Android: Stuck in login loop

GitMate.io thinks possibly related issues are https://github.com/nextcloud/android/issues/2284 (Login loop), https://github.com/nextcloud/android/issues/2032 (Login attempt just stops), https://github.com/nextcloud/android/issues/2561 (No login possible), https://github.com/nextcloud/android/issues/2143 (Login issue), and https://github.com/nextcloud/android/issues/433 (Login Error).

I've got the same problem. The app was fine before the update (4 hours ago), just a few minutes ago I saw the play store notification that it had updated it and tried it again. My Nextcloud server is up to date with the latest stable release and I can login on the web and from the desktop client (on Linux) just fine. The Android app just looks me back to the login — after what appears to be a successful login. The user/password phase seems to work, it then prompts to grant access to the app, only _then_ does it jump back to asking for a login.

@nextcloud-android-bot None of those issues seem to be related, they are all old 2018 login related things and this appears to be a new regression in the latest release.

Is this also happening with a new account?

just tested it with a new account, still happens.

Same problem here. New account doesn't work either. Everything was fine before the app update. DavDroid / DavX5 still works.

Can you create us a test account, test if the problem occurs also there and if so send the credentials to tobias at nextcloud dot com with a reference to this issue?

@tobiasKaminsky: I've sent you an Mail with a complete fresh account, please let me know if I can do anything else.

I have the same issue with the app version 3.5.0 and Nextcloud 15.0.4 it all started to act up after the update if the android app

I just had a look at the Apache log files for my Nextcloud instance and don't see anything particularly useful, but maybe it will mean something to a developer. I've redacted specific values using <key> syntax, all the values with the same key are the same.

First, these lines showed up when I first opened the app and was show a login screen:

- - [15/Feb/2019:06:25:23 +0000] "GET /index.php/login/flow/grant?clientIdentifier=&stateToken= HTTP/1.1" 303 -
- - [15/Feb/2019:06:25:24 +0000] "GET /index.php/login/flow/grant?clientIdentifier=&stateToken= HTTP/1.1" 303 -
- - [15/Feb/2019:06:25:24 +0000] "GET /index.php/login?redirect_url=/index.php/login/flow/grant%3FclientIdentifier%3D%26stateToken% HTTP/1.1" 200 8525
- - [15/Feb/2019:06:25:34 +0000] "GET /index.php/core/js/oc.js?v=7c4c8bc0 HTTP/1.1" 200 4797

After entering my credentials and hitting login, these lines showed up:

- - [15/Feb/2019:06:25:50 +0000] "POST /index.php/login?redirect_url=/index.php/login/flow/grant%3FclientIdentifier%3D%26stateToken% HTTP/1.1" 303 -
- - [15/Feb/2019:06:25:51 +0000] "GET /index.php/login/flow/grant?clientIdentifier=&stateToken= HTTP/1.1" 200 6749
- - [15/Feb/2019:06:25:51 +0000] "GET /index.php/core/js/oc.js?v=7c4c8bc0 HTTP/1.1" 200 4891

Here I was show the "grant" button, after which these showed up (while the app looked like it was loading a file manager for about 20 seconds, then it dumped be back at the login screen.

- - [15/Feb/2019:06:26:14 +0000] "POST /index.php/login/flow HTTP/1.1" 303 -
- - [15/Feb/2019:06:26:15 +0000] "GET /status.php HTTP/1.1" 200 137
- - [15/Feb/2019:06:26:15 +0000] "HEAD /remote.php/webdav/ HTTP/1.1" 401 -
- [15/Feb/2019:06:26:16 +0000] "HEAD /remote.php/webdav/ HTTP/1.1" 200 -
- [15/Feb/2019:06:26:16 +0000] "GET /ocs/v1.php/cloud/user?format=json HTTP/1.1" 200 684
- [15/Feb/2019:06:26:17 +0000] "GET /ocs/v1.php/cloud/users/?format=json HTTP/1.1" 401 140
- [15/Feb/2019:06:26:18 +0000] "GET /ocs/v1.php/cloud/users/?format=json HTTP/1.1" 401 140
- [15/Feb/2019:06:26:18 +0000] "GET /index.php/avatar//235 HTTP/1.1" 304 -
- [15/Feb/2019:06:26:18 +0000] "GET /status.php HTTP/1.1" 200 137
- [15/Feb/2019:06:26:18 +0000] "POST /ocs/v2.php/apps/notifications/api/v2/push?format=json&pushTokenHash=&devicePublicKey=&proxyServer=https%3A%2F%2Fpush-notifications.nextcloud.com HTTP/1.1" 401 106
- [15/Feb/2019:06:26:20 +0000] "GET /ocs/v1.php/cloud/capabilities?format=json HTTP/1.1" 200 537
- [15/Feb/2019:06:26:22 +0000] "GET /ocs/v1.php/cloud/user?format=json HTTP/1.1" 401 140
- [15/Feb/2019:06:26:26 +0000] "PROPFIND /remote.php/webdav/ HTTP/1.1" 401 343 > - - [15/Feb/2019:06:26:33 +0000] "GET /status.php HTTP/1.1" 200 137
- - [15/Feb/2019:06:26:33 +0000] "HEAD /remote.php/webdav/ HTTP/1.1" 401 -
- - [15/Feb/2019:06:26:33 +0000] "GET /status.php HTTP/1.1" 200 137
- - [15/Feb/2019:06:26:34 +0000] "HEAD /remote.php/webdav/ HTTP/1.1" 401 -
- - [15/Feb/2019:06:26:34 +0000] "GET /index.php/login/flow HTTP/1.1" 200 7293
- - [15/Feb/2019:06:26:35 +0000] "GET /index.php/core/js/oc.js?v=7c4c8bc0 HTTP/1.1" 200 4799

I have same issue . I have updated today the app , and no longer working. After login I am redirected to login again. The server is on a VPS locally

I went to the Android account settings on my phone (LinageOS) and deleted the Nextcloud account (despite of the warning that all the messages, contacts and other data will be lost). After deleting the account I went back to nextcloud app and created a new account.

It works for me, and as far as I can tell I did not loose any files on the phone or on the server.

I have same issue, stuck in login auth loop.

Me to. Removing the account and recreating the account takes care of it (thx @ trawn-sh). Though I hope a new client can be released that automagicaly fixes the issue. I have several low-IT-capable users who can't do the account-trick themselves....

+1

I can login on the web but app is not working. If I remove the user it will remove all my files? Anyway to avoid loss of user files?

@Shani149, remove and recreate the account on the smartphone/tablet, not on the server...

@RDominique that worked, thanks for explaining.

Worked for me also, many thanks

Don't forget to re-enable any auto uploads, these were wiped for me after clearing the account

Hello
I confirm also that if you reinstall application it won't work. However if you go to apps/settings and delete data information and reinsert the account will work. Indeed you need to re-enable the auto uploads. However the information that was made between this reinstall install, I don't see it on my server yet. Is there a way to force re-scan of the phone , or to compare again files ? Or I need to copy manually and run occ files:scan

You have to manually copy anything missed from auto upload, only works on new files from when you reset the rules unfortunately

Indeed unfortunately . This will be a nice feature to have I think . Also this will be nice for first install of apps to upload existing files on phone.

I am also affected by this issue. I have tried to remove application tokens, but this hasn't helped. Any solution other than removing an account (which requires setting up auto uploads again, and I have lots of them)?

Hey guys this is a serious problem — there are a lot of people affected and we're dead in the water. There are quite a few people that have made it to the issue tracker here, but also comments in the Play Store reviews section are starting to proliferate mentioning this issue.

One common theme (but not, apparently, exclusive) is that many of them are using ActiveDirectry for their authentication backend. In my case I'm using LDAP, and a few people seem to have this issue on internally authenticated users.

Is there anything we can do to expedite finding and fixing this? I believe this is the kind of bug that warrants and urgent hotfix point-release. I'm trying not to be too alarmist here, but even just considering my own troubles –as a long time user and advocate who has turned many people on to Nextcloud and hosts it for several teams– I am having to transfer files through other channels and am wondering about alternative platforms.

Is there anything that we can do to help find a solution? It still bugs lots of users.
And no, re-auth every user is not really an option for lots of admins out there...

I have the same problem and I have a lot of "low-IT-capable users", too, which encouter this problem.

shouldn't this be labeled as "high"?

I have this problem too. I tried reinstalling the app before coming to this thread and now I can't remove my Nextcloud account from "Accounts" because it isn't there... but I still can't login to my account. A new account works just fine. Does anyone know where any remaining data might be on my phone that I can delete manually?

Updating the Nextcloud to the new release, 15.0.5 fixed it at least on my phone. I have to check it with my users...

In my case upgrading NC to 15.0.5 has not helped. I am still stuck in the login loop. I am using LDAP accounts.

Yes, it (upgrading Nextcloud) probably did not "work correctly" for me either, since I lost the instant upload settings. My android app lost those settings somewhere along the way which is probably the same as clearing the app-cache.
Upgrading is no solution, the problem seems to be with the android app.

I can also confirm the 15.0.5 server update does not change this situation at all. Given there was an LDAP related change I thought there was an outside chance it was related, but nope.

Additionally I just updated some Android devices from 8.1 (Lineage 15.1 / Oreo) to 9.0 (Lineage 16 / Pie), and that also has no effect on the app behavior. The login still fails the same way it had been on those devices.

I think this is the same as #2811 and #2553

Wow @derekblankmccoy I thought I'd done well finding the newer duplicates, thanks for dredging those up. They do _seem_ to be related and there appears to be some long standing gremlin that keeps wearing a new face. That being said it isn't clear what the common thread is since lots of previous cases seem to have been resolved and the still open issues hint at things like older server versions etc.

Just in case I reviewed the suggested "solutions" for hints and tried clearing all previously authenticated tokens / logins from the server in case it was trying to use some old cached one. That seems to have done nothing, using a newly generated one does work (the server shows the new authentication) but the app still kicks back to the login.

Hi
I have same Problem nextcloud both 15.0.5 and previous versions
Linux debian stable desktop works fine with browser firefox esr.

on Fairphone 2 with android 7.1.2 rev 19.02.1 Fairphone OpenOS
davx5 works fine Contacts and Calender
Nextcloud app 3.4.2 and 3.5.0 is caught in Login loop after Release of resources to app is required. after "Zugriff gewaehren"
nextcloud server reports successful login both from Fairphone FP2 and for nxc app
The problem arose when updating from nxc 13.
since weeks now dumbphone nxc app function is dead.
from adb debug no obvious information

Hi
I deinstalled the app 3.4.2 and/or 3.5.0 and installed nextcloud_dev ver 20190301.
Shifted to internal storage , deleted cache and storage.
The nextcloud_dev ver 20190301 works
on my Fairphone 2 with android 7.1.2 rev 19.02.1. Fairphone OpenOS.
So the difference is between the app 3.4.2 and/or 3.5.0 and the devel version
BR Erich

@phu9Suop That does not sound conclusive to me. Deleting the cache & storage is something that's worked for some people even staying on the 3.5.0 release. That's just not a very palatable solution for people with lots of users to support. Also the dev version (whether you installed it manually or from F-Droid probably use a different app sandbox than the official builds anyway, so it's basically a separate beast. What we need is for the official app store release builds to work. At this point I don't think there have been any changes in the code tree that would actually fix this, you're just _avoiding_ the bug in the first place. Wherever it's hiding....

@alerque I have done this before, deleting the app, the cache and storage and reinstalling the 3.4.2 and 3.5.0 versions both with no success. I employed a reputed company to install the nextcloud server for me at a substantial cost. It works with the notebooks, and the company is clueless also about what happens in the smartphone. The installation happened in March 2018 and for two month out of 12 the android app was working at the time of Nextcloud 13.
I am a user and have no idea and no intentions to dive into the internas of android / nextcloud, and unfortunately the acquisition of the smartphone has not lead to the expected comfort and savings in time , but become a nightmare in troubleshooting.
Clues:

1. dev version and regular release function different. As you mentioned the sandboxes are not the same. Why is the sandbox of the dev version not representative for the sandbox of a production version? Then the dev is not representative for the production version. That could be a cause for the error which is repeorted since
2. The problem is not in the nextcloud server side. The server records a regular login session and no problems.
3. It seems to me, that only the surface of the app disappears, because when checking the storage consumption before deletion, the android "Eigenschaften" Properties or settings reported 83 MByte of memory usage. So at least a data structure has been generated

Next steps:
I installed adb and can run a debug session, if I am told what to do. My company above looked at the log and has not found any hint. Probably the debug level of android and logging must be modified to show useful information.
BR Erich

It is unbelievable that this problem still exists. My users did start to migrate back to Dropbox, since this very basic feature is broken since over a month now.

Hey, developers! Are you here?
Do you read issue reports?
This breaking authorisation problem still here for more that 5 month already!!!
I will strongly advise all people stop using nextclowd. It's inappropriate behavior when basic auth facility _is_ broken and developers are just playing with "this may be bug #a or may be #b or #c" instead of fixing such most important and basic thing.
Application is UNUSABLE on Android.
Reinstall every day is not an options, as resyncing files collection to phone takes a lot of time. I will strongly advise people to keep off from nextclowd till problem will be resolved.
Anyone from developers can answer anything?

I have to agree with pasichnichenko, this should be priority number one as the app is unusable unless you have some technical knowledge of how to fix it.
This is a massive issue for environments with thousands of users.

Don't agree pasichnichenko.
If you are using Nextcoud free of charge, to my opinion, you don't have any right to talk like this. (Especialy your 'don't use Nextcloud' statement bugs me)

If you don't like the situation, take up a programing course and devellop yourselves.

Done that and bene there. It takes a lot of time and effort. Nothing but respect to developpers! It's there choice on what they put there energy in.

Nextcloud has paying users. I would't be supprised that it's that kind of users that keep the project running.

Me myselve am a non-paying user. I suggest non-paying users stay humble...

For the record, I just removed the account, not the app. After recreating the account, for me everything works great. Thus my experience.

I do respect a developers. They did great job! But everyone becoming developer must understand responsibility he receiving after releasing his product.
I am not forcing developers to fix anything.
I have no right to force them.
I am just asking an answer, whether they are intended to fix auth issue and if they are willing to do then to clarify expected or any other timeframe for this. If developers are not going to fix this issue, please, just answer "we are not going to fix it, we don't care, learn programming and fix yourself if you need", and I will be fine even with this answer, as I will know what to expect next and will update my plans accordingly.
But instead of an answer, real answer, we get some strange thoughts around issues and then just silence.
I'm monitoring this particular issue with auth since around summer 2018 and it's just still here but no any clarification about priority and intention and/or timeframe about fixing the issue.
And yes, I have tried removing account from phone, readding, reinstalling app and readding account again and upgrading, every time it was working fine after, for some time, but breaking again and again. Sometimes it gets fixed himself somehow, I've tried a lot to reproduce this self-fixing, but it's breaking again and again after. Yesterday the app selffixed again and right now it's working fine, but it's unclear when it will break again, may be tomorrow...

It's really annoying. Especially if you're using 2FA and you always have to login and generate a new App-password when this happens.

Is it in sight when there will be a fix?

This request did not receive an update in the last 4 weeks. Please take a look again and update the issue with new details, otherwise the issue will be automatically closed in 2 weeks. Thank you!

Hey @stale, your configuration indicates project management failure here... This issue is not stale, it is confirmed many times over and still a bug. The only thing stale about it is that it's not getting fixed.

In all seriousness, please reconfigure that bot to only run on issues that have been tagged as needing more user input.

How come there is no movement on this? It's a major issue

I did some digging and found a problem which is related to LDAP.
The first login is successful, after which the Android App generates a login token for successive logins.
However, that fails with OCA\User_LDAP\Exceptions\NotOnLDAP in my case. Can other people please confirm if they find the same errors in their log files?

The problem is, that the app uses the unique identifier (which by default is objectGUID in Active Directory) as a user name when logging in. By default this is not a valid logging attribute. I tried to add it in the LDAP settings, but no luck so far. I think the problem comes from case-sensitivity or string-to-binary conversion. Either way, I don't see an option to solve this by customizing the LDAP search query.

From the top of my head I see two options to solve it:

• Change nextclouds internal username in the LDAP settings. This is not really an option for existing users in a production environment.
• Make Android use the username that was originally provided (from the GUI). I assume a change here introduced this bug in the first place. Does someone know if it was a deliberate choice to lookup the internal username on the server?
• Change the LDAP module to support objectGUID from string representation

I can confirm that this is happening to my LDAP users. I also suspected this to be a token issue as it only happened to my users when they I upgraded them from v1.4.3 of the app to v3.2.1
As a result, I've been getting endless complaints about the login process being more complicated. We don't have 2FA yet the login process still displays the "grant access" page.

I thought "grant access" is for token generation and not related to 2FA, I might be wrong though.

Nextcloud does not delete the user data but only the settings when you clear the storage through Android settings. I believe the problem is the (corrupted) user data from an older app version. Once you remove the account and add it again, everything works fine for me (i.e. the login attribute is used as the username and not the GUID). However, in order to delete your account, you have to be able to login (or delete data manually I guess; dunno how).

I found a workaround for people with access to AD. Copy the string representation of the objectGUID (uppercase with commas) into externalAttribute1 and make it a login attribute in NC. Unfortunately, that has to be done for every user.

If it's for token generation, surely that should be hidden and automatic with no need for user intervention?
Thank you for your research though, it looks like you have found the issue. I guess it's now for the devs to fix it.

so pinging @tobiasKaminsky and @rullzer since it seems to a LDAP related issue.

Keeping this high again. Switched on one notebook from debian 9 to debian 10, now with debian deb nc desktop Version 2.5.1git. Works fine
updated FP OpenOS twice in the meantime, and davx5, need to put user data and pw again , works fine
switched on smartphone to app 3.7.0, no change,
where are the data from previuos app which must be wiped ??
@RDominique
The fact that nextcloud offers only licences > 50 users shall make me humble ? I am retired and cannot by 50 licences for my single user install. BTW I worked in 20 programming systems, it started with ALGOL and FORTRAN, a.s.on and I do not see a point in getting into android and the nextcloud app now in my life. OS is for everybody.

Issue on my clients as well. Seems to be a global thing with IOS, Android and the Desktop app as well (all is good on chrome though). I had at first thought it could have been due to my loadbalancers and sticky session cookies used with two nextcloud servers. Does anyone else have a similar setup?

I am using LDAP as well. Id be happy to send logs out somewhere if it can help get some movement on this issue. I can say though that even when i try and login to the app with a non ldap account, that account also login and grant loops.

This issue has gotten so bad, we're thinking of abandoning Nextcloud. Is anyone actively looking at a fix?

Yesterday I just installed Nextcloud 3.7.0. After numerous updates it is STILL HAVE THIS ISSUE, and today it lost password. Then I did numerous attempts to login again, and login, and login, and login and after every entered correct password it asked me again and again to authorize. It is interesting to note, when I give incorrect password then app immediately say me the password is incorrect, but when I enter right password it continues to ask me again and again.
Application is still unreliable and, thus, unusable. I removed nextcloud app again and advising everyone to do same. Even owncloud android app is not loosing auth tokens/passwords. I am using owncloud app for now.
Guys, just switch to owncloud app and it will just work.

Is there an available owncloud app that is not paid?

Guys, just switch to owncloud app and it will just work.

EDIT: Just attempted from f-droid owncloud app and it says "Precondition Failed" when i try and sign in to nextcloud.
Edit 2: I checked another github issue for owncloud app and tried Owncloud Android version 2.8.0 and it worked and logged in perfectly the first time, no login loop and no "Precondition Failed" error. There are some other issues i see right now but that might just be because i am using an older app version, but at least login works.

Owncloud app from googleplaymarket is free, at least I didn't paid any cent.

I just checked nextcloud's other tickets with history of longstanging fighting with some "android" "accounts" or "logins" "manager" which creates some "accounts" for apps or anything and which is buggy. I dunno why this android account/login manager is angry on nextcloud app and hates it, but tonns of other apps, like telegram, owncloud etc., are working perfectly. I dunno what rocket science is implemented in nextcloud app, so after forking from owncloud codebase it just stopped working.

Well, i may have fixed my login looping. I made some changes to my ssl certificates and it seems to be working for me in the normal nextcloud app. i may have been missing the intermediate certifications in my pem file that i was delivering with my HAproxy install that is infront of my nextcloud server. I tested with myself as well as a few other people and they were able to login. Google chrome never complained about the cert so i figured all was good, perhaps the android app is a bit more picky. I dont know if this helps anyone or not but i hope so.

edit: might have not been the full fix after all, still having this issue on some clients. Definitely could be session handling related?

Something is definitelly not right with the way the sessions are being handled:
This is my phone and tablet, several sessions for each:

@derekblankmccoy Yeah the same happens for me too. Every attempt creates a new one.

Also partly scratch my last message, it seemed to have fixed it but a few others are still getting the login loop and a status code 401 every time it fails to login and loops again. Also just like @pasichnichenko if you put in the wrong password, it does tell you that the password is incorrect, so it is fully authenticating properly. Different owncloud apps still work though.

Related?
https://github.com/nextcloud/server/issues/13431

Hello

I'm new user of NextCloud and same bug for me !
Login loop with Android App ( version : 3.7.2)
NC 16.0.4
Tel : Galaxy S9

This seems to not be a problem of how one logs in or a specific server version. With each new release of the app the number of people affected increases. So it has to do with something about logging in with a "new" or "updated" app. Deleting Cache and Data and/or reinstalling does not fix the problem.

It affected myself when updating to 3.7.2 with normal password and second factor as well as with an app-password. After a downgrade to 3.7.1 (F-Droid still has it) or an update to the latest F-Droid Dev-App the problem dissapears. (See also #4351)

As mentioned, #4290 could be a reason. I also get a new device for every try to login with an affected device.
The Server-Log does not show any entries, the Nextcloud-Log provides only:

openssl_sign(): supplied key param cannot be coerced into a private key at _XXX_/apps/notifications/lib/Controller/PushController.php#121

But I had this before the update and everything was working. No other messages appear and the same message comes up after rollback to the previous app (3.7.1) that is working.

I always suspected that login loop is due to Android's problem of creating a new account, which would explain why this happens on new installations.
But @teddy19 did an upgrade and there the account must already exist: can you check this is settings?

But @teddy19 did an upgrade and there the account must already exist: can you check this is settings?

Did your sentence get corrupted or do I just not understand what you're saying?

is -> in
In settings of Android you should still see your Nextcloud account. Even when upgrade does not work, or is it vanished?

Sorry, had to check on another device. There, the account is still shown under the Android list of accounts. Its synchronisation is disabled, trying to enable it results in a "The synchronisation is experiencing problems at the moment" (freely translated) error.

Can you also try 3.8.0RC1 which is available via Google Beta program?
There is a change that might fix it for people experience it only after upgrade to 3.7.2.

Hi
i install the Beta version now (after delete data of 3.7.2 version) and the RC1 version is ok for me after some tests. For exemple, if i close app, I do not have to login when I launch the app
for information, I m new user so i never test before 3.7.2 version so i can compare !

For me this issue started with the latest update (3.7.2) on 2 devices (Planet Gemini - Android 7.1.1 and Xiaomi 9T - Android 9). I used to login with app tokens, gave me a login loop. Same for login with password. I deleted the app, data and NC account from both phones, reinstalled. Still a login loop.

I have logcat's available if dev's are interested.

I installed 3.8.0RC1 on both phones and everything works as expected.

My other phone (Xiaomi Redmi Note 5 - Android 9) doesn't have this issue with 3.7.2.

I have logcat's available if dev's are interested.

Yes, please attach them here :+1:

Here you go

logcatOutput9T.txt
logcatOutputGemini2.txt

@stefanheijnen can you maybe also try this without limiting it to NC app?
I suspect that Android itself will show a bit more.
Also do you see the account in settings?

(will you by any chance be at our conf? Then we could debug this together…)

Reason why I ask is:

08-22 18:27:01.845 11979 12610 D OwnCloudClient #19: REQUEST GET /nextcloud/ocs/v1.php/cloud/user
08-22 18:27:02.202 11979 11979 D AuthenticatorActivity: Successful access - time to save the account
08-22 18:27:02.263 11979 11979 I Timeline: Timeline: Activity_launch_request time:35974768

So our App could logged in succesfully, but then something strange happens and the complete log will hopefully give us more info.

@tobiasKaminsky I do have a log from a few minutes earlier, collected at the (rooted) device itself (Planet Gemini), with nothing filtered. The above lines are present at the end of the log. I've pasted everything from that period at https://pastebin.com/G5p48GYZ

When I see that error, it is probably after I removed everything NC related on my phone and did a fresh install.

Sorry, I won't be at your conf :(

If you need more info, I can downgrade to 3.7.2 and continue as per your instructions.

I, too, have hit this problem yesterday. I was able to work around it in the following way:

1. Start the Nextcloud app.
2. Press the back button twice. The login screen will flash briefly both times but reappear.
3. Log in as normal.

I, too, have hit this problem yesterday. I was able to work around it in the following way:
1. Start the Nextcloud app.
2. Press the back button twice. The login screen will flash briefly both times but reappear.
3. Log in as normal.

Thanks a lot, I was having this issue on a Huawei MATE 20 Pro and this worked for me. Not sure if it'll kick me off after rebooting the phone but the app seems to work fine for now after doing this.

I was having this issue, but I just found that tapping "go back to the old login method" or whatever the verbiage is and logging in there fixes the problem for me (at least for now)

edit: it broke again after i logged in Nextcloud Talk which lacks the "old login method" option. The Nextcloud Talk login seemed to get hung up, but after i logged into the Nextcloud app again with the old method, it was fixed again and talk was able to see my conversations again too.

I was having this issue, but I just found that tapping "go back to the old login method" or whatever the verbiage is and logging in there fixes the problem for me (at least for now)

That’s right, this is session related.
My personal opinion is that session and app token logins are clearly not stable and still beta. They should be optional.

I was having this issue, but I just found that tapping "go back to the old login method" or whatever the verbiage is and logging in there fixes the problem for me (at least for now)

Using go back to the old login method works every time for me as well. It just sucks that you dont get that option until your login has already failed.

It just sucks that you dont get that option until your login has already failed.

You always get this option (you just need to wait for 30 seconds on the web-login screen)

@stefanheijnen thanks for your log. This is the relevant part:

 D Surface : Surface::disconnect(this=0x7bb0682a00,api=1)
08-22 18:03:15.447 24074 24074 D WindowClient: Remove from mViews: DecorView@5dbc7fd[], this = android.view.WindowManagerGlobal@a005b9d
08-22 18:03:15.448 24074 24074 D AuthenticatorActivity: Successful access - time to save the account
08-22 18:03:15.456 24074 24074 E AuthenticatorActivity: Account Account {[email protected]/nextcloud, type=nextcloud} was removed!
08-22 18:03:15.456 24074 24074 E AuthenticatorActivity: com.owncloud.android.lib.common.accounts.AccountUtils$AccountNotFoundException: Account not found
08-22 18:03:15.456 24074 24074 E AuthenticatorActivity:     at com.owncloud.android.lib.common.OwnCloudAccount.<init>(OwnCloudAccount.java:78)
08-22 18:03:15.456 24074 24074 E AuthenticatorActivity:     at com.owncloud.android.authentication.AuthenticatorActivity.updateAccountAuthentication(AuthenticatorActivity.java:1632)
08-22 18:03:15.456 24074 24074 E AuthenticatorActivity:     at com.owncloud.android.authentication.AuthenticatorActivity.onAuthenticatorTaskCallback(AuthenticatorActivity.java:1500)
08-22 18:03:15.456 24074 24074 E AuthenticatorActivity:     at com.owncloud.android.authentication.AuthenticatorAsyncTask.onPostExecute(AuthenticatorAsyncTask.java:100)
08-22 18:03:15.456 24074 24074 E AuthenticatorActivity:     at com.owncloud.android.authentication.AuthenticatorAsyncTask.onPostExecute(AuthenticatorAsyncTask.java:43)
08-22 18:03:15.456 24074 24074 E AuthenticatorActivity:     at android.os.AsyncTask.finish(AsyncTask.java:667)
08-22 18:03:15.456 24074 24074 E AuthenticatorActivity:     at android.os.AsyncTask.-wrap1(AsyncTask.java)
08-22 18:03:15.456 24074 24074 E AuthenticatorActivity:     at android.os.AsyncTask$InternalHandler.handleMessage(AsyncTask.java:684)
08-22 18:03:15.456 24074 24074 E AuthenticatorActivity:     at android.os.Handler.dispatchMessage(Handler.java:110)
08-22 18:03:15.456 24074 24074 E AuthenticatorActivity:     at android.os.Looper.loop(Looper.java:203)
08-22 18:03:15.456 24074 24074 E AuthenticatorActivity:     at android.app.ActivityThread.main(ActivityThread.java:6293)
08-22 18:03:15.456 24074 24074 E AuthenticatorActivity:     at java.lang.reflect.Method.invoke(Native Method)
08-22 18:03:15.456 24074 24074 E AuthenticatorActivity:     at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:1084)
08-22 18:03:15.456 24074 24074 E AuthenticatorActivity:     at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:945)

This means that the app password was retrieved and the account can be stored within Android.
According to the code (updateAccountAuthentication) you already had an account?
And then for unknown reason the account could not be found.

@stefanheijnen can you do this (sorry it might be the same result, but to rule out everything):

• delete app
• reboot phone
• verify that no NC account is in Androids settings
• install 3.8.0 RC2
• try to log in again
• post result / full log

Using the old login mechanism might work, but then you do not have push notifications, as those require the app token system.

Using the old login mechanism might work, but then you do not have push notifications, as those require the app token system.

What good are push notifications if you can’t login? 😂

Using the old login mechanism might work, but then you do not have push notifications, as those require the app token system.

What good are push notifications if you can’t login?

Hehe, I just wanted to point out that the "new" login system is the future and why the old one does not work in all scenarios.
So instead we should try to find out why it does not work under some circumstances for some users. (some as we have more than 370k active installations)

Same issue.
Infinite login screens.

'new' login system is bad solution. It is broke normal app functionality.

I've a slightly different issue, I can login fine, but if I try to add a second account, the first one gets logged out.

https://www.youtube.com/watch?v=9CU1jxWeyXk

Using 3.7.2 from f-droid on Redmi 9T - https://f-droid.org/repo/com.nextcloud.client_30070290.apk

I've a slightly different issue, I can login fine, but if I try to add a second account, the first one gets logged out.

https://www.youtube.com/watch?v=9CU1jxWeyXk

Using 3.7.2 from f-droid - https://f-droid.org/repo/com.nextcloud.client_30070290.apk

Yes I have this problem in addition to the one most people are talking about in this thread. It's probably related.

I had the same issue (or at least the same symptoms). This comment fixed it https://github.com/nextcloud/server/issues/13431#issuecomment-456453585.

Hi, I commented above on having the same problem.
After some analysis I found that it must have been an android-system side user database, which is full of failed trials to logon. Unfortunately the way to purge this user database from bad entries is difficult or impossible. I don't want to study sqlite because of this. The FACTORY RESET of my Fairphone2 resulted in an immediate success of making the app work. However it was 8 hours of work, to get the phone set up almost as before. including repeating of OS update.
The cause of the many failed trials seems to be a problem with android, which has an option to install an external sdcard as internal, however not all apps on the Fairphone2 Open OS (7.1.2) handle this. Some apps did work from the sdcard, others not and nextcloud belongs to the latter. So I selected the sdcard to be external after the factory reset.

Fairphone# corrected

I had the same issue (or at least the same symptoms). This comment fixed it nextcloud/server#13431 (comment).

This has always been in my config and does not fix my issues unfortunately.

Reverting to old login method fixed my issue.

had the same problem, reinstall 3.7.2 did not fix.
now upgraded to 3.8.0 RC4 and the login works again.

had the same problem, reinstall 3.7.2 did not fix.
now upgraded to 3.8.0 RC4 and the login works again.

RC4 has no change for me.

3.8.0 RC5 works on my phone.. no login loops, no issues after first setup.
I might add, you'll have to remove the Nextcloud account from your phone first completely. (You're removing the account from your phone, not the nextcloud server itself)
Then set it up again and it should work on 3.8.0 RC#

I've a slightly different issue, I can login fine, but if I try to add a second account, the first one gets logged out.
https://www.youtube.com/watch?v=9CU1jxWeyXk
Using 3.7.2 from f-droid on Redmi 9T - https://f-droid.org/repo/com.nextcloud.client_30070290.apk

Re-tested with 3.8.0 from Play store and still the same. Tried removing the account from the phone first too.

This request did not receive an update in the last 4 weeks. Please take a look again and update the issue with new details, otherwise the issue will be automatically closed in 2 weeks. Thank you!

Nor did it receive attention. Not stale.

If it doesn't get any attention as in new infos then it is stale actually.

As for adding multiple accounts, please upgrade to 3.8.1

My issue is gone with 3.8.1 it seems, thanks!

My issue is gone with 3.8.1 it seems, thanks!

you are very welcome @C0rn3j ❤️

Uhmmmm, yeah, I guess this post doesn't get that much attention anymore because most of us have gave up and found a way to walk around? I just switched to thr owncloud android app. I still have login loop issue with 3.8.1 (on S10+) though.

This issue sucks, this is not the way to do "upgrades" or opress users into using "new" features.

Maybe you could try to restart your phone?
I think afterwards everything worked for me... (after deleting the first account)
Or is this the first time, that you are using this app on your phone?

What @rightpeter said. Its going stale because every probably has just given up. I've been sitting on a rollout for months but this issue is holding release back. No Upgrade of Nextcloud or the Android/IOS app has fixed the issue.

Ditto. Not stale. I’ve just given up on the android app and use the iOS version. Still get daily issues with my users though and I’ve written a guide telling them how to work around it by clearing all their sessions from the web version, removing the account from the android account manager and sign back in. It’s not an acceptable use of the app though so we are looking at Nextcloud alternatives.

Some time ago I wrote a sumup what I think is happening.
In short this was my conclusion:
My last debugging session showed that it is a problem if you have an external sd card and our app stored on it. upon restart there is a race condition that adds the account too late and therefore it cannot be accessed, but it is in db, so you cannot add a "new" one with the same credentials.

Can you try to add a new account with a slightly different account name (user + domain)?
So if you had [email protected] please try [email protected] or [email protected]/next (if this is a valid url to access your server).

And please check that the app is in internal storage.

You can do this via adb:
adb shell pm get-install-location

This are the values:
0 [auto]: Let system decide the best location
1 [internal]: Install on internal device storage
2 [external]: Install on external media

I have seen the issue on dozens of devices, most of them don't have an SD card.
Changing the case works until the login loop comes back. Its not a fix to be changing the case on the username every few weeks.

Just had one on 3.8.1, no SD card.
Trying to login with a different account and it kept looping.
I had to remove the account from account manager and kill the app. Only then did the login loop stop. The webapp showed a new device and session opened for every login attempt even though it was the same device.
The difference this time is that the old account in Android account manager did not exist anymore. NC was trying to use a deleted account to login so it was trowing me back out to the login screen. Even though on that login screen I was attempting to enter valid credentials, the app was not adding those credentials as a new account in the Android account manager. It was trying to use the old invalid account.
The old login method is obviously doing things correctly and replacing the old account with the new one. The new login method is at fault.
So in reality, this is not a loop, its just kicking you out because the account saved in the account manager is invalid. An issue the app caused itself.

Ok I can confirm as I've had another one just like the previous. This time this is what happened:

• Phone was logged into Account A
• Account A deleted from the server
• NC app realises the credentials are not valid and kicks the user out to the credentials screen.
• Went into Android account manager and found the Account A is still there
• Go back to NC, user enters correct credentials for Account B and 'grant access'
• App appears to let the user in but gets kicked out 5 seconds later
• Account B is NOT in the Android account manager, only the invalid Account A
• User removes Account A from the account manager
• NC realises this and kicks the user out, except this time not back to the credentials screen but right back to the beginning asking for the server address
• User enters server address and gets taken to credentials screen
• User enters credentials for Account B and gets logged in correctly without getting kicked out
• Account B can now be found in Android account manager

@tobiasKaminsky fancy taking a look at @derekblankmccoy's findings https://github.com/nextcloud/android/issues/3623#issuecomment-546347389 ff.

This request did not receive an update in the last 4 weeks. Please take a look again and update the issue with new details, otherwise the issue will be automatically closed in 2 weeks. Thank you!

Not stale, just being ignored

@tobiasKaminsky fancy taking a look at this?

cant login in chrome, in firefox normal

Same for me, forced to refresh the page to be logged in with chrome, and not working with an Iphone

Same for me, forced to refresh the page to be logged in with chrome, and not working with an Iphone

I find a way to tix it!
Just need to add folowing string to config.php:
'overwriteprotocol' => 'https',

Same for me, forced to refresh the page to be logged in with chrome, and not working with an Iphone

I find a way to tix it!
Just need to add folowing string to config.php:
'overwriteprotocol' => 'https',

Ok nice ! fixed for my chrome loop, need to test with an iphone ASAP :)
Edit: Working nice on Iphone now

I can confirm 'overwriteprotocol' => 'https', solution works perfectly when reverse proxied.

Thanks to this issue I got it working too!

Would be cool if we got a warning about that somewhere though…

Same for me, forced to refresh the page to be logged in with chrome, and not working with an Iphone

I find a way to tix it!
Just need to add folowing string to config.php:
'overwriteprotocol' => 'https',

THIS

thank you.

I had the issue with iOS on Safari and official app
Android and chrome.

I am using the docker image with a reverse proxy by traefik.

After the fix you proposed, it works :) Thank you. Maybe it has to be fixed for default installation though...

the fix adding 'overwriteprotocol' => 'https', to config.php worked for me also thank you! Should this not be part of the docker documentation? Most people would be running this through a reverse proxy (I assume)

I thought the fix above worked for me until I upgraded from NC15 to NC16 and then NC17. Now all my users are getting login loops when their passwords expire and have to login again.

My Android App (3.11.0) is stuck in login loop, too.

This is what happens:

• I enter the server adress, app is connecting
• credentials screen, it accepts password&user
• then asks me "do you want to connect FP2 with your nextcloud account"
• loading and then I'm back on the blue start screen (where you enter the server address)

It first happened after I deleted and reinstalled the NC Notes-app which was experiencing some synchronisation troubles. When I opened the newly installed notes-app, it directed me automatically to the NC android client, asking me to login. This is when the loop started.

I also run&synchronize todo's (tasks) and calender (etar) via nextcloud, all working flawless.
Logging in is not an issue when using Android browser or desktop browsers.
When I look into my nextcloud security settings, it shows multiple sessions.

So far I did try

• removing SD-card
• clear cache in the boot menu
• delete app & reinstall
• install older versions
• delete device (see picture). It says "marked for deletion" but I'm not sure wether NC did delete it

Fairphone OS 19.11.2
Android 7.1.2

any suggestions?

thx!

I can confirm 'overwriteprotocol' => 'https', solution works perfectly when reverse proxied.

Got the same problem a resolved with this fix as well, thanks!

I still have this bug.
I have 'overwriteprotocol' => 'https', in the config.
Fresh install of Android and Nextcloud client 3.11.0 and after putting in name, password, and MFA token.. it just goes back to Log In page. It never saves the Nextcloud account in accounts.

@tdm4 is this working with another account?

I still have this bug.
Same here, I've now installed Nextcloud-dev 20200415
It works out of the box :-)

@Gajusbonus @tobiasKaminsky Can confirm the dev version 20200415 works, but v3.11.0 doesn't.

This mainly because it is another app, but the underlying cause is not fixed.
However, I do not have any idea what it is causing :/

There is a Docker environment variable for use this ?
Like nextcloud_behind_proxy = True ?

Edit: Find this OVERWRITEPROTOCOL (empty by default): Set the protocol of the proxy, http or https.
Edit2: Doc here: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/reverse_proxy_configuration.html#example

I'm also affected by this issue for several months now.
What I tried:

1. Reinstalling nextcloud android app :x:
2. Replacing nextcloud android app with nextcloud dev from f-droid :x:
3. inserting 'overwriteprotocol' => 'https' :x:
4. checking android accounts list for nextcloud account: there is no nextcloud account :x:
5. adding the same account of my nextcloud instance but with a different domain :heavy_check_mark:
6. after doing the last step adding then the account from another nextcloud instance I previously used :x:
7. after step 5: looking for a nextcloud account in android settings: yes account is there :heavy_check_mark:
8. deleting account added in step 5 from android settings and log again into it in nextcloud app :heavy_check_mark:
9. adding a app password for not working nextcloud instance and try to log in with it :x:
10. creating a new account on my nextcloud instance and log in with the domain that didn't work with my old account :heavy_check_mark:

It seems to me that there are corrupted account credentials in my system, which are not displayed. And when I'm trying to log in with a domain-username-password combination which was used before it fails. Using another domain for my instance works, so luckily I can use my instance now with the android app. But for the other instance I have no other domain available, so I'm not able to use this one so far.

phone: fairphone 2 with newest updates
android: 7.1.2
Server nextcloud version (my instance) 18.0.4.2
Server nextcloud version (other instance I use) 16.0.1.1
Android App version 3.11.1

Edit:
I checked the logs and tried to compare between the successfully log in and the failed one. This is what I found (I am really not an expert here). The account that works:

10036 10036 D AuthenticatorActivity: Successful access - time to save the account
 2368  5499 I AccountManagerService: the accounts changed, sending broadcast of android.accounts.LOGIN_ACCOUNTS_CHANGED
 ```
The account that fails:

10036 10036 D AuthenticatorActivity: Successful access - time to save the account
2368 2381 W AccountManagerService: insertAccountIntoDatabase: Account {[email protected], type=nextcloud}, skipping since the account already exists
```

Phone freshly reformatted with LineageOS.
Tried both Nextcloud app from F-droid and the Nextcloud dev app from F-droid.
I get as far as typing in my credentials, and putting in my 2FA code.
I get a small off-centered (slightly to the left) swirly circle and then it goes back to the login screen.

Have tried moving Nextcloud app from SD card to internal storage. - No change
Have tried deleting the Nextcloud account in accounts on Android -- it's not even there! (Never gets created)

I do see the session in Nextcloud 'security' section so the app did successfully authenticate to the Nextcloud server with the provided credentials. It just fails miserably to create the account on the android phone.

I have 'overwriteprotocol' => 'https', set in the Nextcloud config.

Android 7.1.2 (LineageOS version 14.1)

Waiting at the login screen and using the old login method works every time. Something is wrong with the way the tokens are being handled. I wish the session token logins could be disabled

I do use the old login method. I log in, then put in my TOTP code.
After I click Grant Access. I get a spinning circle on the right (in the UI), and then another spinning circle on the left side and then it just goes back to the Login screen.

These are the URLs recorded by the Web server after tapping Grant Access:

"POST /index.php/login/flow HTTP/1.1" 303 0
"GET /status.php HTTP/1.1" 200 0
"HEAD /remote.php/webdav/ HTTP/1.1" 401 0
"HEAD /remote.php/webdav/ HTTP/1.1" 200 0
"GET /ocs/v1.php/cloud/user?format=json HTTP/1.1" 200 0

All within the span of 3 seconds.
As far as the web server's concerned, the login got through and worked OK.
It's the app that thinks it hasn't succeeded.

I know that because when I go into the web browser and go into Settings -> Security. I see the phone session listed in there.

I also tried using 'Create new app password' and used the QR code generated.
Web server logs looked like this:

[25/May/2020:10:45:54 +0100] "GET /status.php HTTP/1.1" 200 0 "" "Mozilla/5.0 (Android) Nextcloud-android/3.11.1"
[25/May/2020:10:45:54 +0100] "HEAD /remote.php/webdav/ HTTP/1.1" 401 0 "" "Mozilla/5.0 (Android) Nextcloud-android/3.11.1"
[25/May/2020:10:45:54 +0100] "GET /status.php HTTP/1.1" 200 0 "" "Mozilla/5.0 (Android) Nextcloud-android/3.11.1"
[25/May/2020:10:45:56 +0100] "HEAD /remote.php/webdav/ HTTP/1.1" 401 0 "" "Mozilla/5.0 (Android) Nextcloud-android/3.11.1"
[25/May/2020:10:45:57 +0100] "GET /status.php HTTP/1.1" 200 0 "" "Mozilla/5.0 (Android) Nextcloud-android/3.11.1"
[25/May/2020:10:45:57 +0100] "HEAD /remote.php/webdav/ HTTP/1.1" 401 0 "" "Mozilla/5.0 (Android) Nextcloud-android/3.11.1"
[25/May/2020:10:45:58 +0100] "HEAD /remote.php/webdav/ HTTP/1.1" 200 0 "" "Mozilla/5.0 (Android) Nextcloud-android/3.11.1"
[25/May/2020:10:45:59 +0100] "GET /ocs/v1.php/cloud/user?format=json HTTP/1.1" 200 0 "" "Mozilla/5.0 (Android) Nextcloud-an
droid/3.11.1"

Looks like it first gets a 401, then gets a 200.. but the app sees the 401 and stops the whole account creation process.

Interesting. Yes, if that's true, that looks like a client bug. It's normal to get a 401, which asks for auth, with a concrete list of supported authentication mechanisms, then the client resends the request with auth. So, a 401 followed by 200 is fairly normal. See HTTP spec, error 401 vs. 403. The matter can get a little more complex, if there are HTTP libs involved that automatically resend requests with auth. A developer needs to investigate this in detail, to find out what's going on.

I do use the old login method. I log in, then put in my TOTP code.
After I click Grant Access. I get a spinning circle on the right (in the UI), and then another spinning circle on the left side and then it just goes back to the Login screen.

These are the URLs recorded by the Web server after tapping Grant Access:

All within the span of 3 seconds.
As far as the web server's concerned, the login got through and worked OK.
It's the app that thinks it hasn't succeeded.

I know that because when I go into the web browser and go into Settings -> Security. I see the phone session listed in there.

If you are pressing “grant access”, you are not using the old login method, you are using the web login method.
The old login method is just server address, username and password.

I can't login because I'm not logged in.
Nice.

{"reqId":"9QwPpfxLRACLI5tvLqMw","level":0,"time":"X","remoteAddr":"X","user":"--","app":"core","method":"GET","url":"/apps/files/","message":{"Exception":"OC\\AppFramework\\Middleware\\Security\\Exceptions\\NotLoggedInException","Message":"Current user is not logged in","Code":401,"Trace":[{"file":"/usr/share/nginx/html/nextcloud/lib/private/AppFramework/Middleware/MiddlewareDispatcher.php","line":98,"function":"beforeController","class":"OC\\AppFramework\\Middleware\\Security\\SecurityMiddleware","type":"->","args":[{"__class__":"OCA\\Files\\Controller\\ViewController"},"index"]},{"file":"/usr/share/nginx/html/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":99,"function":"beforeController","class":"OC\\AppFramework\\Middleware\\MiddlewareDispatcher","type":"->","args":[{"__class__":"OCA\\Files\\Controller\\ViewController"},"index"]},{"file":"/usr/share/nginx/html/nextcloud/lib/private/AppFramework/App.php","line":137,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[{"__class__":"OCA\\Files\\Controller\\ViewController"},"index"]},{"file":"/usr/share/nginx/html/nextcloud/lib/private/AppFramework/Routing/RouteActionHandler.php","line":47,"function":"main","class":"OC\\AppFramework\\App","type":"::","args":["OCA\\Files\\Controller\\ViewController","index",{"__class__":"OC\\AppFramework\\DependencyInjection\\DIContainer"},{"_route":"files.view.index"}]},{"function":"__invoke","class":"OC\\AppFramework\\Routing\\RouteActionHandler","type":"->","args":[{"_route":"files.view.index"}]},{"file":"/usr/share/nginx/html/nextcloud/lib/private/Route/Router.php","line":297,"function":"call_user_func","args":[{"__class__":"OC\\AppFramework\\Routing\\RouteActionHandler"},{"_route":"files.view.index"}]},{"file":"/usr/share/nginx/html/nextcloud/lib/base.php","line":1007,"function":"match","class":"OC\\Route\\Router","type":"->","args":["/apps/files/"]},{"file":"/usr/share/nginx/html/nextcloud/index.php","line":37,"function":"handleRequest","class":"OC","type":"::","args":[]}],"File":"/usr/share/nginx/html/nextcloud/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php","Line":142,"CustomMessage":"--"},"userAgent":"X","version":"19.0.0.12"}

"userAgent":"X"

Have you replaced this? Normally it should show android client version.

X are replacements, yes.
Btw i have the same login error now on fresh installed and cache cleared browsers too.
userAgent was Firefox 77.0.1
I literally can't login anywhere anymore.
Nextcloud runs on Centos8.

I think I have the same problem. When I try to create a new account with any of:

• the Nextcloud file synchronisation desktop utility (version 2.5.1git from Debian Buster)
• the Nextcloud file synchronisation Android app v3.12.1 RC1 (2020-07-06 on Fairphone FP3 with /e/)
• the Nextcloud talk Android app (8.0.9)
• the Nextcloud notes Android app (2.16.3)

I see, in the German version, a Melde an... with a rotating circle on the right.
With App-Tokens I also get stuck in "Zugriff gewähren".

The server logs (version 18.0.6-1~deb10) say 10.0.0.10 - - [09/Jul/2020:10:42:57 +0200] "POST /nextcloud/index.php/login HTTP/1.1" 303 980 "-" "Fairphone FP3 (Android)" (for the Login)

As @tdm4 reports, I also see in the security tab that everything should have worked, but the clients nevertheless get stuck.

The already created accounts still work and login with Firefox/Chromium also works without problems.

I was able to fix it for me. The problem probably appeared because of the Nextcloud server upgrade to version 18. All the solutions I found by Internet search did not work but redoing what is described in https://docs.nextcloud.com/server/18/admin_manual/configuration_server/reverse_proxy_configuration.html helped. It seems like version 18 has much higher requirements for what needs to be configured so that login works, for me it was overwritecondaddr what finally made it work. It was never needed for me in any previous version of Nextcloud.

Nevertheless, I still see a problem on client side, though. It at least should bring some (ideally helpful) error message and not simply get stuck in the login. But maybe it could even work: somehow other clients were still able to login, even without this server-side option.

[At least, the] client ... should bring some ... helpful error message

Agreed. That's the bare minimum.

@devs: Could you please fix this serious bug that affects many users? It's really embarassing when the NextCloud app cannot connect to the NextCloud server without a hitch. I effectively cannot create an account for others on my server and ask them to install the app, because I know they will have problems to log in.

Can 100% confirm. My login loop stopped when I added:

  'trusted_proxies' => ['127.0.0.1'],
  'overwriteconaddr' => '^127\.0\.0\.1$',

(I'm using relayd to do the SSL handshaking and proxying to the backend of httpd)

The issue is gone for me now, I don't know why.

• Android app version: 3.12.1 (when I first reported to have that issue it was 3.11.1)
• server version is still at 16.0.1.1 (I'm not in control of this server).

Can 100% confirm. My login loop stopped when I added:

  'trusted_proxies' => ['127.0.0.1'],
  'overwriteconaddr' => '^127\.0\.0\.1$',

(I'm using relayd to do the SSL handshaking and proxying to the backend of httpd)

Can confirm this as well using the snap for nextcloud and caddy2 for my webserver and reverse proxy

@Gajusbonus

I still have this bug.
Same here, I've now installed Nextcloud-dev 20200415
It works out of the box :-)

Same here.

@gldhnchn

I'm also affected by this issue for several months now.

[...]

Edit:
I checked the logs and tried to compare between the successfully log in and the failed one. This is what I found (I am really not an expert here). The account that works:

10036 10036 D AuthenticatorActivity: Successful access - time to save the account
 2368  5499 I AccountManagerService: the accounts changed, sending broadcast of android.accounts.LOGIN_ACCOUNTS_CHANGED

The account that fails:

10036 10036 D AuthenticatorActivity: Successful access - time to save the account
 2368  2381 W AccountManagerService: insertAccountIntoDatabase: Account {[email protected], type=nextcloud}, skipping since the account already exists

This smells a lot to what I'm experiencing. I bit of background story.

I migrated from phone and did a backup of the accounts and NextCloud app with OandbackupX. Then, I restored them. However, while some accounts where restored, it didn't seem to work with the ones managed by the AccountManager (or did it?).

The accounts are not there to be seen and the sqlite db doesn't show any restored account. However, it smells like I cannot add that account to my system because it (hiddenly) already exists.

I have a similar experience with DavX⁵. The account was restored but it didn't work (?). I cannot create the same account because it gives an error in the last step. However, if I change the name of the account (same login and password), then, the account can be added.

To complete a bit.

The migration was from LineageOS 14.1 to LineageOS 17.1 (yeah, I know, probably not the best idea trying to backup and restore custom system settings).

After I messed up even worse, I wiped the data using the LineageOS Recovery tool. Then, without trying to restore the accounts from LineageOS 14.1 I was able to add my NextCloud account without problems. I was also to do the same with DavX⁵.

So, the problem is surely not in the server but in the Android side and, although maybe it can be prevented in the NextCloud client it really seems like it may be a problem in Android itself (?).

may be a problem in Android itself (?).

Yes, I shared my findings on many places. There is a problem with storing the accounts in Android's account manager.
We query if the account does exist, Android says "no".
We add the account, Android says "we cannot add this account as it already exists"'
Only workaround for this is to generate a slightly different account, e.g "[email protected]" -> [email protected]/nextcloud" if possible.

But this is indeed a very odd bug on Android's side…

Only workaround for this is to generate a slightly different account, e.g "[email protected]" -> [email protected]/nextcloud" if possible.

What about providing the option of letting the user name the account? This is what DavX⁵ does. Once the whole auth process is done, you can provide the actual name for the account. If, when attempting to create, Android fails with that "we cannot add this account as it already exists" response, you remain in the same place providing the user a chance to use a different name ...

But this is indeed a very odd bug on Android's side…

Agreed.

This is not possible, as the internal account name, which is problematic, is needed to be exact the same as during auth.

We are in progress to switch to our own account manager and once this is done, the problem will be solved, as we then do not rely on Android's account manager, but this will still take some time…

Same Problem here, first I thought I forgot the Password, resetted it over occ, but still won't work.
This Problem need to be fixed. I depend on Nextcloud

Same problem here, can login on windows client and in web, smartphone stucks. after every login i can see folders, and just a second later im kicked out. in log is an error for false login data.

Same here. I'm using Cloudflare Argo Tunnel to reach Nextcloud. Web is Ok.

I had the same problem when I switched from a reverse proxy to direct access through my domain.
I sometimes could only get to Login Loop and for no reason to Authorize Loop.
I deleted following entries from nextcloud/config/config.php _(as they are managed by my apache config)_

overwritehost => 'domain.com',
overwriteprotocol => 'https'

This is not possible, as the internal account name, which is problematic, is needed to be exact the same as during auth.

We are in progress to switch to our own account manager and once this is done, the problem will be solved, as we then do not rely on Android's account manager, but this will still take some time…

@tobiasKaminsky is there already an ETA for the resolution of this problem?

Until then, is there any workaround to login in the android app with an account affected by this bug?

Edit: the case / space workaround mentioned at https://github.com/nextcloud/android/issues/2133#issuecomment-396954347 does not seem to work anymore with android client 3.13 or 3.16, and Nextcloud 20.

@tobiasKaminsky is there already an ETA for the resolution of this problem?

No, as this is quite a huge tasks.

Edit: the case / space workaround mentioned at #2133 (comment) does not seem to work anymore with android client 3.13 or 3.16, and Nextcloud 20.

You could set up a email-adress in your settings and then log in via this email address.

as the internal account name, which is problematic, is needed to be exact the same as during auth.

Isn't there any other way to fix this or work around the problem, short of rewriting the account manager?

No, as described somewhere else this is a bug in some Android versions… :/
All we can do is try to work around it…

Could you point me to the aosp bug report? Or any idea how a rooted user might go about deleting the user from the database?

as described somewhere

I haven't seen any such description, and most of us are still puzzled about what's going on.

Could you please describe the bug here, end to end, what client and server each do, and where it goes wrong? (You can assume a generic software developer, without code knowledge of NextCloud.)

Maybe somebody here has an idea for an alternative workaround that can be used in the meantime. This bug is really bad and needs to be fixed ASAP.

@gpelouze @benbucksch I found a workaround for logging in with Android. Log in via Web and then go to Settings -> Security. Create a new app password on the bottom of Devices & sessions and click on "Show QR code for mobile apps". Then use your Android device to scan the QR code and log in. At least that fixed it for me.

@zone-id Yes, that works, but that's not something I can tell non-tech people to do. They'll say "Nevermind".

@zone-id if this works, then I am puzzled, as this is then a different problem as I had in mind.

@benbucksch https://github.com/nextcloud/android/issues/2133#issuecomment-396954347 here I wrote technical background of this bug

@tobiasKaminsky I've had the same login loop on Nextcloud for Windows as well. I can log in with Firefox, but when I try to connect from the Windows client, it redirects me to the browser to grant access and then it doesnt do anything anymore. I dont know whether this problem is related to this issue or not.

@tobiasKaminsky: the QR code workaround of @zone-id works for me as well.

@zone-id if this works, then I am puzzled, as this is then a different problem as I had in mind.

I can confirm that the method described by @zone-id with QR code or the equivalent long key works reliably.

@benbucksch #2133 (comment) here I wrote technical background of this bug

Thanks. For completeness, I quote your post here entirely:

Now that I have an affected device, I spent several hours in debugging and trying to understand the problem.
As always there are so many different combinations, that there may be several causes, but one of it is a bug that does not entirely remove a custom account when uninstalling the app.
Also the move from internal to external storage (and vice vera) can cause this.
This also affects other apps, e.g. Dropbox.

Some technical background:
Androids own account manager has a stale account in its database. When querying if a given account exists, our app gets none back, assuming that we have to add it.
This then will fail as the account manager cannot add an account twice with the same name.
Also programatically removing the old account will not work.
But the stored account name is case sensitive and this is our chance.

The internal account's name is built from the username and server address, e.g "tobias" and "cloud.server.com" --> [email protected].
The username is the name that the admin gave the user when creating the account.
The login flow returns always the username, e.g. if you enter your email address as login, we will internally build the account with the returned username.
However it seems that the login flow is returning the username exactly as entered.

So if you have an account [email protected] and this is causing the login loop, you can try to login with "TOBI" or "TOBI " or "ToBi" and all should allow you to login.
Please note that due to androids bug all older account names are burnt and will not work, so if you have done this multiple times, it may be that no suitable combination is left.

TL;DR: It is a bug in Androids Account Manager system, which we cannot solve, but only try to circumvent: login with uppercase username or append a whitespace.

@tobiasKaminsky:

Androids own account manager has a stale account in its database

Tobias, I have seen this bug here on new devices that never had NextCloud installed. I have seen the bug on at least 3-4 different devices (IIRC from Android 8 to 10).

Could you please try to grab one of your friends that doesn't use NextCloud yet, or an emulator, and see whether you can reproduce this bug?

In case this is helpful: I had used ownCloud before, and never saw the bug with ownCloud (Android app and server). As soon as I switched to NextCloud, I ran into the problem, and reproducably. It suspect that NextCloud supports new authentication methcanisms and the bug is somewhere in the negotiation of them or more likely in the implementation of a new auth method that ownCloud does not support.

I have experienced something similar, and I have found that the source of the issue for me was restoring apps with accounts through oandbackupx. The account manager for some reason tries to add the new nextcloud account using the same _id as the restored apps' accounts as if the _id is unused. Upon uninstalling (one of) those problem apps I've been able to log into nextcloud. Not sure if it's the same issue that everyone in this thread is facing, but maybe this helps some people.

Few steps I've found that helped me log in:

1. Try to log into nextcloud
2. Check the logcat and look for the error about the "existing unique primary key" and check what the _id is.
3. Using an sqlite database viewer or straight up running sqlite3 in a root shell open the database /data/system_de/0/accounts_de.db
4. Look for the account with the _id you got from the logcat and uninstall/reinstall that app

shouldn't this be labeled as "high"?

As @devlux already said in February, I think this should be labeled as high. It is now the most commented out of all the open issues, but I'm wondering if it might be misplaced in nextcloud/android. I think this issue is the right one.

@bertin0 This issue also occurs with fresh installs.

I finally found a solution for me in the issue metioned above

I had a similar issue regarding the redirect , mine was related to url overwrite protocol option that should be set in config/config.php .
In previous version this was not necessary but apparently since 15.0.2 it is.
So I had to go from (config.php)
{...} 'overwrite.cli.url' => 'https://domain.lu', {...}
to
{...} 'overwrite.cli.url' => 'https://domain.lu', 'overwritehost' => 'domain.lu', 'overwriteprotocol' => 'https', {...}
This did the trick for me..

@bertin0 This issue also occurs with fresh installs.

@zone-id so, shouldn't this be 2 different issues?

I have experienced something similar, and I have found that the source of the issue for me was restoring apps with accounts through oandbackupx. The account manager for some reason tries to add the new nextcloud account using the same _id as the restored apps' accounts as if the _id is unused. Upon uninstalling (one of) those problem apps I've been able to log into nextcloud. Not sure if it's the same issue that everyone in this thread is facing, but maybe this helps some people.

@bertin0 this is exactly my case, as I explained at https://github.com/nextcloud/android/issues/3623#issuecomment-687645851.

This smells like a single open issue for 2 different issues which show the same symptoms: being stuck in a login loop.

Yes. Can we please focus this bug on the bug that happens even on new devices?

@benbucksch I use daily new / different Android/emulators and had never problems with my various test setups.
If this happens reliable on your server, please create us a test account and send the credentials to tobias at nextcloud dot com with a reference to this issue?

Hi,
I can't confirm that I have the 100% same problem, but I was also stuck granting access on my android phone.
I finally got signed in by using the QR code. 😄

So let us close this with "solution" to use QR code.

A different "solution" would be to just use nextcloud in the browser and remove the app 🙈🤷🏻‍♂️😅

But seriously, is there a redesign/new implementation of the login coming up and that's why this issue is closed for now?

I closed it as multiple user reported that QR code is a working solution…
As I do not have such a "broken" device, I cannot test/fix it.

Long term solution is to switch away from Android's account manager, as mentioned previously.
It is not a fault of our App, but Android's account manager gives us a faulty information that the account does not exists…

Thank you for re-opening it.

While the QR code works technically as a workaround, it's not a solution
that most users are able to do, as mentioned in my comment above
https://github.com/nextcloud/android/issues/3623#issuecomment-711436182.
It takes too many steps. I need to be able to tell new users "Download
the NextCloud app. Here is your login data: URL, username, password". If
I need to explain that they first use another device to login, then go
to users, then there and there, then scroll down, then install and open
the NextCloud app, then click on QR code, then scan the code", they will
just sigh, not do it, or get lost somewhere along the steps. It's not
something I can give to non-tech people. I would need to do it for them.
Which is not possible under the current situation with COVID-19. At the
same time, NExtCloud is particularly important under the current
situation. So, this is cannot wait for another few months to be fixed.
It needs to be fixed now, because it makes onboarding new users to
NextCloud practically impossible.

I sent Tobias login credentials to my server, and described the server
setup, so that he can reproduce.

I closed it as multiple user reported that QR code is a working solution…
As I do not have such a "broken" device, I cannot test/fix it.

Long term solution is to switch away from Android's account manager, as mentioned previously.
It is _not_ a fault of our App, but Android's account manager gives us a faulty information that the account does not exists…

Are you serious????
nextCloud of old versions had no such problem with auth, similar project ownCloud is working just prefectly on any phone and never experienced any auth problems. Can you just look at ownCloud code and do same as they did?

It’s not the android account manager. It’s something between the session tokens and the android client. The login works perfectly using the old login method, this proves the account manager is working fine.
The reason it may seem it’s the account manager is because logging in Using different capitalisation in the username works. But this creates a new session token and that’s what’s making it work.

Not that I care that much anymore. We are moving our 5000+ user instance to a different solution solely because of this issue. Waited over 2 years for a fix and it never arrived. It’s inexcusable how a piece as important as logging in can be left broken and ignored for so long, especially when there are so many users reporting it. Should have at least had the option of turning off session token auth and let the admin have the users login using the old method which works.

I can confirm that it's the session token login method that appears to be
broken. The app explicitly tells me that this login method failed, and
then falls back to the old login method, which then also stalls (possibly
due to the problem Tobias mentioned, but I wouldn't know), making login
impossible. The ownCloud app doesn't support session token login, so
ownCloud doesn't suffer from this problem and login works flawlessly and
immediately.

So, the short term fix is trivial: Disable the session token login in the
app, given that it's clearly not working and leaving users broken. Once
it's fixed and proven to work in all circumstances and no longer breaking
users, it can be re-enabled. But it makes no sense to keep it on, when
it's making login impossible for a many users, and when it's consequently
making the app and NextCloud itself useless.

This fix should be quick to do, as it's just disabling a feature. Then
the proper fix can happen when it's ready, but at least we can log in and
use NextCloud in the meantime.

@rullzer as this now seems to be session token related.
Do you have an idea, why this can misbehave…?
We can debug @benbucksch server together.

@all there are lots of topics mixed up here.
E.g. the one from @benbucksch has nothing to do with the initial description, as there a successful login is there.
Quote from second post: "after what appears to be a successful login."

So unless you do not have following, please open up a new issue:

• Android app was up and running
• user was logged in
• "suddenly" you get redirected to login page
• login works(!), but as soon as you see file list, you get redirected again ("Loop") to login

@benbucksch
I found this while debugging:

"Mixed Content: The page at 'https://storage.domain.org/login/flow/grant?clientIdentifier=&stateToken=HPtxIcGSIHH8hj3HMh1q5abexmvLuizFPYrO1Orfodn9ELkym7yVAxx4grKjiFWS' was loaded over a secure connection, but contains a form that targets an insecure endpoint 'http://storage.domain.org/login/flow'. 

In this case it looks like something with your https handling is wrong.