Server: Nextcloud as OAuth 2.0 provider
Steps to reproduce
- Set up a connection with a new client or app
Expected behaviour
Most somehow-big internet companies, i.e. Dropbox, Google or even Github, support authentication via OAuth 2.0. So I'd expect this: If you want to set up a client, you just enter the Nextcloud url (and maybe username) and are then presented with the Nextcloud instance, where you choose which data you want to share (Files, Contacts, ..., 3rd party apps with api) with the client.
Actual behaviour
Users have to provide their password directly to the used client. This creates two main problems:
- Not all clients are that trusted. When using i.e. a third-party, closed-source but free calendar app, I don't want it to have access to all my data. Also, I want to be a able to revoke access.
- When using Two-factor-authentication, the password won't work.
Of course, users can already use an application password, but it's really unhandy to get there, especially for inexperienced users; they might not even know it. It is still good for older clients and so on, but the main way users should be able to go is by OAuth 2.0.
maprambo
All 13 comments
Yeah we discussed that also in the past, that we are missing the endpoint where clients can get their app password directly.
nickvergessen
on 23 Feb 2017
716 is similar but not specific to OAuth.
coderkun
on 14 May 2017
Interesting feature. Is someone else interested in it?
I'd do some development for it, but don't know how. Haven't worked with the source of nextcloud yet. I'd start with an app for the feature, instead of extending the core.
codeban
on 16 May 2017
I'd be interested in this as well. For owncloud I found this app: https://github.com/owncloud/oauth2
But I am not sure, if it works all the time. I didn't get it running, but might be my fault.
In my context, the client is simply not allowed to store the passwords for nextcloud/owncloud in clear text. So we have no choice to connect to nextcloud without OAuth or any similar mechanisms.
Krassmus
on 21 Jun 2017
Isn't this implemented in https://github.com/nextcloud/server/pull/4704 (https://github.com/nextcloud/server/tree/master/apps/oauth2)?
LEDfan
on 25 Aug 2017
@LEDfan I am pretty sure this is for using other OAuth2 providers to login in to nextcloud.
eppfel
on 26 Aug 2017
The description of apps/oauth2 says it is for authentication from other web applications.
coderkun
on 26 Aug 2017
I looked at the code, and it should work.
I tried to login in RocketChat with it, but didn't manage to make it working.
I think that RocketChat actually expects an OpenIdConncet endpoint.
I miss the IdentityPath from Nextcloud OAuth2 implementation (which is from OpenIdConnect I believe).
Is it something in the priority for Nextcloud?
Thanks for the feedback!
pierreozoux
on 9 Nov 2017
Closing in favor of #5694
pierreozoux
on 19 Nov 2017
I made a personnalise oauth in nextcloud and configure oauth provider in nextcloud for rocketchat instance.
My problem is: When try to login with this feature in rocketchat, i have a popup with nextcloud login, and then the popup load the nextcloud app inside... No redirection to the chat...
Maybe I misconfigure the personalise oauth client in rocket, @pierreozoux can you help me ?
pokapow
on 31 Jan 2018
@pokapow did you find a solution?
Maybe would be better to open a new thread, and post your settings you used on both sides.
pierreozoux
on 22 Feb 2018
@pokapow could you share your solution? I'm trying to do exactly same thing with no success :(
moonwolf-github
on 17 Apr 2018
It works. I put some settings in RocketChat/Rocket.Chat#7791.
moonwolf-github
on 15 May 2018
Related issues
bruennlein
路
73Comments
Knot3n
路
81Comments
wjwieland
路
87Comments
egal88
路
100Comments
alvVDC
路
117Comments
Most helpful comment
Interesting feature. Is someone else interested in it?
I'd do some development for it, but don't know how. Haven't worked with the source of nextcloud yet. I'd start with an app for the feature, instead of extending the core.