Moodle Session Refresh

Steps

1. Open the browser and navigate to Moodle

Open the browser tool and navigate to the Moodle URL from config (e.g. https://moodle.example.edu).

Take a snapshot to see the current state.

2. Handle the Okta SSO redirect

Moodle will redirect to Okta SSO. If you see the Okta login page:

• Find the email/username field and type the username from config
• Find the password field and type the password from config
• Click the Sign In button
• Take a snapshot to see what appears next

3. Read the Okta Number Challenge

After entering credentials, Okta will display a Number Challenge — a 2-digit number on screen that the user must select in their Okta Verify app on their phone.

Important: The user is accessing this machine via SSH and cannot see the browser screen.

1. Take a snapshot of the browser

2. Look for the challenge number — it appears prominently on the Okta verification page (typically a large 2-digit number like "47" or "23")

3. Tell the user the number by outputting a clear message, e.g.:

   🔐 Okta verification required. Please open Okta Verify on your phone and tap the number {number}.

4. Wait for the user to confirm they have tapped the number, OR poll by taking snapshots every 5 seconds until the page navigates away from the Okta challenge screen

4. Handle "Trust this device" (if shown)

If Okta shows a "Trust this device for 14 days" or similar prompt after successful verification:

• Click the "Yes, trust" or "Trust this device" button
• This prevents needing to approve push notifications for ~14 days

Take a snapshot to confirm you have moved on.

5. Wait for Moodle to load

After Okta approval, the browser should redirect back to Moodle. Take a snapshot to confirm the Moodle dashboard is visible.

If the redirect doesn't happen within ~30 seconds of the user tapping the number, take a fresh snapshot and check for any error messages or additional prompts.

6. Extract the MoodleSession cookie

Using the browser tool's cookie access, read all cookies for the Moodle domain and find the one named MoodleSession.

If the browser tool supports it:

browser.getCookies({ domain: "moodle.example.edu" })

Look for: { name: "MoodleSession", value: "..." }

7. Save the session to config

Run the following bash command to update the plugin config with the new session cookie value:

openclaw config set moodle-cli.moodleSession <SESSION_VALUE>

Replace <SESSION_VALUE> with the actual cookie value extracted in step 6.

8. Confirm success

Tell the user:

✅ Moodle session refreshed successfully. Your session is now active and will remain valid until your next login or ~24 hours of inactivity.

The moodle-cli plugin will automatically pick up the new session on the next tool call.

Troubleshooting

• No challenge number visible: Take another snapshot; the number may be on a different element. Look for large text or a highlighted number box.
• Login fails: Verify username/password in config with openclaw config get moodle-cli.
• Already logged in: If Moodle loads directly without Okta, skip to step 6.
• MoodleSession not found in cookies: Try navigating to /my/ first ({moodleUrl}/my/) then check cookies again.