Server: nextcloud as an single-sign-on (SSO) Backend

What I am looking for is a way to use nextcloud as a SSO-Backend (little bit like github SSO) to authenticate users for another web-app. There are a lot of installations on hosted servers without the opportunity to install ldap or a similar service for SSO - authentication.

First of all, I am NOT a programmer so I might be totally wrong with my thoughts...

• there should be Settings for admins (optionally group-admins) containing:
  
  
  
  • appURL (the URL to be called after authentication)
  
  
  • appKey
  
  
  • appSecret
  
  
  • option for setting a cookie if user is logged in already
  
  
• there should be a nextcloud URL to be called with the hashed appKey as parameter
  
  
  
  • eg: https://my.cloud.com/auth?<hashed appKey salted with appSecret>
  
  
  • then the app should verify the calling domain and the appKey against the settings
  
  
  • a login screen should be provided
  
  
  • after successful login, the app sends back all information available for the user, loging in:
  
  
  • eg: ID, DisplayName, all Groups user is member, Mail, Language, TimeZone, ...
  
  
  • the answer should be hashed again using appSecret as salt
  
  
• optionally: if the user is logged-in to nextcloud already, a cookie should be set and all the information passed without another authentication.

If all this (or a similar solution) exists already and I did not found it, please give me some hints how I can proceed.

Thank you for your great work!
Martin