Nextcloud as OAuth 2.0 provider

[maprambo]

Steps to reproduce

1. Set up a connection with a new client or app

Expected behaviour

Most somehow-big internet companies, i.e. Dropbox, Google or even Github, support authentication via OAuth 2.0. So I'd expect this: If you want to set up a client, you just enter the Nextcloud url (and maybe username) and are then presented with the Nextcloud instance, where you choose which data you want to share (Files, Contacts, ..., 3rd party apps with api) with the client.

Actual behaviour

Users have to provide their password directly to the used client. This creates two main problems:

1. Not all clients are that trusted. When using i.e. a third-party, closed-source but free calendar app, I don't want it to have access to all my data. Also, I want to be a able to revoke access.
2. When using Two-factor-authentication, the password won't work.

Of course, users can already use an application password, but it's really unhandy to get there, especially for inexperienced users; they might not even know it. It is still good for older clients and so on, but the main way users should be able to go is by OAuth 2.0.

[nickvergessen]

Yeah we discussed that also in the past, that we are missing the endpoint where clients can get their app password directly.

[coderkun]

#716 is similar but not specific to OAuth.

[codeban]

Interesting feature. Is someone else interested in it?

I'd do some development for it, but don't know how. Haven't worked with the source of nextcloud yet. I'd start with an app for the feature, instead of extending the core.

[Krassmus]

I'd be interested in this as well. For owncloud I found this app: https://github.com/owncloud/oauth2

But I am not sure, if it works all the time. I didn't get it running, but might be my fault.

In my context, the client is simply not allowed to store the passwords for nextcloud/owncloud in clear text. So we have no choice to connect to nextcloud without OAuth or any similar mechanisms.

[LEDfan]

Isn't this implemented in #4704 (https://github.com/nextcloud/server/tree/master/apps/oauth2)?

[eppfel]

@LEDfan I am pretty sure this is for using other OAuth2 providers to login in to nextcloud.

[coderkun]

The description of apps/oauth2 says it is for authentication from other web applications.

[pierreozoux]

I looked at the code, and it should work.
I tried to login in RocketChat with it, but didn't manage to make it working.
I think that RocketChat actually expects an OpenIdConncet endpoint.
I miss the IdentityPath from Nextcloud OAuth2 implementation (which is from OpenIdConnect I believe).

Is it something in the priority for Nextcloud?

Thanks for the feedback!

[pierreozoux]

Closing in favor of #5694

[pokapow]

I made a personnalise oauth in nextcloud and configure oauth provider in nextcloud for rocketchat instance.

My problem is: When try to login with this feature in rocketchat, i have a popup with nextcloud login, and then the popup load the nextcloud app inside... No redirection to the chat...

Maybe I misconfigure the personalise oauth client in rocket, @pierreozoux can you help me ?

[pierreozoux]

@pokapow did you find a solution?
Maybe would be better to open a new thread, and post your settings you used on both sides.

[moonwolf-github]

@pokapow could you share your solution? I'm trying to do exactly same thing with no success :(

[moonwolf-github]

It works. I put some settings in RocketChat/Rocket.Chat#7791.