in the config field shown above, viz. "openid profile email".
Progress(?) -- I have defined endpoints by some wild guessing and peeking at some client code, as follows:
Which now gets me to an actual OAuth error, as follows:
Thank you, @Reedy. I did indeed peruse the [[OAuth/For_Developers]] page, which is how I got as far as registering my OAuth client and receiving my credentials. However, I am probably still missing something.
Jan 3 2021
Nov 11 2020
Some more weeks on, I repeat the request to make progress, or at least offer an ETA for this. Thank you.