Spreed: Android 1.0.14/Talk 3.1.0 - cannot log in: Error Access Forbidden Invalid request
Steps to reproduce
- Open Nextcloud Talk on Android device
- Enter server address
- When presented with 'You are about to grant
access to your nextcloud account: Select 'Grant access' - Enter username / password and press log in
- Presented with:
Error
Access Forbidden
Invalid request
- This is an existing and working Nextcloud but new install of the Talk app on the phone.
- I have not tried issuing a token manually
Expected behaviour
I would expect to log in.
Actual behaviour
I receive the error:
Error
Access Forbidden
Invalid request
Spreed app
**Spreed app version: Talk 3.1.0
**Custom TURN server configured: No
**Custom STUN server configured: stun.nextcloud.com:443
Server configuration detail
Operating system: Linux 3.16.0-4-amd64 #1 SMP Debian 3.16.43-2+deb8u5 (2017-09-19) x86_64
Webserver: Apache/2.4.10 (Debian) (apache2handler)
Database: sqlite3 3.15.1
PHP version: 7.1.14
Modules loaded: Core, date, libxml, openssl, pcre, sqlite3, zlib, ctype, curl, dom, fileinfo, filter, ftp, hash, iconv, json, mbstring, SPL, PDO, session, posix, Reflection, standard, SimpleXML, pdo_sqlite, Phar, tokenizer, xml, xmlreader, xmlwriter, mysqlnd, apache2handler, apcu, exif, gd, intl, ldap, mcrypt, memcached, mysqli, pcntl, pdo_mysql, pdo_pgsql, pgsql, redis, zip, Zend OPcache
Nextcloud version: 13.0.0 - 13.0.0.14
Updated from an older Nextcloud/ownCloud or fresh install:
Where did you install Nextcloud from: Docker
Signing status
Array
List of activated apps
Enabled:
- activity: 2.6.1
- admin_audit: 1.3.0
- audioplayer: 2.2.5
- bruteforcesettings: 1.0.3
- calendar: 1.6.0
- comments: 1.3.0
- contacts: 2.1.0
- dav: 1.4.6
- deck: 0.3.0
- federatedfilesharing: 1.3.1
- federation: 1.3.0
- files: 1.8.0
- files_external: 1.4.1
- files_markdown: 2.0.1
- files_pdfviewer: 1.2.0
- files_reader: 1.2.2
- files_sharing: 1.5.0
- files_texteditor: 2.5.1
- files_trashbin: 1.3.0
- files_versions: 1.6.0
- files_videoplayer: 1.2.0
- firstrunwizard: 2.2.1
- gallery: 18.0.0
- issuetemplate: 0.3.0
- logreader: 2.0.0
- lookup_server_connector: 1.1.0
- metadata: 0.6.0
- nextcloud_announcements: 1.2.0
- notes: 2.3.2
- notifications: 2.1.2
- oauth2: 1.1.0
- ojsxc: 3.3.2
- ownpad: 0.6.5
- password_policy: 1.3.0
- provisioning_api: 1.3.0
- ransomware_protection: 1.1.0
- serverinfo: 1.3.0
- sharebymail: 1.3.0
- spreed: 3.1.0
- survey_client: 1.1.0
- systemtags: 1.3.0
- tasks: 0.9.6
- theming: 1.4.1
- twofactor_backupcodes: 1.2.3
- updatenotification: 1.3.0
- weather: 1.5.1
- workflowengine: 1.3.0
Disabled:
- encryption
- user_external
- user_ldap
Configuration (config/config.php)
{
"instanceid": "***REMOVED SENSITIVE VALUE***",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"xx",
"xx",
"xx"
],
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"overwrite.cli.url": "httpxx",
"dbtype": "sqlite3",
"version": "13.0.0.14",
"logtimezone": "UTC",
"installed": true,
"mail_smtpmode": "smtp",
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_smtpport": "25",
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"maintenance": false,
"theme": "",
"loglevel": 2,
"updater.secret": "***REMOVED SENSITIVE VALUE***"
}
Are you using external storage, if yes which one: local/smb/sftp/...
Are you using encryption: no
Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...
Client configuration
Browser: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:58.0) Gecko/20100101 Firefox/58.0
Operating system:
StuartJMackintosh
All 6 comments
Hi @StuartJMackintosh ,
Thanks for the report :)
Since this seems to be a problem in the Nextcloud Talk Android app,
could you please open this issue in the android app repo?
cc @mario
Ivansss
on 19 Feb 2018
This is most probably a server-related config issue, right @rullzer ?
mario
on 19 Feb 2018
This issue may sit in that slim void between the app and the server...
Would server logs help? What would I be looking for?
StuartJMackintosh
on 19 Feb 2018
@mario - yes, I think it was. I have resolved this issue after making changes today:
- Added 'add_header Strict-Transport-Security max-age=31536000;' to nginx
- Corrected the trusted domains array in nextcloud config/config.php
- Correctly set overwrite.cli.url in nextcloud config/config.php
I am unsure which fixed it but most likely 2 or 3. Having migrated config from a different server, the first entry in the trusted domains was not the same as the main hostname, and the overwrite.cli.url setting pointed to the old server.
StuartJMackintosh
on 17 Mar 2018
@StuartJMackintosh I had the same problem and I only needed to add the "add_header" line to my nginx config to solve it.
The other two changes you mentioned were not necessary in my case because the values were already set correctly.
rakete1
on 10 Jun 2018
I got the same issue with the main app. It proposed me to revert to the "old login system", which worked fine.
lcoenen
on 6 Nov 2018
Related issues
ma12-co
路
3Comments
nickvergessen
路
3Comments
q-wertz
路
3Comments
georgehrke
路
3Comments
jospoortvliet
路
3Comments
Most helpful comment
@mario - yes, I think it was. I have resolved this issue after making changes today:
I am unsure which fixed it but most likely 2 or 3. Having migrated config from a different server, the first entry in the trusted domains was not the same as the main hostname, and the overwrite.cli.url setting pointed to the old server.